Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.04.2015, 09:29   #1
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Hallo Leutz,
ich habe ein Problem auf dem Notebook eines Bekannten (Win7 HP). Ich sollte das Windows auf Schad- bzw. Nerv-Software überprüfen und das erste Tool meiner Wahl in so einem Fall ist immer Malwarebytes Antimalware - das hat, zumindest als Erst-Reinigungstool, immer gut funktioniert. Nun tauchte aber nach der Bereinigung zum ersten Mal ein Problem auf, das vor der Bereinigung nicht bestand: Der Aufgabenplanungsdienst wollte nicht mehr starten, was sich durch diverse Fehlermeldungen nach dem Neustart sofort bemerkbar machte.
Ich habe dann das Protokoll von Malwarebytes Antimalware durchgeschaut, konnte aber nichts Signifikantes entdecken. Erst nach dem Restore aller von Antimalware durchgeführten Änderungen startete der Aufgabenplanungsdienst wieder normal.
Nun steh ich etwas auf dem Schlauch - könnt ihr mir helfen?

Hier mal das Log von Antimalware:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 11.04.2015
Scan Time: 09:29:22
Logfile: mwb.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.11.01
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: <Benutzer>

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399257
Time Elapsed: 14 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.exe, 3700, , [143972f9800abe78698b298d4db67f81]

Modules: 8
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMediaCrt.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\freebl3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libnspr4.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplc4.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplds4.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nss3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssutil3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\smime3.dll, , [143972f9800abe78698b298d4db67f81], 

Registry Keys: 37
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\INPROCSERVER32, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [ff4e1754f6945fd7d19a6ccee91aa060], 
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [60ed6209a3e730063740d89c28db28d8], 
PUP.Optional.MyFreeCodec.A, HKLM\SOFTWARE\WOW6432NODE\Myfree Codec, , [f05d0f5c8406ed49eb1ac68e22e32ed2], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [c08dce9d9ceea393a3bbd13134d0fb05], 
PUP.Optional.MyFreeCodec.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Myfree Codec, , [bf8e6cff3753c76f1ce8252fa95c728e], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIEnhance, , [79d41c4fcebc87af9353537bbe45e21e], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WIntEnhance, , [8cc12b407a10999d0f0f8a4054af9070], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [7ad31f4c682292a48ef9b22d946f8f71], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webssearches uninstall, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.SecurityUtility.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ColorMedia, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, , [143972f9800abe78698b298d4db67f81], 

Registry Values: 6
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, , [8ac375f6b2d852e4b42d2a0e63a0e719]
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, , [8ac375f6b2d852e4b42d2a0e63a0e719]
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [4efff47738529e98845d38006f944fb1], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [301d02696d1db0861ec3eb4df80bfe02], 
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\extensions\faststartff@gmail.com, , [b09d016a593161d53872231f13f29967]
PUP.Optional.FastStart.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [7ad31f4c682292a48ef9b22d946f8f71]

Registry Data: 16
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (firefox.exe), Bad: ("C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[a2abc5a6f39785b1b2db8b6bef16f50b]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[f9545912503abb7ba7e78e68d82d936d]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}),,[ca8316553a50f640eb9317dd26df8977]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[292475f6f39793a3fc8226ce09fc14ec]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[99b49fcc9bef2c0ac4ba05ef05002fd1]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}),,[0845a2c9563448ee94eaa94bc24356aa]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[c9848be029616acc9f94b947ed19aa56]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (firefox.exe), Bad: ("C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[8bc23536ddadc76f3a53fbfbe124649c]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[7bd2b5b6aae041f5107e48ae39ccfb05]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}),,[77d64f1c6c1e52e47b0341b30afb18e8]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[6be28be0e0aa51e5ee90b73df70e7888]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[cc81204b573387afb1cd1bd95ea723dd]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}),,[7ad3a7c4206a989ed4aa05ef966ff010]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[68e568039cee4de9d36090707a8c2ad6]
PUP.Optional.WebsSearches, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[ca83c6a5573341f5c5baed0708fdff01]
PUP.Optional.WebsSearches, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B),,[eb62bbb0d4b687af56293cb817ee0df3]

Folders: 4
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility, , [143972f9800abe78698b298d4db67f81], 

Files: 57
PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll, , [8ac375f6b2d852e4b42d2a0e63a0e719], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, , [103dff6c34566cca62cadaf1e2213ec2], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, , [321bf2793357270f56d6edde4cb72fd1], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, , [73da94d71d6d54e25a32390f56afd62a], 
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, , [62eb98d31d6dc076305dc68232d359a7], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMediaOff.ini, , [252894d788022412a6e7fc4c94715ea2], 
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\ColorMedia.dll, , [25282d3e305a8aac97a3302110f5de22], 
PUP.Optional.Winsock.Hijack, C:\Windows\System32\ColorMedia64.dll, , [d37a12596b1f15218fac6ee3fb0a26da], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\458.json, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\MessageBox.xml, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\uninstallDlg2.xml, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\UninstallManager.exe, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\bg.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\bg1.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\bk_shadow.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\button.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\button1.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\checkbox.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\checkbox_select.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\checked.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\close.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\loading_bg.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\loading_light.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\min.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\scrollbar.bmp, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\Thumbs.db, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\unchecked.png, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\code1.jpg, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\code2.jpg, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\code3.jpg, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\code4.jpg, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\code5.jpg, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\code6.jpg, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.WebsSearches.A, C:\Users\<Benutzer>\AppData\Roaming\webssearches\images\code\Thumbs.db, , [1637f477fd8d65d1aca8494448bb21df], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.exe, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.tlb, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia64.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMediaCrt.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\freebl3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libnspr4.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplc4.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplds4.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nss3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssckbi.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssdbm3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssutil3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RfndNSIS.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia.exe, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia.ini, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia64.exe, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\smime3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\softokn3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\sqlite3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ssl3.dll, , [143972f9800abe78698b298d4db67f81], 
PUP.Optional.QuickStart.A, C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), ,[f15cc4a796f47db97dab4ef0ef175ca4]

Physical Sectors: 0
(No malicious items detected)


(end)
         

Alt 11.04.2015, 10:33   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 11.04.2015, 11:42   #3
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Dank dir erstmal

Hier die FRST.TXT

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by <Benutzer> (administrator) on <Benutzer>-PC on 11-04-2015 11:51:55
Running from C:\Users\<Benutzer>\Desktop
Loaded Profiles: <Benutzer> (Available profiles: <Benutzer>)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Multiplan Consultants Limited) C:\Program Files (x86)\easy Client\server\Tomcat\bin\JavaService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Beratungstechnologie) C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.Updater.TrayApp.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TeamDrive Systems GmbH) C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe
(NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe
(NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe
(NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe
(CartCrunch Israel Ltd.) C:\ProgramData\SecurityUtility\ColorMedia.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Micro Focus) C:\Program Files (x86)\Common Files\AlteLeipziger\MFLMWin.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\sqlservr.exe
(Micro Focus) C:\Program Files (x86)\Common Files\AlteLeipziger\mflmma.exe
(Oracle Corporation) C:\Program Files (x86)\NuernbergerBT\JDK\jre\bin\BTnetDope01.2015.exe
() C:\Windows\SysWOW64\NMSAccess32.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(BISS GmbH) C:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2073976 2012-03-14] (Flexera Software LLC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-31] (APN)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RSA Card Conversion Utility] => C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe [3499728 2010-08-27] (RSA, The Security Division of EMC.)
HKLM-x32\...\Run: [BTnet Port Communicator] => C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe [976896 2014-12-15] (NUERNBERGER Versicherungsgruppe)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER Autoupdater.lnk
ShortcutTarget: NÜRNBERGER Autoupdater.lnk -> C:\Windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe (NÜRNBERGER Versicherungsgruppe)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe (TeamDrive Systems GmbH)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50968;https=127.0.0.1:50968
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {02D06C3E-0133-47CD-A604-58889A89B146} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {3EB7D5E2-4058-4C94-B645-527408063A14} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&ts=1422430213&type=default&q={searchTerms}
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2015-04-11] (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-04-11] (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2015-04-11] (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-04-11] (APN LLC.)
Toolbar: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/IUM/mcInstall.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 09 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 10 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 24 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 25 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B

FireFox:
========
FF ProfilePath: C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-336442205-827502387-1674173946-1000: @citrixonline.com/appdetectorplugin -> C:\Users\<Benutzer>\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-336442205-827502387-1674173946-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2011-03-30] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInst11.dll [2012-09-05] (BroadSoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInstall.dll [2010-06-30] (iLinc Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009-09-13] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\<Benutzer>\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\searchplugins\inbox-search.xml [2013-12-25]
FF Extension: Yahoo! Toolbar - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-02-28]
FF Extension: Adblock Plus - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [meetinglauncher@iconf.net] - C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox
FF Extension: InterCall Unified Meeting - C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox [2012-01-13]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\extensions\faststartff@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (iLinc Communications Netscape/Mozilla Install Plugin v 10.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInstall.dll (iLinc Communications, Inc.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\<Benutzer>\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Word CaptureX Extension) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 BiPRO Client Service; C:\Program Files (x86)\easy Client\server\Tomcat\bin\JavaService.exe [98304 2015-03-13] (Multiplan Consultants Limited) [File not signed]
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-03-13] (Deutsche Telekom AG)
R2 BTAVB_KomDienst_Vers_BTnet_0115; C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [17920 2013-04-03] (Beratungstechnologie) [File not signed]
R2 BT_InstallationsDienst; C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe [21072 2015-02-11] (NÜRNBERGER Versicherungsgruppe)
R2 ColorMedia; C:\ProgramData\SecurityUtility\ColorMedia.exe [1844232 2015-04-11] (CartCrunch Israel Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 Micro Focus License Manager; C:\Program Files (x86)\Common Files\AlteLeipziger\MFLMWin.exe [394608 2010-09-15] (Micro Focus)
R2 MSSQL$BTNET; c:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\Windows\SysWOW64\NMSAccess32.exe [71096 2009-01-12] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S4 SQLAgent$BTNET; c:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WinRiskXAAppService; C:\Program Files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [113584 2015-02-02] ()
R2 WinRiskXASoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [24576 2013-12-11] (BISS GmbH) [File not signed]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-07-21] (Windows (R) 2003 DDK 3790 provider)
S3 cpuz134; \??\C:\Users\HANS-J~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 11:51 - 2015-04-11 11:52 - 00040645 _____ () C:\Users\<Benutzer>\Desktop\FRST.txt
2015-04-11 11:51 - 2015-04-11 11:51 - 00000000 ____D () C:\FRST
2015-04-11 11:51 - 2015-04-11 11:50 - 02095616 _____ (Farbar) C:\Users\<Benutzer>\Desktop\FRST64.exe
2015-04-11 09:18 - 2015-04-11 09:18 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-04-11 09:18 - 2015-04-11 09:18 - 00002784 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-04-11 09:18 - 2015-04-11 09:18 - 00000000 ____D () C:\ProgramData\SecurityUtility
2015-04-11 09:04 - 2015-04-11 09:04 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-04-11 09:04 - 2015-04-11 09:04 - 00005200 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-04-11 09:04 - 2015-04-11 09:04 - 00002784 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-04-11 08:20 - 2015-04-11 09:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 08:20 - 2015-04-11 08:20 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 08:20 - 2015-04-11 08:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 08:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 08:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 08:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 08:19 - 2015-04-11 08:19 - 00000000 ____D () C:\Users\<Benutzer>\Desktop\Shredder
2015-04-11 08:19 - 2015-02-07 11:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\<Benutzer>\Desktop\mbam-setup-2.0.4.1028.exe
2015-04-08 15:31 - 2015-04-08 16:24 - 00000000 ____D () C:\Users\<Benutzer>\Documents\PIM
2015-04-07 19:42 - 2015-04-07 19:42 - 00015222 _____ () C:\Users\<Benutzer>\Desktop\INVERSGDV-DatensatzINVERS2015-04-01.txt
2015-04-04 17:07 - 2015-04-04 17:07 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 17:07 - 2015-04-04 17:07 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 11:21 - 2015-04-03 11:21 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\b-tix
2015-04-03 11:21 - 2015-04-03 11:21 - 00000000 ____D () C:\ProgramData\b-tix
2015-04-03 10:16 - 2015-04-03 10:16 - 00001124 _____ () C:\Users\<Benutzer>\Desktop\easy Client.lnk
2015-04-03 10:16 - 2015-04-03 10:16 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easy Client
2015-04-03 10:15 - 2015-04-03 10:16 - 00000000 ____D () C:\Program Files (x86)\easy Client
2015-04-03 09:50 - 2015-04-03 10:03 - 260007272 _____ () C:\Users\<Benutzer>\Downloads\Setup-EC-Win32-Produktion-3.4.1.exe
2015-04-02 20:45 - 2015-04-02 20:45 - 00001077 _____ () C:\Users\<Benutzer>\Desktop\Swiss Life EVApro.lnk
2015-04-02 20:45 - 2015-04-02 20:45 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Swiss Life EVApro
2015-04-02 20:07 - 2015-04-02 20:34 - 260831336 _____ () C:\Users\<Benutzer>\Downloads\EVApro_4.0.0.exe
2015-04-02 11:39 - 2015-04-02 13:06 - 00002207 _____ () C:\Users\Public\Desktop\Zurich Gruppe Deutschland.lnk
2015-04-02 11:39 - 2015-04-02 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zurich Gruppe Deutschland
2015-04-02 08:14 - 2015-04-02 08:14 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Sun
2015-04-02 08:11 - 2015-04-02 13:04 - 00000000 ____D () C:\Program Files (x86)\DHT
2015-04-01 14:39 - 2015-04-01 14:39 - 00000080 _____ () C:\Users\<Benutzer>\axa-bt.ini
2015-04-01 14:39 - 2015-04-01 14:39 - 00000000 ____D () C:\Users\<Benutzer>\btframe
2015-04-01 09:12 - 2015-04-01 09:12 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox
2015-03-31 08:51 - 2015-03-31 08:51 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\{2AB6FC74-4B79-437F-8383-363BA0AB6755}
2015-03-30 12:56 - 2015-03-30 12:57 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\{3B4CB9A4-D979-4A4D-8D34-58E09448AEA4}
2015-03-23 16:29 - 2015-03-23 16:29 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\{FDE4EF91-8A75-4E96-9367-ED65BAB748BC}
2015-03-17 20:46 - 2015-03-17 20:46 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\{6EC5D8D0-10BC-4041-BF73-3E4FEE9C4357}
2015-03-16 15:03 - 2015-03-16 15:04 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Hanse Merkur
2015-03-12 15:00 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 15:00 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 15:00 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 15:00 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 15:00 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 15:00 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 15:00 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 15:00 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 15:00 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 15:00 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 15:00 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 15:00 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 15:00 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 15:00 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 15:00 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 15:00 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 15:00 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 15:00 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 15:00 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 15:00 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 15:00 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 15:00 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 15:00 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 15:00 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 15:00 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 15:00 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 15:00 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 15:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 15:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 15:00 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 15:00 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 15:00 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 15:00 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 15:00 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 15:00 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 15:00 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 14:59 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 14:59 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 14:59 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 14:59 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 14:59 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 14:59 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 14:59 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 14:59 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 14:59 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-12 14:59 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-12 14:59 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-12 14:59 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-12 14:59 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-12 14:59 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-12 14:59 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-12 14:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 14:59 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 14:59 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 14:59 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 14:59 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 14:59 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-12 14:59 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 14:59 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 14:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 14:58 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 14:58 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 14:58 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 14:58 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 14:58 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 14:58 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 14:58 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 14:58 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 14:58 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 14:58 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 14:58 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 14:58 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 14:58 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 14:58 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 14:58 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 14:58 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 14:58 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 14:58 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 14:58 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 14:58 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 14:58 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 14:58 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 14:58 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 14:58 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 14:58 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 14:58 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 14:58 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 14:58 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 14:58 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 14:58 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 14:58 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 14:58 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 14:58 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 14:58 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 14:58 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 14:58 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 14:58 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 14:58 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 14:58 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 14:58 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 14:58 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 14:58 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 14:58 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 14:58 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 14:58 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 14:58 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 14:58 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 14:58 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 14:58 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 14:58 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 14:58 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 14:58 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 14:58 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 14:58 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 14:58 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 14:58 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 14:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 14:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 14:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 14:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 14:54 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 14:54 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 11:48 - 2014-06-27 09:28 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000.job
2015-04-11 11:48 - 2013-05-08 09:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 11:48 - 2013-05-08 09:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 11:48 - 2012-04-01 19:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 11:48 - 2011-03-18 00:55 - 01217141 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 10:07 - 2011-03-18 08:18 - 00777970 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 10:07 - 2011-03-18 08:18 - 00179842 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 10:07 - 2009-07-14 07:13 - 01838962 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 10:06 - 2014-05-22 07:19 - 00031115 _____ () C:\Windows\setupact.log
2015-04-11 09:27 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 09:27 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 09:20 - 2013-12-03 15:40 - 00000000 ___RD () C:\Users\<Benutzer>\Documents\Spaces
2015-04-11 09:20 - 2013-12-03 15:35 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\TeamDrive3
2015-04-11 09:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 09:13 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 09:04 - 2013-09-09 20:02 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\CrashDumps
2015-04-11 09:04 - 2011-11-02 14:26 - 00895520 _____ () C:\Windows\PFRO.log
2015-04-11 08:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-11 08:20 - 2014-06-25 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 07:55 - 2011-11-05 16:56 - 00000000 ____D () C:\Users\<Benutzer>\Documents\ADCURI1
2015-04-09 17:32 - 2011-11-21 15:40 - 00017609 _____ () C:\Windows\VFrame32.INI
2015-04-09 17:30 - 2011-03-18 00:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-09 17:20 - 2013-12-30 12:14 - 00001312 _____ () C:\Windows\CAF.ini
2015-04-09 17:20 - 2011-11-21 15:43 - 00001869 _____ () C:\Users\Public\Desktop\VHV-Tarife.lnk
2015-04-09 17:20 - 2011-11-21 15:42 - 00001068 _____ () C:\Windows\DOCS.ini
2015-04-09 17:03 - 2013-06-24 13:49 - 00000000 ____D () C:\Users\<Benutzer>\.compeople
2015-04-09 15:03 - 2012-05-16 15:30 - 00000000 ____D () C:\Users\<Benutzer>\Documents\AXA
2015-04-07 12:46 - 2015-02-18 18:09 - 00759901 _____ () C:\Windows\system32\ScanResults.xml
2015-04-07 12:39 - 2015-02-18 18:03 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-04 13:20 - 2014-06-27 09:28 - 00003658 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000
2015-04-02 20:45 - 2011-11-16 21:12 - 00000000 ____D () C:\Program Files (x86)\SwissLife
2015-04-02 16:03 - 2011-11-10 14:52 - 00000988 _____ () C:\Users\Public\Desktop\VOIS.lnk
2015-04-02 15:49 - 2011-11-08 11:17 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Downloaded Installations
2015-04-02 13:22 - 2014-03-13 15:50 - 00000000 ____D () C:\Program Files (x86)\DHZ
2015-04-02 13:22 - 2012-01-03 10:37 - 00000000 ____D () C:\Program Files (x86)\OASE7
2015-04-02 13:07 - 2012-01-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Bonndata
2015-04-02 13:05 - 2012-01-03 11:28 - 00000000 ____D () C:\EUBogen_Uninstall
2015-04-02 13:05 - 2012-01-03 11:28 - 00000000 ____D () C:\EUBogen
2015-04-02 11:33 - 2013-10-27 17:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-02 11:28 - 2014-10-23 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-02 11:28 - 2012-04-16 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-02 08:14 - 2011-11-07 21:36 - 00000000 ____D () C:\Temp
2015-04-01 14:39 - 2011-11-02 13:50 - 00000000 ____D () C:\Users\<Benutzer>
2015-03-31 19:56 - 2012-10-25 14:09 - 00000000 ____D () C:\Users\<Benutzer>\Documents\GOLD & Silber Shop
2015-03-23 16:37 - 2012-12-02 20:14 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Feuersozietät
2015-03-23 16:36 - 2012-12-21 18:23 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Avira
2015-03-23 16:30 - 2012-12-21 18:18 - 00001966 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-23 16:30 - 2012-12-21 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-23 16:30 - 2011-11-02 14:45 - 00000000 ____D () C:\ProgramData\Avira
2015-03-23 14:04 - 2011-11-27 18:38 - 00000000 ____D () C:\ProgramData\firebird
2015-03-23 11:45 - 2014-08-21 14:47 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Adobe
2015-03-23 11:44 - 2012-04-01 19:34 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 11:44 - 2012-04-01 19:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-23 11:44 - 2011-12-03 11:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 10:29 - 2012-07-19 09:12 - 00000000 ____D () C:\Users\<Benutzer>\Documents\BBV
2015-03-23 10:13 - 2015-03-09 21:14 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Universa
2015-03-16 12:52 - 2011-12-19 11:51 - 00000000 __SHD () C:\Users\<Benutzer>\Documents\cache
2015-03-15 18:23 - 2014-01-07 09:47 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2015-03-13 17:48 - 2011-11-05 16:57 - 00000000 ____D () C:\Users\<Benutzer>\Documents\ARUNA
2015-03-13 13:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 10:22 - 2014-01-07 09:47 - 00000000 ____D () C:\Program Files (x86)\Deutsche Telekom AG
2015-03-13 10:14 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 10:13 - 2012-06-01 13:10 - 00000000 ___RD () C:\Users\<Benutzer>\Podcasts
2015-03-13 10:12 - 2009-07-14 06:45 - 00383312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 21:36 - 2012-02-06 19:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 21:31 - 2013-07-24 19:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 21:25 - 2011-11-02 15:09 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-08-18 14:51 - 2012-08-18 14:51 - 0000288 _____ () C:\Users\<Benutzer>\AppData\Roaming\.backup.dm
2011-11-21 13:21 - 2015-02-05 10:51 - 0000185 _____ () C:\Users\<Benutzer>\AppData\Roaming\CASUpdateSkip.lst
2013-03-27 15:00 - 2015-01-05 08:39 - 0000014 _____ () C:\Users\<Benutzer>\AppData\Roaming\CAS_Personal_RuVPAgtnr.lst
2011-11-07 11:12 - 2011-12-19 12:08 - 0001007 _____ () C:\Users\<Benutzer>\AppData\Roaming\ConvAPIPlugin.log
2011-11-07 22:35 - 2013-07-09 17:59 - 0000077 _____ () C:\Users\<Benutzer>\AppData\Local\bullet.gif
2011-11-16 17:57 - 2012-06-18 10:50 - 0001314 _____ () C:\Users\<Benutzer>\AppData\Local\BWSmartClientAppRes.WinRisk_AboutBox.html
2011-11-07 22:35 - 2013-07-09 17:59 - 0005345 _____ () C:\Users\<Benutzer>\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html
2011-11-07 22:35 - 2013-07-09 17:59 - 0002028 _____ () C:\Users\<Benutzer>\AppData\Local\IR_LoginBtn.gif
2013-11-15 20:03 - 2013-11-15 20:03 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809012384_1.tmp
2013-08-13 10:34 - 2013-08-13 10:34 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809013136_1.tmp
2013-08-13 10:34 - 2013-08-13 10:34 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809013136_2.tmp
2012-08-21 19:42 - 2012-08-21 19:42 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015172_1.tmp
2014-02-05 21:26 - 2014-02-05 21:26 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015416_1.tmp
2013-08-14 15:30 - 2013-08-14 15:30 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015508_1.tmp
2013-11-28 12:50 - 2013-11-28 12:50 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016024_1.tmp
2013-11-28 12:50 - 2013-11-28 12:50 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016024_2.tmp
2014-03-17 18:30 - 2014-03-17 18:30 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016796_1.tmp
2013-08-14 15:29 - 2013-08-14 15:29 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017324_1.tmp
2013-08-19 14:12 - 2013-08-19 14:12 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017416_1.tmp
2014-02-05 21:16 - 2014-02-05 21:16 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017636_1.tmp
2014-02-05 21:37 - 2014-02-05 21:37 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017668_1.tmp
2014-02-05 21:29 - 2014-02-05 21:29 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809018404_1.tmp
2014-02-05 21:28 - 2014-02-05 21:28 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809019032_1.tmp
2011-11-07 22:35 - 2013-07-09 17:59 - 0197839 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Background.jpg
2011-11-07 22:35 - 2013-07-09 17:59 - 0000405 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Smile.gif
2011-11-16 17:57 - 2012-06-18 10:50 - 0007477 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Text.gif
2013-05-16 16:49 - 2013-05-16 16:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-07 11:02 - 2014-04-13 18:30 - 0006209 _____ () C:\ProgramData\hpzinstall.log
2011-03-18 01:04 - 2011-03-18 01:04 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-03-18 00:58 - 2011-03-18 00:58 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-03-18 01:01 - 2011-03-18 01:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-18 00:58 - 2011-03-18 01:01 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-03-18 01:02 - 2011-03-18 01:03 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\<Benutzer>\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 11:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 11.04.2015, 11:43   #4
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Und die Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by <Benutzer> at 2015-04-11 11:52:30
Running from C:\Users\<Benutzer>\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Abgeltungsteuer GEV (x32 Version: 12.01.0000 - GEV) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALTE LEIPZIGER Beratungssoftware 09.2014 Standard (HKLM-x32\...\{2F20357B-0985-43E8-A226-1B77114C0B94}) (Version: 45.00.0000 - ALTE LEIPZIGER Lebensversicherung a.G.)
ALTE LEIPZIGER Taa 8.16 R2 (HKLM-x32\...\{DB795554-FABC-48BA-9CBA-0590BFCA9403}) (Version: 2.16.1000 - ALTE LEIPZIGER Lebensversicherung a.G.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.148 - ArcSoft)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ASC Easy Update auf Version 4.6.1 (HKLM-x32\...\ASC Easy Updater_is1) (Version:  - ASC Assekuranz Service Center GmbH)
ASC Easy Update auf Version 5.6.3 (HKLM-x32\...\ASC Easy_is1) (Version:  - ASC Assekuranz Service Center GmbH)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audials (HKLM-x32\...\{2E5052A2-8E3D-4229-A5EB-2465B260D917}) (Version: 8.0.54900.0 - RapidSolution Software AG)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AXA Beratungstechnologie (HKLM-x32\...\{ACB4A876-C528-45CE-9441-8AA998B9947A}) (Version: 14.3.0 - AXA Konzern AG)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
BEG-Rechner GEV (x32 Version: 12.01.0000 - GEV) Hidden
Beraterplatz GEV (x32 Version: 12.01.0001 - GEV) Hidden
BeratungsNavigator Januar 2015 (HKLM-x32\...\InstallShield_{74364E6A-A97A-4C9E-8432-584F74280E5D}) (Version: 44.01.0000 - Stuttgarter Lebensversicherung a.G.)
BeratungsNavigator Januar 2015 (x32 Version: 44.01.0000 - Stuttgarter Lebensversicherung a.G.) Hidden
BeratungsNavigator Rechen-Zusatzmodul (HKLM-x32\...\InstallShield_{F84C7212-9DC4-4963-A564-73C2EFA18935}) (Version: 10.1.0000.0000 - FUJITSU LIMITED)
BeratungsNavigator Rechen-Zusatzmodul (x32 Version: 10.1.0000.0000 - FUJITSU LIMITED) Hidden
Beratungsprotokolle (x32 Version: 12.01.0000 - GEV) Hidden
BISY 102 (HKLM-x32\...\BISY_is1) (Version:  - V-Soft GbR Oldenburg)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Bonnprint/iText (HKLM-x32\...\BPiText) (Version:  - )
BP 3.01 (B0002) (HKLM-x32\...\BP 3.01 (B0002)) (Version: 3.01 (B0002) - )
BP V 2.12 (B0004) (HKLM-x32\...\BP V 2.12 (B0004)) (Version: V 2.12 (B0004) - )
BP V 2.13 (B0004) (HKLM-x32\...\BP V 2.13 (B0004)) (Version: V 2.13 (B0004) - )
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Browser 7 der Telekom 36.0.8 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 36.0.8 (x86 de)) (Version: 36.0.8 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 29.0.40 - Deutsche Telekom AG)
BSW 1.1.1 (HKLM-x32\...\BSW 1.1.1) (Version: 1.1.1 - )
BTnet 01.2015 (x32 Version: 15.01.5535.17082 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet AVB Steuerung 01.2015 (x32 Version: 15.01.5535.17082 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet Datenbanken 01.2015 (x32 Version: 15.01.5535.17082 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet Java-Umgebung 01.2015 (x32 Version: 15.01.5431.36650 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet PortCommunicator 01.2015 (x32 Version: 15.01.5462.27583 - NÜRNBERGER Beratungstechnologie) Hidden
Canada Life Berechnungssoftware (HKLM-x32\...\{8D584853-14DF-495E-A0C4-330182E63CCD}) (Version: 17.0.0 - Canada Life Assurance (Irl) Ltd)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan 9000F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9602) (Version:  - )
CAP GEV Child (x32 Version: 12.01.0002 - Basis) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Concordia Software (HKLM-x32\...\{3618584E-495D-4C85-8DCD-FC9996E00D57}) (Version: 2.60.2000 - Concordia Versicherungsgesellschaft a.G.)
CONDOR Angebotssystem (HKLM-x32\...\CONDOR Angebotssystem) (Version: 09/2014 - Condor Versicherungen)
ContiSoft (HKLM-x32\...\ContiSoft #1) (Version:  - )
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3806.02 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB 13.41 (HKLM-x32\...\DB 13.41) (Version: 13.41 - )
DB 13.42 (HKLM-x32\...\DB 13.42) (Version: 13.42 - )
DWS Power Inside 1.4.1 (HKLM-x32\...\{3E2EF37B-0CAF-4D86-9179-AFDD194E1B1F}_is1) (Version: 1.4.1 - DWS Finanz-Service GmbH)
easy Client (HKLM-x32\...\easy Client) (Version:  - )
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EASY2000 Version 82 (HKLM-x32\...\EASY2000 Version 82) (Version:  - )
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyBau (HKLM-x32\...\{49DC8A25-8336-4DE1-8334-CDA5CBC19263}) (Version: 3.00 - )
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
FIT GEV (x32 Version: 12.01.0001 - GEV) Hidden
FSOEL Angebotsprogramme (HKLM-x32\...\{540F3A7E-BE5D-323F-91D6-C68CF8597622}) (Version: 14.3.01186 - Versicherungskammer Bayern (VKB))
Fujitsu NetCOBOL Free Run-time (HKLM-x32\...\InstallShield_{BBF0B1C3-EEC1-4AA6-916B-126E895A46D8}) (Version: 9.0.0020.0000 - FUJITSU LIMITED)
Generali Tarifierungen Gev (x32 Version: 12.01.0000 - GEV) Hidden
Generali Versicherungen Beratungssoftware (HKLM-x32\...\Generali Versicherungen Beratungssoftware) (Version:  - )
GEV Excelloesungen (x32 Version: 12.01.0000 - GEV) Hidden
GHUGNEU 5.3 B(0005) (HKLM-x32\...\GHUGNEU 5.3 B(0005)) (Version: 5.3 B(0005) - )
GHUGNEU 5.4 B(0004) (HKLM-x32\...\GHUGNEU 5.4 B(0004)) (Version: 5.4 B(0004) - )
giga_finanz (HKLM-x32\...\ST6UNST #1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
HALLESCHE Tarifsoftware (HKLM-x32\...\HALLESCHE Tarifsoftware) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{4D139017-971D-45CF-B94E-26C4DC93A814}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{73DB9F06-C125-4A1C-A982-5801338EBE84}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IBANBIC 1.0.0006 (HKLM-x32\...\IBANBIC 1.0.0006) (Version: 1.0.0006 - )
IGV Zahnvergleichsrechner (1.3.7) (HKLM-x32\...\IGV-Zahnvergleich) (Version: 1.3.7 - UNKNOWN)
IGV Zahnvergleichsrechner (1.3.7) (x32 Version: 1.3.7 - UNKNOWN) Hidden
IKK V 2.7 (B0005) (HKLM-x32\...\IKK V 2.7 (B0005)) (Version: V 2.7 (B0005) - )
IKK V 2.7 (B0006) (HKLM-x32\...\IKK V 2.7 (B0006)) (Version: V 2.7 (B0006) - )
iLinc 11 Client (HKLM-x32\...\iLincClient.11) (Version:  - )
iLinc Client (HKLM-x32\...\uninstall.exe) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
InterCall Unified Meeting (HKLM-x32\...\{96312C46-E17A-4598-B1C6-C21C288840B5}) (Version: 4.11.7.244 - InterCall)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
InterRisk WinRisk 7.0.0 (HKLM-x32\...\{35B3D388-6F85-4928-BAB9-1D6B14378BB8}) (Version: 7.0.117.0 - InterRisk Versicherungs-AG Vienna Insurance Group, InterRisk Lebensversicherungs-AG Vienna Insurance Group)
INVERS Makler Assistent (HKLM-x32\...\invers) (Version: 5.0.14.3 - Inveda.net GmbH)
Janitos Offline-Tarifrechner 3.2.3.6 (HKLM-x32\...\Janitos Offline-Tarifrechner 3_is1) (Version:  - Fairware24)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jet4-Runtime (HKLM-x32\...\{BE96B0E5-C3B5-42A2-800B-D6C45B621EFC}) (Version: 1.4.1 - Versicherungskammer Bayern - 7IV02)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KFZ ${DOCUMENT.VERSIONSNUMMER} (HKLM-x32\...\KFZ ${DOCUMENT.VERSIONSNUMMER}) (Version: ${DOCUMENT.VERSIONSNUMMER} - )
KFZ 9.6.0 (HKLM-x32\...\KFZ 9.6.0) (Version: 9.6.0 - )
KFZ 9.6.1 (HKLM-x32\...\KFZ 9.6.1) (Version: 9.6.1 - )
KFZ 9.7.1 (HKLM-x32\...\KFZ 9.7.1) (Version: 9.7.1 - )
Konzept und Marketing Tarifrechner (HKLM-x32\...\{0463F7BC-A2E8-4BC4-8222-B7455857F528}) (Version: 2.23.0 - mariosoft GmbH)
KV 2.83.0040 (HKLM-x32\...\KV 2.83.0040) (Version: 2.83.0040 - )
KV 2.84.0011 (HKLM-x32\...\KV 2.84.0011) (Version: 2.84.0011 - )
KVDATEN 2.83.0040 (HKLM-x32\...\KVDATEN 2.83.0040) (Version: 2.83.0040 - )
KVDATEN 2.84.0011 (HKLM-x32\...\KVDATEN 2.84.0011) (Version: 2.84.0011 - )
KVPEB 1.2 (B0010) (HKLM-x32\...\KVPEB 1.2 (B0010)) (Version: 1.2 (B0010) - )
LIB ${DOCUMENT.Hilfs_Daten.VERSIONSNUMMER} (HKLM-x32\...\LIB ${DOCUMENT.Hilfs_Daten.VERSIONSNUMMER}) (Version: ${DOCUMENT.Hilfs_Daten.VERSIONSNUMMER} - )
LIB 13.33 (HKLM-x32\...\LIB 13.33) (Version: 13.33 - )
LIB 13.41 (HKLM-x32\...\LIB 13.41) (Version: 13.41 - )
LIB 13.42 (HKLM-x32\...\LIB 13.42) (Version: 13.42 - )
LV V 6.36 (B0011) (HKLM-x32\...\LV V 6.36 (B0011)) (Version: V 6.36 (B0011) - )
LV V 6.37 (B0002) (HKLM-x32\...\LV V 6.37 (B0002)) (Version: V 6.37 (B0002) - )
LV1871 Tarifsoftware (HKLM-x32\...\{D3A8EE78-C9B9-44C8-905E-E6E1593A8240}) (Version: 8.11.0074 - Lebensversicherung von 1871 a.G. München)
LV21 7.11 (B0011) (HKLM-x32\...\LV21 7.11 (B0011)) (Version: 7.11 (B0011) - )
LV21 7.12 (B0006) (HKLM-x32\...\LV21 7.12 (B0006)) (Version: 7.12 (B0006) - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{00180407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Access 2003 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Moreba (x32 Version: 12.01.0000 - Basis) Hidden
Moreba GEV (x32 Version: 12.01.0000 - GEV) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Firefox 36.0.1 (x86 de) (HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\MyFreeCodec) (Version:  - )
NativeJ (HKLM-x32\...\{9A786262-BE5C-4908-9EE1-524F1F7A62F4}) (Version: 14.3.07 - Versicherungskammer Bayern - 7IV02)
NÜRNBERGER Autoupdater (HKLM-x32\...\{228175bf-fd4e-4c33-bc36-a3365acd8f17}) (Version: 2.1.5521.22346 - NÜRNBERGER Beratungstechnologie)
NÜRNBERGER Autoupdater (x32 Version: 2.1.5521.22346 - NUERNBERGER Versicherungsgruppe) Hidden
NÜRNBERGER BTnet 01.2015 SP2.3 (HKLM-x32\...\{29fa30dd-61b6-47f5-9cc6-e4f1aa89074e}) (Version: 15.1.5535.17082 - NÜRNBERGER Beratungstechnologie)
NÜRNBERGER BTnet 02.2013 Datenbank (x32 Version: 13.2.20.0001 - NÜRNBERGER Beratungstechnologie) Hidden
NÜRNBERGER BTplus 01.2015 (x32 Version: 15.01.5490.34919 - NÜRNBERGER Beratungstechnologie) Hidden
NÜRNBERGER BTplus 01.2015 SP0.1 (HKLM-x32\...\{00dbfaf3-d84b-4edd-8bf0-4e4ef871f26e}) (Version: 15.01.5490.34919 - NÜRNBERGER Beratungstechnologie)
NÜRNBERGER CompassDB (x32 Version: 13.02.20.0001 - Nürnberger Beratungstechnologie) Hidden
NÜRNBERGER DOKnet 01.2015 (HKLM-x32\...\{6368a115-14d3-4026-a6be-4dd7873a4e6e}) (Version: 15.01.5459.36723 - NÜRNBERGER Beratungstechnologie)
NÜRNBERGER DOKnet 01.2015 (x32 Version: 15.01.5459.36723 - NÜRNBERGER Beratungstechnologie) Hidden
NVIDIA Graphics Driver 267.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.04 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
OJPro8100FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
PFIFFIKUS 3.3 B(0001) (HKLM-x32\...\PFIFFIKUS 3.3 B(0001)) (Version: 3.3 B(0001) - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar FlowSync Version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PP 7.05.0015 (HKLM-x32\...\PP 7.05.0015) (Version: 7.05.0015 - )
PP 7.9.0010 (HKLM-x32\...\PP 7.9.0010) (Version: 7.9.0010 - )
PP 7.9.0025 (HKLM-x32\...\PP 7.9.0025) (Version: 7.9.0025 - )
Prish Image Resizer (HKLM\...\{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}) (Version: 1.0.2513 - Prish.com)
Produktrechner 07.04.00.00 (HKLM-x32\...\KPP-07.04.00.00) (Version: 07.04.00.00.106 - Deutscher Ring Krankenversicherungsverein a.G)
R+V CONNECT (HKLM-x32\...\{599F073B-2A3E-4366-84E0-F07F260763A2}) (Version: 3.00.0000 - R+V Versicherung)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6318 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.8 - Reimage) <==== ATTENTION
RS 6.13.0003 (HKLM-x32\...\RS 6.13.0003) (Version: 6.13.0003 - )
RS 6.15.0003 (HKLM-x32\...\RS 6.15.0003) (Version: 6.15.0003 - )
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
RSA Smart Card Middleware 3.5 (HKLM-x32\...\{AC2F9FCC-170E-4B0B-84AB-7307A373570F}) (Version: 3.5.3.36 - RSA, The Security Division of EMC)
RuntimeInstallieren (HKLM-x32\...\{D7CDED26-6B92-449E-A878-DBE71EF87319}) (Version: 1.30.0001 - SIGNAL IDUNA)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.0 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.1.17 - Samsung Electronics Co., Ltd.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{A5C0BFEA-E59D-4245-A970-81BC16232221}) (Version: 13.0.7.1136 - SAP)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1801}) (Version: 12.24.1.51 - APN, LLC) <==== ATTENTION
Self-Service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
serviceOFFICE (HKLM-x32\...\serviceOFFICE_is1) (Version: 05/2008 - MAPWARE AG)
SIGNAL IDUNA Beratungssoftware freie Vertriebe (HKLM-x32\...\SIGNAL IDUNA Beratungssoftware externe Vertriebe) (Version: 015.11.0001 - SIGNAL IDUNA Gruppe)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{716B5F3E-8B1A-42F5-B3BE-9F8A16E8DF0D}) (Version: 6.5.3 - Silicon Laboratories, Inc.)
SISShortcut (HKLM-x32\...\{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}) (Version: 1.00.000 - Samsung)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.1300 - SRS Labs, Inc.)
StepOver eSignatureOffice for BTnet (x32 Version: 15.1.5451.28180 - NÜRNBERGER Beratungstechnologie) Hidden
Studie zur Verbesserung von HP Officejet Pro 8100 Produkten (HKLM\...\{B1153774-BFFE-4D42-AC2C-6503DBE96EBA}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
Stufenmodell GEV (x32 Version: 12.01.0000 - GEV) Hidden
Swiss Life EVApro (HKLM\...\Swiss Life EVApro 4.0.0) (Version: 4.0.0 - Swiss Life)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TARGETS 13.41 (HKLM-x32\...\TARGETS 13.41) (Version: 13.41 - )
TARGETS 13.42 (HKLM-x32\...\TARGETS 13.42) (Version: 13.42 - )
Tarifsoftware (HKLM-x32\...\{13C4D130-9479-4C49-B9F4-D063CDD48285}) (Version: 4.45 - degenia Versicherungsdienst AG)
Tarifsoftware (HKLM-x32\...\{9054DCDF-A3CF-4B4E-8300-6DB9F855FD57}) (Version: 4.29.0000 - degenia Versicherungsdienst AG)
TAS (HKLM-x32\...\DhtDeinstKey) (Version:  - )
TeamDrive 3 (HKLM-x32\...\TeamDrive 3) (Version: 3.3.1.1047 - TeamDrive Systems GmbH)
TransSELEKT (x32 Version: 12.01.0002 - GEV) Hidden
uniVersa Windows Edition (HKLM-x32\...\{EDA91732-AA06-4BCB-93F1-CD48AAB079E2}) (Version: 6.7 - )
Updateservice GEV (x32 Version: 12.01.0000 - GEV) Hidden
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
UV 10.4 B(0015) (HKLM-x32\...\UV 10.4 B(0015)) (Version: 10.4 B(0015) - )
UV 10.5 B(0005) (HKLM-x32\...\UV 10.5 B(0005)) (Version: 10.5 B(0005) - )
V-Bote App (HKLM-x32\...\vbote) (Version: 5.1.0.62 - Inveda.net GmbH)
Vera Kompas GEV (x32 Version: 12.01.0002 - GEV) Hidden
VERSION 013.33.0001 (HKLM-x32\...\VERSION 013.33.0001) (Version: 013.33.0001 - )
VERSION 013.41.0001 (HKLM-x32\...\VERSION 013.41.0001) (Version: 013.41.0001 - )
VERSION 013.42.0001 (HKLM-x32\...\VERSION 013.42.0001) (Version: 013.42.0001 - )
VHV RECOMAX (HKLM-x32\...\{53CFF9B1-4ED7-4114-8ECF-ADD13BC8AC57}) (Version: 7.02 - VHV Allgemeine Versicherung AG)
VHV-Tarifprogramm (HKLM-x32\...\{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}) (Version: 61.0.25 - VHV Allgemeine Versicherung AG)
VOIS 5.22.6 (HKLM-x32\...\VOIS) (Version: 5.22.6 - Fassbender Consulting)
VOLKSWOHL BUND - Angebotsprogramm Komfort (HKLM-x32\...\{C20B2271-69D4-11D4-A951-08005AD260A8}) (Version: 15.1.0 - VOLKSWOHL BUND Versicherungen)
VorsorgeBerater.7 (HKLM-x32\...\{B0049CB9-39A9-4BB7-8EF0-0AF9A7C6B3B3}) (Version: 7.54.1595 - Intelligent Solution Services AG)
VorsorgePLANER (HKLM-x32\...\{8D86B3AE-F744-4F97-ADDD-6B13345C62FF}_is1) (Version: 4.1 - Software für Vorsorge und Finanzplanung GmbH & Co. KG)
WARTUNG 013.33.0001 (HKLM-x32\...\WARTUNG 013.33.0001) (Version: 013.33.0001 - )
WARTUNG 013.41.0001 (HKLM-x32\...\WARTUNG 013.41.0001) (Version: 013.41.0001 - )
WARTUNG 013.42.0001 (HKLM-x32\...\WARTUNG 013.42.0001) (Version: 013.42.0001 - )
WebEx Schulungsmanager für Firefox oder Chrome (HKLM-x32\...\{9A1BAEDD-5A66-44E5-B17E-AEF07615E826}) (Version: 5.23.2500 - Cisco WebEx LLC)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader  (05/17/2005 5.2.3790.2444) (HKLM\...\E38B2136962D21A7BDE5AAC98CD1C6EA6B6D0687) (Version: 05/17/2005 5.2.3790.2444 - Microsoft)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
WWK AVANTI Angebot (HKLM-x32\...\{29413879-7584-4B13-8793-299E874F4110}) (Version: 8.35 - WWK Lebensversicherung a.G.)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zurich Vorsorge Portal (HKLM-x32\...\Zurich Vorsorge Portal) (Version:  - )
Zusatzsoftware (HKLM-x32\...\DhzDeinstKey) (Version:  - )
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-336442205-827502387-1674173946-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\<Benutzer>\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

30-03-2015 08:58:12 Windows Update
02-04-2015 08:10:20 Installiert DHT
02-04-2015 11:36:31 Installiert DHT
03-04-2015 08:45:01 Windows Update
04-04-2015 17:07:23 Windows Update
09-04-2015 17:20:02 Installiert Tarifprogramm
10-04-2015 07:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EAFD584-9675-4985-ADF7-BC9F45104A8A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {225DEAF4-C48B-42FD-A94F-D191AACC4CD9} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: {2603A6BB-0BD2-4EF0-B7BC-97A544B9FBA3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32036856-257D-4681-B6E7-023E149EFF5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {326E6696-418B-40A6-9636-AB9DC2621BBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {32C59580-8411-4434-AF66-8D29DA4AAF25} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe [2011-02-24] (SRS Labs, Inc.)
Task: {35D911A8-C286-44BD-A235-7DA8A9BFE30B} - System32\Tasks\Samsung Magician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {383CD9E2-42CB-44E8-9F28-E56A65635592} - System32\Tasks\HP AR Program Upload - 451e6214a8604d61a08c2a43492f4bdf2ff8a2874c6f4497a2ffbf8520240f9c => C:\Program Files\HP\HP Officejet Pro 8100\bin\HPRewards.exe [2012-11-01] (TODO: <Company name>)
Task: {38745939-C72E-4C66-96CF-5F699C5B57F3} - System32\Tasks\hpUrlLauncher.exe_{29FAE12C-BE99-42D1-A1F0-53885C62AFC2} => C:\Program Files\HP\HP Officejet Pro 8100\Bin\utils\hpUrlLauncher.exe [2012-11-02] (Hewlett-Packard Co.)
Task: {3F830B4D-83C1-40A7-925A-1C8D5CFEE934} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC)
Task: {43333E27-6C7C-4E82-8380-0AE73AAC602D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8100 => C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe
Task: {4F94A0B4-B548-4164-AE96-18B6A020E3F5} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {5F659F5D-C207-44EA-9E0D-96DC4C30E380} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\WinFixReminder.exe <==== ATTENTION
Task: {61ACC99B-FADC-430F-A13B-1A2543881EC1} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-12-20] (Samsung Electronics)
Task: {6BDADDD3-3766-4F8E-8351-98957D72ECB7} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {6D2BCE62-852E-4576-8643-4CDD7A9700D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7162F8E7-0257-423D-945E-763843710C4F} - System32\Tasks\{FB680BD5-4CEE-4B9A-9BAE-36EC767D641E} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\gigaunfalluni5\ST6UNST.LOG"
Task: {72A1D188-BF6B-4AF2-A0DA-29DC36ADC96F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {760C8D30-D0FF-4FD4-91F7-B1D5BAE950A4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {765D7C68-A4A5-49DD-B805-C8CDFCEE90E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8A5B3B98-0E29-4667-B26E-CD2D28E1B6E7} - System32\Tasks\{81361DD9-3834-49ED-959D-78E08F8C305B} => pcalua.exe -a C:\Users\<Benutzer>\AppData\Local\Temp\DotNetFrameWork\DotNetFrameWork_2.0\dotnetfx.exe -d C:\Users\<Benutzer>\AppData\Local\Temp\DotNetFrameWork\DotNetFrameWork_2.0
Task: {8B2F5F1F-95DF-4270-8848-42D838AC57AA} - System32\Tasks\HP AR Program Upload - 6538eb84044f4fed920664ff010155e490c9d862f54d4c888717cae7da5c6449 => C:\Program Files\HP\HP Officejet Pro 8100\bin\HPRewards.exe [2012-11-01] (TODO: <Company name>)
Task: {8C39743A-072C-4D76-9699-51D47022A57B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {91F721D2-9837-4E7C-9329-0D6F021B499C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {943A353A-543B-4812-A70A-A267CD35B0D4} - System32\Tasks\hpUrlLauncher.exe_{ED3F932B-813B-4CE6-9981-102771979FD0} => C:\Program Files\HP\HP Officejet Pro 8100\Bin\utils\hpUrlLauncher.exe [2012-11-02] (Hewlett-Packard Co.)
Task: {9D8DF91B-D6D1-4E00-91B7-C745434FF624} - System32\Tasks\{EF617DF5-4CBA-4EB0-A36D-FF3BE5CC2F3E} => E:\SETUP.EXE
Task: {9E6327F4-58A1-42A7-8280-D5CDA6922EA4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {A44ABC2D-4D1C-4468-B1BA-86C47CA3199E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {A6CD48C0-95A5-45A8-8825-9553455EB69A} - System32\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000 => C:\Users\<Benutzer>\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A9088378-A70F-4BDF-81E3-A8EB12C0C5C0} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
Task: {AC191592-BC2C-441E-AD91-789ADE4A58C2} - System32\Tasks\{C1975A80-2395-4E34-893B-2ECB78576204} => E:\SETUP.EXE
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B03A3706-B97D-4AEE-8EE6-2114D3F3B5B1} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {B5877CA7-3DD7-49B4-8C42-002CD315EFF8} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {B72FB157-B34D-450A-BF6A-F3E88B005BA6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07] (Oracle Corporation)
Task: {BBC1DC5F-D179-4DAD-BB84-2159D931FD1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {BE3BFBED-C2E8-4DC8-8BD2-A8F7DCE3EDC5} - System32\Tasks\HP AR Program Upload - d42400bfd3104fab8194443046f42173f8c15f5188b247aabe11a4c842509f7c => C:\Program Files\HP\HP Officejet Pro 8100\bin\HPRewards.exe [2012-11-01] (TODO: <Company name>)
Task: {D3CA7303-5202-4FDA-A643-07AF751C9A80} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {D59016FB-61BA-4E23-87E8-9FEBFDA96FA6} - System32\Tasks\HP AR Program Upload - 8f146c9bb9d04a7cbc3532e9afc7caf1db3df4c3d5814f7a83485993a77fc309 => C:\Program Files\HP\HP Officejet Pro 8100\bin\HPRewards.exe [2012-11-01] (TODO: <Company name>)
Task: {D641BC3F-5ED3-4177-AE67-040B4B06FA00} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {E1623EFB-FAC6-4A1C-B694-40B169FFE8E5} - System32\Tasks\HP AR Program Upload - fe42868fe1584fd4ad511d0a996fecb51a97a8c3aba54cfe8e5f2d6becf2a8e9 => C:\Program Files\HP\HP Officejet Pro 8100\bin\HPRewards.exe [2012-11-01] (TODO: <Company name>)
Task: {E2803E83-411E-46C4-A8FB-DE0AF1681253} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {E90661EC-D83E-4621-9509-5EA13AFC1B5C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4F94048-188C-49B6-A99F-6493EFD70715} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000.job => C:\Users\<Benutzer>\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-18 07:36 - 2008-06-05 01:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2012-07-09 16:13 - 2009-09-08 23:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2009-01-12 08:15 - 2009-01-12 08:15 - 00071096 _____ () C:\Windows\SysWOW64\NMSAccess32.exe
2011-03-18 01:01 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-01-14 12:07 - 2015-01-14 12:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2011-03-18 07:37 - 2010-10-21 20:22 - 00709632 _____ () C:\Windows\system32\SnMinDrv.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-24 14:51 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2014-12-24 14:51 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2014-12-24 14:51 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2014-12-24 14:51 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2014-06-26 14:57 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2011-03-18 01:06 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-03-18 01:14 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:A5B56640

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-336442205-827502387-1674173946-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\<Benutzer>\Pictures\Picasa\Hintergründe\picasabackground-008.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-336442205-827502387-1674173946-500 - Administrator - Disabled)
Gast (S-1-5-21-336442205-827502387-1674173946-501 - Limited - Disabled)
<Benutzer> (S-1-5-21-336442205-827502387-1674173946-1000 - Administrator - Enabled) => C:\Users\<Benutzer>
HomeGroupUser$ (S-1-5-21-336442205-827502387-1674173946-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2015 09:13:15 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17120) (User: )
Description: SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17826) (User: )
Description: Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17182) (User: )
Description: TDSSNIClient initialization failed with error 0xffffffff, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors.

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17182) (User: )
Description: TDSSNIClient initialization failed with error 0xffffffff, status code 0x80. Reason: Unable to initialize SSL support.

Error: (04/11/2015 09:05:05 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (04/11/2015 09:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BT.Net_Listener.exe, Version: 1.3.0.0, Zeitstempel: 0x548e93db
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xBT.Net_Listener.exe0
Pfad der fehlerhaften Anwendung: BT.Net_Listener.exe1
Pfad des fehlerhaften Moduls: BT.Net_Listener.exe2
Berichtskennung: BT.Net_Listener.exe3

Error: (04/11/2015 09:04:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: BT.Net_Listener.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei infra.TcpPolicyServer.Start(Int32)
   bei BTnet_BTplus_Start.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei BTnet_BTplus_Start.App.Main()

Error: (04/11/2015 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BT.Net_Listener.exe, Version: 1.3.0.0, Zeitstempel: 0x548e93db
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x654
Startzeit der fehlerhaften Anwendung: 0xBT.Net_Listener.exe0
Pfad der fehlerhaften Anwendung: BT.Net_Listener.exe1
Pfad des fehlerhaften Moduls: BT.Net_Listener.exe2
Berichtskennung: BT.Net_Listener.exe3

Error: (04/11/2015 09:04:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: BT.Net_Listener.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei infra.TcpPolicyServer.Start(Int32)
   bei BTnet_BTplus_Start.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei BTnet_BTplus_Start.App.Main()


System errors:
=============
Error: (04/11/2015 09:19:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Micro Focus License Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/11/2015 09:14:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (04/11/2015 09:12:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (04/11/2015 09:08:22 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (04/11/2015 09:07:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147014790

Error: (04/11/2015 09:07:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.

Error: (04/11/2015 09:07:40 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.

Error: (04/11/2015 09:07:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (04/11/2015 09:06:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (04/11/2015 09:06:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%10106


Microsoft Office Sessions:
=========================
Error: (04/11/2015 09:13:15 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17120) (User: )
Description: FRunCM

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17826) (User: )
Description: 

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17182) (User: )
Description: ffffffff1Initialization failed with an infrastructure error. Check for previous errors.

Error: (04/11/2015 09:05:27 AM) (Source: MSSQL$BTNET) (EventID: 17182) (User: )
Description: ffffffff80Unable to initialize SSL support.

Error: (04/11/2015 09:05:05 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (04/11/2015 09:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BT.Net_Listener.exe1.3.0.0548e93dbKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42da4001d07425b35b97ddC:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exeC:\Windows\syswow64\KERNELBASE.dllf1544ec6-e018-11e4-b5af-e811326e4bef

Error: (04/11/2015 09:04:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: BT.Net_Listener.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei infra.TcpPolicyServer.Start(Int32)
   bei BTnet_BTplus_Start.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei BTnet_BTplus_Start.App.Main()

Error: (04/11/2015 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BT.Net_Listener.exe1.3.0.0548e93dbKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d65401d07425b16c79a4C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exeC:\Windows\syswow64\KERNELBASE.dllef5bab0c-e018-11e4-b5af-e811326e4bef

Error: (04/11/2015 09:04:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: BT.Net_Listener.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei infra.TcpPolicyServer.Start(Int32)
   bei BTnet_BTplus_Start.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei BTnet_BTplus_Start.App.Main()


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 29%
Total physical RAM: 4075.55 MB
Available physical RAM: 2859.95 MB
Total Pagefile: 8149.28 MB
Available Pagefile: 5136.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:366.41 GB) (Free:223.33 GB) NTFS
Drive d: () (Fixed) (Total:76.47 GB) (Free:29.45 GB) NTFS
Drive f: (STICK 8GB) (Removable) (Total:7.43 GB) (Free:5.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C4DE2AFC)
Partition 1: (Not Active) - (Size=76.5 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=22.8 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 7.4 GB) (Disk ID: 438CA2E6)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)

==================== End Of Log ============================
         

Alt 11.04.2015, 18:22   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Jo, MBAM zerlegt mir die letzte Zeit bissl viel Rechner.....

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Reimage Repair

    Search App by Ask

    webssearches uninstall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 06:25   #6
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Guten Morgen, erstmal vielen Dank, dass du dir am WE dafür Zeit nimmst.

Leider kann ich alle drei genannten Programme in Revo nicht finden. Dazu muß ich aber sagen, dass ich gestern selber schon mal in "Programme und Funktionen" war und "Search App by Ask"
und "webssearches uninstall" dort deinstalliert habe. Ich hoffe das war kein Fehler...
Reimage ist unter "Programme und Funktionen" noch da, in Revo jedoch nicht.

Was soll ich machen?

PS: Ich habe Combofix schon mal gesaugt, aber es wird von Avira hartnäckig als Virus erkannt...ist das normal?

PS2: Noch vergessen - außerdem habe ich den Dienst "Colormedia" auf deaktiviert gesetzt und den Ordner C:\ProgramData\SecurityUtility in .bak umbenannt. Ich hatte bemerkt, dass der Aufgabenplaner nicht mehr startet, wenn das Colormedia-Zeug von MBAM entfernt wurde. Nach dem Deaktivieren des Dienstes und Ordner-Umbenennen habe ich MBAM nochmal laufen lassen in der Hoffnung, dass das Entfernen nun keine Auswirkungen mehr hat. Das funzte aber nicht, der Aufgabenplaner startete danach wieder nicht...

Geändert von Bootluder (12.04.2015 um 07:12 Uhr)

Alt 12.04.2015, 08:09   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Dann deinstalliere Reimage normal über Windows.

Nix umbenennen, weil dann die andern Tools nicht mehr ziehen, und Colormedia kann dir auch ganz schnell die Inet-Verbindung zerlegen.

Also Reimage über WIndows, dann Combofix.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 09:10   #8
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Okay, Reimage deinstalliert, SecurityUtility wieder zurückbenannt und Combofix gestartet (ohne Meldungen - lief gleich los)

Hier der Log:
Code:
ATTFilter
ComboFix 15-04-09.01 - <Benutzer> 12.04.2015   9:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.1648 [GMT 2:00]
ausgeführt von:: c:\users\<Benutzer>\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\<Benutzer>\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\<Benutzer>\AppData\Local\Microsoft\Windows\Temporary Internet Files\sw-logo.png
c:\users\<Benutzer>\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\users\<Benutzer>\g2mdlhlpx.exe
c:\windows\IsUn0407.exe
c:\windows\regsvr32.exe
c:\windows\TEMP\jna6551974429578134526.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-12 bis 2015-04-12  ))))))))))))))))))))))))))))))
.
.
2015-04-12 07:46 . 2015-04-12 07:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-11 15:58 . 2015-04-11 15:58	301168	----a-w-	c:\windows\SysWow64\ColorMedia.dll
2015-04-11 15:58 . 2015-04-11 15:58	344440	----a-w-	c:\windows\system32\ColorMedia64.dll
2015-04-11 15:03 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E92D5992-63F4-48EC-85BE-

FD480DB5FBA8}\mpengine.dll
2015-04-11 09:51 . 2015-04-11 09:53	--------	d-----w-	C:\FRST
2015-04-11 07:18 . 2015-04-11 14:22	--------	d-----w-	c:\programdata\SecurityUtility
2015-04-11 06:20 . 2015-04-11 15:55	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 06:20 . 2015-04-11 14:21	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 06:20 . 2014-11-21 04:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-11 06:20 . 2014-11-21 04:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-11 06:20 . 2014-11-21 04:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-04 15:07 . 2015-04-11 14:21	--------	d-s---w-	c:\windows\system32\GWX
2015-04-04 15:07 . 2015-04-04 15:07	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-03 09:21 . 2015-04-03 09:21	--------	d-----w-	c:\users\<Benutzer>\AppData\Local\b-tix
2015-04-03 09:21 . 2015-04-03 09:21	--------	d-----w-	c:\programdata\b-tix
2015-04-03 08:15 . 2015-04-03 08:16	--------	d-----w-	c:\program files (x86)\easy Client
2015-04-02 09:29 . 2015-04-02 09:29	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-04-02 06:11 . 2015-04-02 11:04	--------	d-----w-	c:\program files (x86)\DHT
2015-04-01 12:39 . 2015-04-01 12:39	--------	d-----w-	c:\users\<Benutzer>\btframe
2015-04-01 07:12 . 2015-04-01 07:12	--------	d-----w-	c:\users\<Benutzer>\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-02 09:28 . 2014-10-23 15:03	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-23 09:44 . 2012-04-01 17:34	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-23 09:44 . 2011-12-03 09:06	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 19:25 . 2011-11-02 13:09	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-12 12:59	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-12 12:59	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-12 12:59	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-12 12:59	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-12 12:59	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-12 12:59	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-12 12:59	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-12 12:59	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-12 12:59	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-12 12:59	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-12 12:59	728064	----a-w-	c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-12 12:59	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-12 12:59	22016	----a-w-	c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-12 12:59	31232	----a-w-	c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-12 12:59	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-12 12:59	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-12 12:59	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-12 12:59	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-12 12:59	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-12 12:59	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-12 12:59	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-12 12:59	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-12 12:59	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-12 12:59	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-12 12:59	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-12 12:59	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-12 12:59	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-12 12:59	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-12 12:59	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-12 12:59	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-12 12:59	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-12 12:58	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-12 12:58	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-02-24 02:17 . 2011-11-02 12:52	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-21 01:16 . 2015-03-12 12:58	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-12 12:58	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-12 13:00	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-12 13:00	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-12 13:00	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-12 13:00	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-12 13:00	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-12 13:00	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-12 13:00	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-12 13:00	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-12 13:00	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-12 13:00	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-12 12:58	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-12 12:58	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-12 12:58	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-12 12:58	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-12 12:58	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-12 12:58	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-12 12:58	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-12 12:58	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-12 12:58	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-12 12:58	633856	----a-w-	c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-12 12:58	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-12 12:58	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-12 12:58	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-12 12:58	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-12 12:58	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-12 12:58	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-12 12:58	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-12 12:58	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-12 12:58	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-12 12:58	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-12 12:58	199680	----a-w-	c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-12 12:58	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-12 12:58	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-12 12:58	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-12 12:58	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-12 12:58	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-12 12:58	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-12 12:58	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-12 12:58	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-12 12:58	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-12 12:58	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-12 12:58	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-12 12:58	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-12 12:58	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-12 12:58	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-12 12:58	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-12 12:58	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-12 12:58	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-12 12:58	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-02-17 14:26 . 2015-02-17 14:26	1217184	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-12 12:59	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-12 09:09 . 2013-05-02 09:52	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-02-12 09:09 . 2013-03-27 11:29	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-02-12 09:09 . 2013-03-27 11:29	128536	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-02-11 14:38 . 2015-02-11 14:38	720944	----a-w-	c:\windows\unins001.exe
2015-02-06 07:36 . 2014-10-02 15:19	3379425	----a-w-	c:\windows\DeinstDht.exe
2015-02-05 17:56 . 2015-02-05 16:56	5070512	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-05 15:07 . 2015-02-05 15:07	65536	----a-r-	c:\users\<Benutzer>\AppData\Roaming\Microsoft\Installer\{540F3A7E-BE5D-323F-91D6-

C68CF8597622}\NewShortcut11_612F1ADB5B86463D8C321E5915BBB9F0.exe
2015-02-05 15:07 . 2015-02-05 15:07	65536	----a-r-	c:\users\<Benutzer>\AppData\Roaming\Microsoft\Installer\{540F3A7E-BE5D-323F-91D6-

C68CF8597622}\NewShortcut1_6A2FAB7785AE4D30BBC526EE8CA0908C.exe
2015-02-05 15:07 . 2015-02-05 15:07	65536	----a-r-	c:\users\<Benutzer>\AppData\Roaming\Microsoft\Installer\{540F3A7E-BE5D-323F-91D6-C68CF8597622}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-12-03 761064]
"Polar FlowSync"="c:\program files (x86)\Polar\Polar FlowSync\FlowSync.exe" [2014-11-11 1125376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-06-14 395656]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2012-03-14 2073976]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-31 726320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-06-14 153992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"RSA Card Conversion Utility"="c:\program files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe" [2010-08-27 3499728]
"BTnet Port Communicator"="c:\program files (x86)\NuernbergerBT\BT.Net_Listener.exe" [2014-12-15 976896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]
.
c:\users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TeamDrive starten.lnk - c:\program files (x86)\TeamDrive 3\TeamDrive3.exe autostart [2013-12-3 12079136]
Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8100\bin\HPStatusBL.dll",RunDLLEntry 

SERIALNUMBER=CN32HBVH3805MX;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NÜRNBERGER Autoupdater.lnk - c:\windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe [2015-2-15 492112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"QuickTime Task"="D:\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Browser7Maintenance;Browser 7 Maintenance Service;c:\program files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe;c:\program files (x86)\Browser 7 Maintenance 

Service\maintenanceservice.exe [x]
R3 cpuz134;cpuz134;c:\users\<Benutzer>\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\<Benutzer>\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WinRiskXAAppService;InterRisk WinRisk Anwendungsdienst;c:\program files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe;c:\program files (x86)\InterRisk\WinRiskXA

\server\bin\WinRiskXAServer.exe [x]
R4 ColorMedia;ColorMedia;c:\programdata\SecurityUtility\ColorMedia.exe;c:\programdata\SecurityUtility\ColorMedia.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared

\SQLADHLP.EXE [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$BTNET;SQL Server Agent (BTNET);c:\program files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.BTNET

\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BiPRO Client Service;easy Client Service;c:\program files (x86)\easy Client\server\Tomcat\bin\JavaService.exe;c:\program files (x86)\easy Client\server\Tomcat\bin

\JavaService.exe [x]
S2 BT_InstallationsDienst;NÜRNBERGER Autoupdater;c:\program files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe;c:\program files (x86)\NÜRNBERGER Autoupdater

\BT.Setup.InstallationsDienst.exe [x]
S2 BTAVB_KomDienst_Vers_BTnet_0115;BTAVB_KomDienst_Vers_BTnet_0115;c:\program files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe;c:\program files 

(x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync

\FreeAgentService.exe [x]
S2 Micro Focus License Manager;Micro Focus License Manager;c:\program files (x86)\Common Files\AlteLeipziger\MFLMWin.exe;c:\program files (x86)\Common Files\AlteLeipziger

\MFLMWin.exe [x]
S2 MSSQL$BTNET;SQL Server (BTNET);c:\program files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn

\sqlservr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files 

(x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WinRiskXASoftwareUpdate;InterRisk WinRisk Softwareaktualisierung;c:\program files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe;c:\program files (x86)\InterRisk\WinRiskXA

\client\bin\BWUpdater.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 09:32	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:44]
.
2015-04-12 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000.job
- c:\users\<Benutzer>\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-04 11:20]
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 11:16]
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 11:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.179.1
DPF: {A08463E2-BF3E-4E78-9938-E4CC1981483B} - hxxps://install.mc.iconf.net/gcc_installer/IUM/mcInstall.cab
FF - ProfilePath - c:\users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - ExtSQL: !HIDDEN! 2011-11-07 10:04; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-KPP-07.04.00.00 - c:\drkm\Produktrechner\uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Micro Focus]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\AlteLeipziger\mflmma.exe
c:\program files (x86)\NuernbergerBT\JDK\jre\bin\BTnetDope01.2015.exe
c:\windows\SysWOW64\NMSAccess32.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-12  10:02:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-12 08:01
.
Vor Suchlauf: 36 Verzeichnis(se), 239.110.238.208 Bytes frei
Nach Suchlauf: 42 Verzeichnis(se), 239.224.877.056 Bytes frei
.
- - End Of File - - 4C160E4F6C7FEC81A32477DF616C9980
         
Feststellungen: Aufgabenplaner läuft, aber Avira ist jetzt weg bzw. nicht gestartet

Alt 12.04.2015, 10:25   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 12:36   #10
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Okay alles erledigt

Das MBAM-Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 12.04.2015
Suchlauf-Zeit: 12:12:14
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.04.11.08
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: <Benutzer>

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 411303
Verstrichene Zeit: 13 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 29
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, In Quarantäne, [afa5d893eaa06dc9070db982c93a8a76], 
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, In Quarantäne, [a0b434375e2cba7ce13f3b3adc277987], 
PUP.Optional.MyFreeCodec.A, HKLM\SOFTWARE\WOW6432NODE\Myfree Codec, In Quarantäne, [312381ea7f0b92a47e3023319d6858a8], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [13418fdce3a7fb3b0007cf3472928b75], 
PUP.Optional.MyFreeCodec.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Myfree Codec, In Quarantäne, [98bc0a615a30cf67d9d4fa5af411c838], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIEnhance, In Quarantäne, [cc88afbcdfab7bbb7e11705f1ae94fb1], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WIntEnhance, In Quarantäne, [db79442718721b1bb90ec00a7e85ca36], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [a3b12f3c0189d85e27095f81e221d32d], 
PUP.Optional.SecurityUtility.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ColorMedia, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 

Registrierungswerte: 2
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\extensions\faststartff@gmail.com, In Quarantäne, [292b76f552381e18fd56ee554db8a15f]
PUP.Optional.FastStart.A, HKU\S-1-5-21-336442205-827502387-1674173946-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [a3b12f3c0189d85e27095f81e221d32d]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[7bd9a3c81476072fdc1404fc6b9bac54]

Ordner: 1
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 

Dateien: 26
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [d77d3c2fb0da51e54fe6cb7e0bfa6997], 
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, In Quarantäne, [b4a046252b5fb482999d55f42fd60af6], 
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\ColorMedia.dll, In Quarantäne, [0a4ad2991d6d191d1bc873de4fb635cb], 
PUP.Optional.Winsock.Hijack, C:\Windows\System32\ColorMedia64.dll, Löschen bei Neustart, [59fba8c30684280e38acf65bbd4848b8], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.exe, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.tlb, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia64.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMediaCrt.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\freebl3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libnspr4.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplc4.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplds4.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nss3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssckbi.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssdbm3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssutil3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RfndNSIS.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia.exe, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia.ini, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia64.exe, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\smime3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\softokn3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\sqlite3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ssl3.dll, In Quarantäne, [4014bbb0652522144f4e46714cb717e9], 
PUP.Optional.QuickStart.A, C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[9cb8caa1d4b647ef5f893d01d72f53ad]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Das ADW-Cleaner-Log:
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 12/04/2015 um 13:02:20
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : <Benutzer> - <Benutzer>-PC
# Gestarted von : C:\Users\<Benutzer>\Desktop\adwcleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf
Datei Gelöscht : C:\Windows\Reimage.ini

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02D06C3E-0133-47CD-A604-58889A89B146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3EB7D5E2-4058-4C94-B645-527408063A14}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\reimagerepair
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:50968;hxxps=127.0.0.1:50968
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v30.0 (de)

[1ocg63p2.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[1ocg63p2.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v41.0.2272.118

[C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1422430161&from=cvs&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF533144B&q={searchTerms}
[C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : mjdepfkicdcciagbigfcmdhknnoaaegf

*************************

AdwCleaner[R0].txt - [4088 Bytes] - [26/06/2014 07:13:46]
AdwCleaner[R1].txt - [5958 Bytes] - [12/04/2015 13:01:10]
AdwCleaner[S0].txt - [4149 Bytes] - [26/06/2014 07:16:23]
AdwCleaner[S1].txt - [4566 Bytes] - [12/04/2015 13:02:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4625  Bytes] ##########
         
...
Das JRT-Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by <Benutzer> on 12.04.2015 at 13:04:12,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\<Benutzer>\AppData\Roaming\flexnet"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{18F78773-B014-4FF9-8EEF-B0AF5E7D8A76}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{1ADA041B-2660-45FB-A9C0-F16AC7BBD369}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{1BA76A8B-5187-4C88-93D4-203E56076388}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{1E7B5F60-7D08-402D-BDDF-485EBB819689}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{202B20E1-609F-4504-953D-8E976E53EF7D}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{20DC8CD7-FB99-498C-8F35-79D2F7EE543C}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{23851F19-65A2-4862-B7D9-0E4463278FD5}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{25A03AFA-8CE7-4BD1-A172-1ADFE914900D}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{2AB6FC74-4B79-437F-8383-363BA0AB6755}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{2B21EC51-421B-4048-9A7A-8002C08C13E0}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{2C1E308A-39E2-43C5-BE0D-9D26C075E010}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{2CCF268F-5796-460A-ACA2-5B760014C7F2}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{38A0498C-FFCF-4783-A972-72E69E1CE9D7}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{38ECAB3D-3378-45B6-A6B5-841DAB8E820A}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{3B4CB9A4-D979-4A4D-8D34-58E09448AEA4}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{4178C48A-23D8-4C56-B87D-E20EE91E4050}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{44BDE370-60BD-48DA-A70B-DEFD4861E5EE}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{4529CC39-0A9B-4BD9-B5A8-03CDFA4B7BCF}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{526939F4-AEAE-4841-A178-3CE451A5FE22}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{529909A8-763D-46AA-9A63-C21F60625E82}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{59BD890E-1F65-4CD7-BCAF-538074F0B019}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{6203D08C-145E-49E1-A154-E51FBCEABE45}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{62B146DD-C387-42E4-89E5-062C4C6D67C3}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{6443B067-D8F6-4FF9-ACF9-5160911F0CB9}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{6474C006-F6A6-4E60-AE6D-0F57D500DA42}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{68F72B13-CEDF-402A-990B-3095F8873B91}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{6EC5D8D0-10BC-4041-BF73-3E4FEE9C4357}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{71DD2C5D-D599-43C9-8B8A-27CC88C441E5}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{7438AFCD-916D-40A7-B026-E5D20FE8604D}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{78651B60-AC9D-4EFD-9A8C-0AD2457CFA3B}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{7ECD0536-6C9A-46A2-BDD1-ADA260DFC86B}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{83179593-77FB-4BF3-810F-D54EABD3D005}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{88B1EBBA-F25F-410F-916B-5262F821455A}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{910747D2-F17E-44C4-9F5D-EF04E2978E2E}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{96E8E878-A753-49E4-B6AD-43B2DE04D8BE}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{99CB9DC9-9221-42E9-898B-FEFF59AFA8DC}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{9CED6E22-A694-47BB-B0B6-FF3262512DB9}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{A66EAA15-974D-43B0-AC50-A02BF3368DC7}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{A6DE114C-5A83-4442-B07D-D317C2D6CCA1}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{AABD4B36-046A-4A83-A077-ADBE08051704}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{B044C177-DEDF-4F77-82DC-731504609ACF}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{B8003994-B3C5-4D8C-8E91-4C13C0BCB43F}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{B9698383-E815-4CF5-88CF-9BD5DA58406C}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{B9A02544-4ECD-41C4-A086-1C6D128EF4ED}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{BB336EA7-F0CB-4B66-8B34-2A42BC301363}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{BB99208B-4A65-40E5-A99B-485BA1E5A5B0}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{BE6F05F2-3355-4A30-BC11-489B3CB279FF}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{C068CB84-2C65-4776-AAD0-C822D6A8E29B}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{C8085554-7214-4DFD-8058-4815A1880EEB}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{C83904E5-6FC4-43B6-95D7-41F60948196F}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{CB48DFED-E198-4B93-B9E9-E547BDC41EFD}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{D0AE34CF-DED5-415D-9D98-043AC87E9834}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{D21E3EAB-4FC1-43AC-8447-5A04FF6A0269}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{D32219A1-A205-4AEB-A637-2DBF6A66752A}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{D7D6174E-9806-42B3-B9ED-FAA73BAC93C4}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{D862BA60-297A-4B32-A643-26349F44341C}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{DB402C66-1937-4EB4-8FA7-9CB674C5869D}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{DF63A922-3931-438A-8F8C-A0FE30E5E0C8}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{E1EE86E2-2B85-46D4-91CB-E5AAA15A056D}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{E52625C9-9858-4684-950B-2CC9E73F5989}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{E5F29A09-5A82-4DBE-9681-6827E732E460}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{E9B8F8DE-C7FE-4F2B-8C12-FF21F1659FD0}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{EB805C9A-9CB2-4A54-AB40-E768070BD0CE}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{FBBDEE30-6396-4F9C-B7E5-421F6C580A69}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{FC5D5476-996B-4017-B6B1-6A449A0E7EE3}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{FDE4EF91-8A75-4E96-9367-ED65BAB748BC}
Successfully deleted: [Empty Folder] C:\Users\<Benutzer>\appdata\local\{FF9873B7-5A50-4B87-B995-61814F0DDB09}



~~~ FireFox

Successfully deleted the following from C:\Users\<Benutzer>\AppData\Roaming\mozilla\firefox\profiles\1ocg63p2.default\prefs.js

user_pref("browser.search.selectedEngine", "webssearches");
Emptied folder: C:\Users\<Benutzer>\AppData\Roaming\mozilla\firefox\profiles\1ocg63p2.default\minidumps [366 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2015 at 13:07:54,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by <Benutzer> (administrator) on <Benutzer>-PC on 12-04-2015 13:27:17
Running from C:\Users\<Benutzer>\Desktop
Loaded Profiles: <Benutzer> (Available profiles: <Benutzer>)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.Updater.TrayApp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe
(NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RSA Card Conversion Utility] => C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe [3499728 2010-08-27] (RSA, The Security Division of EMC.)
HKLM-x32\...\Run: [BTnet Port Communicator] => C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe [976896 2014-12-15] (NUERNBERGER Versicherungsgruppe)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER Autoupdater.lnk
ShortcutTarget: NÜRNBERGER Autoupdater.lnk -> C:\Windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe (NÜRNBERGER Versicherungsgruppe)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe (TeamDrive Systems GmbH)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-336442205-827502387-1674173946-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50968;https=127.0.0.1:50968
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/IUM/mcInstall.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1

FireFox:
========
FF ProfilePath: C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default
FF SearchEngineOrder.1: Google
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-336442205-827502387-1674173946-1000: @citrixonline.com/appdetectorplugin -> C:\Users\<Benutzer>\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-336442205-827502387-1674173946-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2011-03-30] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInst11.dll [2012-09-05] (BroadSoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInstall.dll [2010-06-30] (iLinc Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009-09-13] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\<Benutzer>\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\searchplugins\inbox-search.xml [2013-12-25]
FF Extension: Adblock Plus - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [meetinglauncher@iconf.net] - C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox
FF Extension: InterCall Unified Meeting - C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox [2012-01-13]
FF Extension: No Name - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (iLinc Communications Netscape/Mozilla Install Plugin v 10.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInstall.dll (iLinc Communications, Inc.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\<Benutzer>\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 BiPRO Client Service; C:\Program Files (x86)\easy Client\server\Tomcat\bin\JavaService.exe [98304 2015-03-13] (Multiplan Consultants Limited) [File not signed]
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-03-13] (Deutsche Telekom AG)
S2 BTAVB_KomDienst_Vers_BTnet_0115; C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [17920 2013-04-03] (Beratungstechnologie) [File not signed]
R2 BT_InstallationsDienst; C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe [21072 2015-02-11] (NÜRNBERGER Versicherungsgruppe)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S2 Micro Focus License Manager; C:\Program Files (x86)\Common Files\AlteLeipziger\MFLMWin.exe [394608 2010-09-15] (Micro Focus)
S2 MSSQL$BTNET; c:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NMSAccessU; C:\Windows\SysWOW64\NMSAccess32.exe [71096 2009-01-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S4 SQLAgent$BTNET; c:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WinRiskXAAppService; C:\Program Files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [113584 2015-02-02] ()
S2 WinRiskXASoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [24576 2013-12-11] (BISS GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-07-21] (Windows (R) 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\HANS-J~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 13:27 - 2015-04-12 13:27 - 00028609 _____ () C:\Users\<Benutzer>\Desktop\FRST.txt
2015-04-12 13:07 - 2015-04-12 13:07 - 00009104 _____ () C:\Users\<Benutzer>\Desktop\JRT.txt
2015-04-12 13:04 - 2015-04-12 13:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-<Benutzer>-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-12 13:04 - 2015-04-12 13:04 - 00000000 ____D () C:\RegBackup
2015-04-12 13:00 - 2015-04-11 08:17 - 02217984 _____ () C:\Users\<Benutzer>\Desktop\adwcleaner_4.201.exe
2015-04-12 13:00 - 2015-04-07 17:36 - 02686959 _____ (Thisisu) C:\Users\<Benutzer>\Desktop\JRT_NEW.exe
2015-04-12 10:02 - 2015-04-12 10:02 - 00031013 _____ () C:\ComboFix.txt
2015-04-12 09:34 - 2015-04-12 10:02 - 00000000 ____D () C:\ComboFix
2015-04-12 09:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 09:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 09:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 09:33 - 2015-04-12 10:02 - 00000000 ____D () C:\Qoobox
2015-04-12 09:33 - 2015-04-12 09:58 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 07:14 - 2015-04-12 07:14 - 00000000 ____D () C:\Users\<Benutzer>\Desktop\RevoUninstallerPortable
2015-04-12 07:12 - 2015-04-12 07:08 - 05617275 ____R () C:\Users\<Benutzer>\Desktop\ComboFix.exe
2015-04-12 07:11 - 2015-04-12 07:06 - 02785665 _____ (PortableApps.com) C:\Users\<Benutzer>\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-04-11 16:23 - 2015-04-11 16:23 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 16:13 - 2015-04-12 13:26 - 00000000 ____D () C:\Users\<Benutzer>\Desktop\Neuer Ordner
2015-04-11 11:51 - 2015-04-12 13:27 - 00000000 ____D () C:\FRST
2015-04-11 11:51 - 2015-04-11 11:50 - 02095616 _____ (Farbar) C:\Users\<Benutzer>\Desktop\FRST64.exe
2015-04-11 08:20 - 2015-04-12 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 08:20 - 2015-04-11 16:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 08:20 - 2015-04-11 08:20 - 00001062 _____ () C:\Users\<Benutzer>\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 08:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 08:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 08:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-08 15:31 - 2015-04-08 16:24 - 00000000 ____D () C:\Users\<Benutzer>\Documents\PIM
2015-04-07 19:42 - 2015-04-07 19:42 - 00015222 _____ () C:\Users\<Benutzer>\Desktop\INVERSGDV-DatensatzINVERS2015-04-01.txt
2015-04-04 17:07 - 2015-04-11 16:21 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:07 - 2015-04-04 17:07 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 11:21 - 2015-04-03 11:21 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\b-tix
2015-04-03 11:21 - 2015-04-03 11:21 - 00000000 ____D () C:\ProgramData\b-tix
2015-04-03 10:16 - 2015-04-03 10:16 - 00001124 _____ () C:\Users\<Benutzer>\Desktop\easy Client.lnk
2015-04-03 10:16 - 2015-04-03 10:16 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easy Client
2015-04-03 10:15 - 2015-04-03 10:16 - 00000000 ____D () C:\Program Files (x86)\easy Client
2015-04-03 09:50 - 2015-04-03 10:03 - 260007272 _____ () C:\Users\<Benutzer>\Downloads\Setup-EC-Win32-Produktion-3.4.1.exe
2015-04-02 20:45 - 2015-04-02 20:45 - 00001077 _____ () C:\Users\<Benutzer>\Desktop\Swiss Life EVApro.lnk
2015-04-02 20:45 - 2015-04-02 20:45 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Swiss Life EVApro
2015-04-02 20:07 - 2015-04-02 20:34 - 260831336 _____ () C:\Users\<Benutzer>\Downloads\EVApro_4.0.0.exe
2015-04-02 11:39 - 2015-04-02 13:06 - 00002207 _____ () C:\Users\Public\Desktop\Zurich Gruppe Deutschland.lnk
2015-04-02 11:39 - 2015-04-02 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zurich Gruppe Deutschland
2015-04-02 08:14 - 2015-04-02 08:14 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Sun
2015-04-02 08:11 - 2015-04-02 13:04 - 00000000 ____D () C:\Program Files (x86)\DHT
2015-04-01 14:39 - 2015-04-01 14:39 - 00000080 _____ () C:\Users\<Benutzer>\axa-bt.ini
2015-04-01 14:39 - 2015-04-01 14:39 - 00000000 ____D () C:\Users\<Benutzer>\btframe
2015-04-01 09:12 - 2015-04-01 09:12 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox
2015-03-16 15:03 - 2015-03-16 15:04 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Hanse Merkur

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 13:12 - 2011-03-18 08:18 - 00777970 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 13:12 - 2011-03-18 08:18 - 00179842 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 13:12 - 2009-07-14 07:13 - 01838962 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 13:10 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 13:10 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 13:07 - 2011-03-18 00:55 - 01325095 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 13:03 - 2013-12-03 15:40 - 00000000 ___RD () C:\Users\<Benutzer>\Documents\Spaces
2015-04-12 13:03 - 2013-12-03 15:35 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\TeamDrive3
2015-04-12 13:03 - 2013-05-08 09:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 13:02 - 2014-06-26 07:13 - 00000000 ____D () C:\AdwCleaner
2015-04-12 13:02 - 2014-05-22 07:19 - 00031541 _____ () C:\Windows\setupact.log
2015-04-12 13:02 - 2011-11-02 14:26 - 00906252 _____ () C:\Windows\PFRO.log
2015-04-12 13:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-04-12 12:56 - 2012-04-01 19:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 12:31 - 2013-05-08 09:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 12:28 - 2014-06-27 09:28 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000.job
2015-04-12 10:02 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 09:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 09:42 - 2011-11-02 13:50 - 00000000 ____D () C:\Users\<Benutzer>
2015-04-11 17:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2015-04-11 16:23 - 2012-12-21 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 16:23 - 2012-12-21 18:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-11 16:23 - 2011-11-02 14:45 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 16:22 - 2013-07-04 14:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 16:21 - 2014-06-25 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 16:21 - 2013-05-08 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-11 16:21 - 2011-11-15 09:41 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\ArcSoft
2015-04-11 16:21 - 2011-03-18 01:14 - 00000000 ____D () C:\ProgramData\WinClon
2015-04-11 16:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-11 16:19 - 2013-09-09 20:02 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\CrashDumps
2015-04-11 16:15 - 2011-03-18 07:57 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-11 16:03 - 2011-11-09 10:35 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 16:03 - 2011-11-02 14:01 - 00001421 _____ () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 08:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-10 07:55 - 2011-11-05 16:56 - 00000000 ____D () C:\Users\<Benutzer>\Documents\ADCURI1
2015-04-09 17:32 - 2011-11-21 15:40 - 00017609 _____ () C:\Windows\VFrame32.INI
2015-04-09 17:30 - 2011-03-18 00:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-09 17:20 - 2013-12-30 12:14 - 00001312 _____ () C:\Windows\CAF.ini
2015-04-09 17:20 - 2011-11-21 15:43 - 00001869 _____ () C:\Users\Public\Desktop\VHV-Tarife.lnk
2015-04-09 17:20 - 2011-11-21 15:42 - 00001068 _____ () C:\Windows\DOCS.ini
2015-04-09 17:03 - 2013-06-24 13:49 - 00000000 ____D () C:\Users\<Benutzer>\.compeople
2015-04-09 15:03 - 2012-05-16 15:30 - 00000000 ____D () C:\Users\<Benutzer>\Documents\AXA
2015-04-07 12:46 - 2015-02-18 18:09 - 00759901 _____ () C:\Windows\system32\ScanResults.xml
2015-04-07 12:39 - 2015-02-18 18:03 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-04 13:20 - 2014-06-27 09:28 - 00003658 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000
2015-04-02 20:45 - 2011-11-16 21:12 - 00000000 ____D () C:\Program Files (x86)\SwissLife
2015-04-02 16:03 - 2011-11-10 14:52 - 00000988 _____ () C:\Users\Public\Desktop\VOIS.lnk
2015-04-02 15:49 - 2011-11-08 11:17 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Downloaded Installations
2015-04-02 13:22 - 2014-03-13 15:50 - 00000000 ____D () C:\Program Files (x86)\DHZ
2015-04-02 13:22 - 2012-01-03 10:37 - 00000000 ____D () C:\Program Files (x86)\OASE7
2015-04-02 13:07 - 2012-01-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Bonndata
2015-04-02 13:05 - 2012-01-03 11:28 - 00000000 ____D () C:\EUBogen_Uninstall
2015-04-02 13:05 - 2012-01-03 11:28 - 00000000 ____D () C:\EUBogen
2015-04-02 11:33 - 2013-10-27 17:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-02 11:28 - 2014-10-23 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-02 11:28 - 2012-04-16 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-02 08:14 - 2011-11-07 21:36 - 00000000 ____D () C:\Temp
2015-03-31 19:56 - 2012-10-25 14:09 - 00000000 ____D () C:\Users\<Benutzer>\Documents\GOLD & Silber Shop
2015-03-23 16:37 - 2012-12-02 20:14 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Feuersozietät
2015-03-23 16:36 - 2012-12-21 18:23 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Avira
2015-03-23 14:04 - 2011-11-27 18:38 - 00000000 ____D () C:\ProgramData\firebird
2015-03-23 11:45 - 2014-08-21 14:47 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Adobe
2015-03-23 11:44 - 2012-04-01 19:34 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 11:44 - 2012-04-01 19:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-23 11:44 - 2011-12-03 11:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 10:29 - 2012-07-19 09:12 - 00000000 ____D () C:\Users\<Benutzer>\Documents\BBV
2015-03-23 10:13 - 2015-03-09 21:14 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Universa
2015-03-16 12:52 - 2011-12-19 11:51 - 00000000 __SHD () C:\Users\<Benutzer>\Documents\cache
2015-03-15 18:23 - 2014-01-07 09:47 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2015-03-13 17:48 - 2011-11-05 16:57 - 00000000 ____D () C:\Users\<Benutzer>\Documents\ARUNA
2015-03-13 13:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 10:22 - 2014-01-07 09:47 - 00000000 ____D () C:\Program Files (x86)\Deutsche Telekom AG
2015-03-13 10:14 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 10:13 - 2012-06-01 13:10 - 00000000 ___RD () C:\Users\<Benutzer>\Podcasts
2015-03-13 10:12 - 2009-07-14 06:45 - 00383312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

==================== Files in the root of some directories =======

2012-08-18 14:51 - 2012-08-18 14:51 - 0000288 _____ () C:\Users\<Benutzer>\AppData\Roaming\.backup.dm
2011-11-21 13:21 - 2015-02-05 10:51 - 0000185 _____ () C:\Users\<Benutzer>\AppData\Roaming\CASUpdateSkip.lst
2013-03-27 15:00 - 2015-01-05 08:39 - 0000014 _____ () C:\Users\<Benutzer>\AppData\Roaming\CAS_Personal_RuVPAgtnr.lst
2011-11-07 11:12 - 2011-12-19 12:08 - 0001007 _____ () C:\Users\<Benutzer>\AppData\Roaming\ConvAPIPlugin.log
2011-11-07 22:35 - 2013-07-09 17:59 - 0000077 _____ () C:\Users\<Benutzer>\AppData\Local\bullet.gif
2011-11-16 17:57 - 2012-06-18 10:50 - 0001314 _____ () C:\Users\<Benutzer>\AppData\Local\BWSmartClientAppRes.WinRisk_AboutBox.html
2011-11-07 22:35 - 2013-07-09 17:59 - 0005345 _____ () C:\Users\<Benutzer>\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html
2011-11-07 22:35 - 2013-07-09 17:59 - 0002028 _____ () C:\Users\<Benutzer>\AppData\Local\IR_LoginBtn.gif
2013-11-15 20:03 - 2013-11-15 20:03 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809012384_1.tmp
2013-08-13 10:34 - 2013-08-13 10:34 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809013136_1.tmp
2013-08-13 10:34 - 2013-08-13 10:34 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809013136_2.tmp
2012-08-21 19:42 - 2012-08-21 19:42 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015172_1.tmp
2014-02-05 21:26 - 2014-02-05 21:26 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015416_1.tmp
2013-08-14 15:30 - 2013-08-14 15:30 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015508_1.tmp
2013-11-28 12:50 - 2013-11-28 12:50 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016024_1.tmp
2013-11-28 12:50 - 2013-11-28 12:50 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016024_2.tmp
2014-03-17 18:30 - 2014-03-17 18:30 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016796_1.tmp
2013-08-14 15:29 - 2013-08-14 15:29 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017324_1.tmp
2013-08-19 14:12 - 2013-08-19 14:12 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017416_1.tmp
2014-02-05 21:16 - 2014-02-05 21:16 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017636_1.tmp
2014-02-05 21:37 - 2014-02-05 21:37 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017668_1.tmp
2014-02-05 21:29 - 2014-02-05 21:29 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809018404_1.tmp
2014-02-05 21:28 - 2014-02-05 21:28 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809019032_1.tmp
2011-11-07 22:35 - 2013-07-09 17:59 - 0197839 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Background.jpg
2011-11-07 22:35 - 2013-07-09 17:59 - 0000405 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Smile.gif
2011-11-16 17:57 - 2012-06-18 10:50 - 0007477 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Text.gif
2013-05-16 16:49 - 2013-05-16 16:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-07 11:02 - 2014-04-13 18:30 - 0006209 _____ () C:\ProgramData\hpzinstall.log
2011-03-18 01:04 - 2011-03-18 01:04 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-03-18 00:58 - 2011-03-18 00:58 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-03-18 01:01 - 2011-03-18 01:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-18 00:58 - 2011-03-18 01:01 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-03-18 01:02 - 2011-03-18 01:03 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\<Benutzer>\AppData\Local\Temp\avgnt.exe
C:\Users\<Benutzer>\AppData\Local\Temp\Quarantine.exe
C:\Users\<Benutzer>\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 11:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Und ich kann schonmal mit Freude verkünden, dass der Aufgabenplaner läuft

Alt 12.04.2015, 18:37   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 11:59   #12
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Guten Morgen
Eset scannt wohl noch Weile. Bis jetzt sieht das System ganz gut aus - das Einzige, was mir auffällt ist, das Samsung Magician (Prog gehört zur Samsung SSD) jetzt als offenes Fenster autostartet und nicht minimiert. Ich erwähne das deshalb, weil das Prog im Taskplaner gestartet wird, der ja vor unseren Aktionen nicht mehr richtig funzte. Aber das zu behebn wird kein Problem sein.

Was ich aber unbedingt nochmal fragen wollte: Was ist mit Combofix und Avira? Dass da ein Trojaner erkannt wird, nervt schon etwas. Mein eigenes Avira (Pro) meckert selbst dann noch rum, wenn ich den Echtzeitscanner deaktiviere. Ich mußte es am infizierten PC saugen, weil ich es mit meinem nicht auf'n Stick bekam. Liegt das an Avira...weißt du da was?

Okay, hier die Logs...

ESET Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f05bacf7ec8af4ea75ca4e2c4c0d16c
# engine=23349
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-13 10:21:45
# local_time=2015-04-13 12:21:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 155905 180550355 0 0
# scanned=402500
# found=1
# cleaned=0
# scan_time=17240
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\<Benutzer>\Downloads
\ReimageRepair.exe"
         
SecurityCheck Log
Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java 8 Update 40  
 BTnet Java-Umgebung 01.2015   
 Adobe Flash Player 17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox 30.0 Firefox out of Date!  
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by <Benutzer> (administrator) on <Benutzer>-PC on 13-04-2015 12:51:06
Running from C:\Users\<Benutzer>\Desktop
Loaded Profiles: <Benutzer> (Available profiles: <Benutzer>)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Multiplan Consultants Limited) C:\Program Files (x86)\easy Client\server\Tomcat\bin\JavaService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Beratungstechnologie) C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.Updater.TrayApp.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TeamDrive Systems GmbH) C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe
(NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe
(NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe
(NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Micro Focus) C:\Program Files (x86)\Common Files\AlteLeipziger\MFLMWin.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\sqlservr.exe
(Micro Focus) C:\Program Files (x86)\Common Files\AlteLeipziger\mflmma.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files (x86)\NuernbergerBT\JDK\jre\bin\BTnetDope01.2015.exe
() C:\Windows\SysWOW64\NMSAccess32.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(BISS GmbH) C:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RSA Card Conversion Utility] => C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe [3499728 2010-08-27] (RSA, The Security 

Division of EMC.)
HKLM-x32\...\Run: [BTnet Port Communicator] => C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe [976896 2014-12-15] (NUERNBERGER Versicherungsgruppe)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems 

Incorporated)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER Autoupdater.lnk
ShortcutTarget: NÜRNBERGER Autoupdater.lnk -> C:\Windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe (NÜRNBERGER Versicherungsgruppe)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe (TeamDrive Systems GmbH)
Startup: C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-336442205-827502387-1674173946-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50968;https=127.0.0.1:50968
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-336442205-827502387-1674173946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] 

(Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-336442205-827502387-1674173946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03

-04] (Google Inc.)
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/IUM/mcInstall.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1

FireFox:
========
FF ProfilePath: C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default
FF SearchEngineOrder.1: Google
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products 

(Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software 

Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software 

Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker 

Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-336442205-827502387-1674173946-1000: @citrixonline.com/appdetectorplugin -> C:\Users\<Benutzer>\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix 

Online)
FF Plugin HKU\S-1-5-21-336442205-827502387-1674173946-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer

\Win32\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2011-03-30] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInst11.dll [2012-09-05] (BroadSoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInstall.dll [2010-06-30] (iLinc Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009-09-13] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012-11-12] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2009-09-13] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\<Benutzer>\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\searchplugins\inbox-search.xml [2013-12-25]
FF Extension: Adblock Plus - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [meetinglauncher@iconf.net] - C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox
FF Extension: InterCall Unified Meeting - C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox [2012-01-13]
FF Extension: No Name - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\Firefox\Profiles\1ocg63p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (iLinc Communications Netscape/Mozilla Install Plugin v 10.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInstall.dll (iLinc Communications, Inc.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\<Benutzer>\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\<Benutzer>\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\<Benutzer>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 BiPRO Client Service; C:\Program Files (x86)\easy Client\server\Tomcat\bin\JavaService.exe [98304 2015-03-13] (Multiplan Consultants Limited) [File not signed]
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-03-13] (Deutsche Telekom AG)
R2 BTAVB_KomDienst_Vers_BTnet_0115; C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [17920 2013-04-03] (Beratungstechnologie) [File not signed]
R2 BT_InstallationsDienst; C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe [21072 2015-02-11] (NÜRNBERGER Versicherungsgruppe)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 Micro Focus License Manager; C:\Program Files (x86)\Common Files\AlteLeipziger\MFLMWin.exe [394608 2010-09-15] (Micro Focus)
R2 MSSQL$BTNET; c:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\Windows\SysWOW64\NMSAccess32.exe [71096 2009-01-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S4 SQLAgent$BTNET; c:\Program Files\Microsoft SQL Server\MSSQL10_50.BTNET\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WinRiskXAAppService; C:\Program Files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [113584 2015-02-02] ()
R2 WinRiskXASoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [24576 2013-12-11] (BISS GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-07-21] (Windows (R) 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\<Benutzer>\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 12:49 - 2015-04-13 12:51 - 00032272 _____ () C:\Users\<Benutzer>\Desktop\FRST.txt
2015-04-13 12:47 - 2015-04-13 12:48 - 00000000 ____D () C:\Users\<Benutzer>\Desktop\FRST-OlderVersion
2015-04-13 07:29 - 2015-04-13 07:25 - 00852616 _____ () C:\Users\<Benutzer>\Desktop\SecurityCheck.exe
2015-04-13 07:29 - 2015-04-13 07:21 - 02347384 _____ (ESET) C:\Users\<Benutzer>\Desktop\esetsmartinstaller_deu.exe
2015-04-12 13:04 - 2015-04-12 13:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-<Benutzer>-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-12 13:04 - 2015-04-12 13:04 - 00000000 ____D () C:\RegBackup
2015-04-12 10:02 - 2015-04-12 10:02 - 00031013 _____ () C:\ComboFix.txt
2015-04-12 09:34 - 2015-04-12 10:02 - 00000000 ____D () C:\ComboFix
2015-04-12 09:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 09:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 09:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 09:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 09:33 - 2015-04-12 10:02 - 00000000 ____D () C:\Qoobox
2015-04-12 09:33 - 2015-04-12 09:58 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 16:23 - 2015-04-11 16:23 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 16:13 - 2015-04-13 07:27 - 00000000 ____D () C:\Users\<Benutzer>\Desktop\Neuer Ordner
2015-04-11 11:51 - 2015-04-13 12:51 - 00000000 ____D () C:\FRST
2015-04-11 11:51 - 2015-04-13 12:47 - 02096640 _____ (Farbar) C:\Users\<Benutzer>\Desktop\FRST64.exe
2015-04-11 08:20 - 2015-04-12 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 08:20 - 2015-04-11 16:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 08:20 - 2015-04-11 08:20 - 00001062 _____ () C:\Users\<Benutzer>\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 08:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 08:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 08:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-08 15:31 - 2015-04-08 16:24 - 00000000 ____D () C:\Users\<Benutzer>\Documents\PIM
2015-04-07 19:42 - 2015-04-07 19:42 - 00015222 _____ () C:\Users\<Benutzer>\Desktop\INVERSGDV-DatensatzINVERS2015-04-01.txt
2015-04-04 17:07 - 2015-04-11 16:21 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:07 - 2015-04-04 17:07 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 11:21 - 2015-04-03 11:21 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\b-tix
2015-04-03 11:21 - 2015-04-03 11:21 - 00000000 ____D () C:\ProgramData\b-tix
2015-04-03 10:16 - 2015-04-03 10:16 - 00001124 _____ () C:\Users\<Benutzer>\Desktop\easy Client.lnk
2015-04-03 10:16 - 2015-04-03 10:16 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easy Client
2015-04-03 10:15 - 2015-04-03 10:16 - 00000000 ____D () C:\Program Files (x86)\easy Client
2015-04-03 09:50 - 2015-04-03 10:03 - 260007272 _____ () C:\Users\<Benutzer>\Downloads\Setup-EC-Win32-Produktion-3.4.1.exe
2015-04-02 20:45 - 2015-04-02 20:45 - 00001077 _____ () C:\Users\<Benutzer>\Desktop\Swiss Life EVApro.lnk
2015-04-02 20:45 - 2015-04-02 20:45 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Swiss Life EVApro
2015-04-02 20:07 - 2015-04-02 20:34 - 260831336 _____ () C:\Users\<Benutzer>\Downloads\EVApro_4.0.0.exe
2015-04-02 11:39 - 2015-04-02 13:06 - 00002207 _____ () C:\Users\Public\Desktop\Zurich Gruppe Deutschland.lnk
2015-04-02 11:39 - 2015-04-02 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zurich Gruppe Deutschland
2015-04-02 08:14 - 2015-04-02 08:14 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Sun
2015-04-02 08:11 - 2015-04-02 13:04 - 00000000 ____D () C:\Program Files (x86)\DHT
2015-04-01 14:39 - 2015-04-01 14:39 - 00000080 _____ () C:\Users\<Benutzer>\axa-bt.ini
2015-04-01 14:39 - 2015-04-01 14:39 - 00000000 ____D () C:\Users\<Benutzer>\btframe
2015-04-01 09:12 - 2015-04-01 09:12 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Mozilla Firefox
2015-03-16 15:03 - 2015-03-16 15:04 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Hanse Merkur

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 12:42 - 2011-03-18 08:18 - 00777970 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 12:42 - 2011-03-18 08:18 - 00179842 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 12:42 - 2011-03-18 00:55 - 01394948 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 12:42 - 2009-07-14 07:13 - 01838962 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 12:31 - 2013-05-08 09:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 12:28 - 2014-06-27 09:28 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000.job
2015-04-13 11:56 - 2012-04-01 19:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 11:31 - 2013-05-08 09:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 08:00 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 08:00 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 07:26 - 2014-05-22 07:19 - 00031653 _____ () C:\Windows\setupact.log
2015-04-13 07:26 - 2013-12-03 15:40 - 00000000 ___RD () C:\Users\<Benutzer>\Documents\Spaces
2015-04-13 07:26 - 2013-12-03 15:35 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\TeamDrive3
2015-04-13 07:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 13:02 - 2014-06-26 07:13 - 00000000 ____D () C:\AdwCleaner
2015-04-12 13:02 - 2011-11-02 14:26 - 00906252 _____ () C:\Windows\PFRO.log
2015-04-12 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-04-12 10:02 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 09:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 09:42 - 2011-11-02 13:50 - 00000000 ____D () C:\Users\<Benutzer>
2015-04-11 17:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2015-04-11 16:23 - 2012-12-21 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 16:23 - 2012-12-21 18:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-11 16:23 - 2011-11-02 14:45 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 16:22 - 2013-07-04 14:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 16:21 - 2014-06-25 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 16:21 - 2013-05-08 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-11 16:21 - 2011-11-15 09:41 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\ArcSoft
2015-04-11 16:21 - 2011-03-18 01:14 - 00000000 ____D () C:\ProgramData\WinClon
2015-04-11 16:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-11 16:19 - 2013-09-09 20:02 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\CrashDumps
2015-04-11 16:15 - 2011-03-18 07:57 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-11 16:03 - 2011-11-09 10:35 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 16:03 - 2011-11-02 14:01 - 00001421 _____ () C:\Users\<Benutzer>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 08:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-10 07:55 - 2011-11-05 16:56 - 00000000 ____D () C:\Users\<Benutzer>\Documents\ADCURI1
2015-04-09 17:32 - 2011-11-21 15:40 - 00017609 _____ () C:\Windows\VFrame32.INI
2015-04-09 17:30 - 2011-03-18 00:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-09 17:20 - 2013-12-30 12:14 - 00001312 _____ () C:\Windows\CAF.ini
2015-04-09 17:20 - 2011-11-21 15:43 - 00001869 _____ () C:\Users\Public\Desktop\VHV-Tarife.lnk
2015-04-09 17:20 - 2011-11-21 15:42 - 00001068 _____ () C:\Windows\DOCS.ini
2015-04-09 17:03 - 2013-06-24 13:49 - 00000000 ____D () C:\Users\<Benutzer>\.compeople
2015-04-09 15:03 - 2012-05-16 15:30 - 00000000 ____D () C:\Users\<Benutzer>\Documents\AXA
2015-04-07 12:46 - 2015-02-18 18:09 - 00759901 _____ () C:\Windows\system32\ScanResults.xml
2015-04-07 12:39 - 2015-02-18 18:03 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-04 13:20 - 2014-06-27 09:28 - 00003658 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-336442205-827502387-1674173946-1000
2015-04-02 20:45 - 2011-11-16 21:12 - 00000000 ____D () C:\Program Files (x86)\SwissLife
2015-04-02 16:03 - 2011-11-10 14:52 - 00000988 _____ () C:\Users\Public\Desktop\VOIS.lnk
2015-04-02 15:49 - 2011-11-08 11:17 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Downloaded Installations
2015-04-02 13:22 - 2014-03-13 15:50 - 00000000 ____D () C:\Program Files (x86)\DHZ
2015-04-02 13:22 - 2012-01-03 10:37 - 00000000 ____D () C:\Program Files (x86)\OASE7
2015-04-02 13:07 - 2012-01-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Bonndata
2015-04-02 13:05 - 2012-01-03 11:28 - 00000000 ____D () C:\EUBogen_Uninstall
2015-04-02 13:05 - 2012-01-03 11:28 - 00000000 ____D () C:\EUBogen
2015-04-02 11:33 - 2013-10-27 17:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-02 11:28 - 2014-10-23 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-02 11:28 - 2012-04-16 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-02 08:14 - 2011-11-07 21:36 - 00000000 ____D () C:\Temp
2015-03-31 19:56 - 2012-10-25 14:09 - 00000000 ____D () C:\Users\<Benutzer>\Documents\GOLD & Silber Shop
2015-03-23 16:37 - 2012-12-02 20:14 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Feuersozietät
2015-03-23 16:36 - 2012-12-21 18:23 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Roaming\Avira
2015-03-23 14:04 - 2011-11-27 18:38 - 00000000 ____D () C:\ProgramData\firebird
2015-03-23 11:45 - 2014-08-21 14:47 - 00000000 ____D () C:\Users\<Benutzer>\AppData\Local\Adobe
2015-03-23 11:44 - 2012-04-01 19:34 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 11:44 - 2012-04-01 19:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-23 11:44 - 2011-12-03 11:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 10:29 - 2012-07-19 09:12 - 00000000 ____D () C:\Users\<Benutzer>\Documents\BBV
2015-03-23 10:13 - 2015-03-09 21:14 - 00000000 ____D () C:\Users\<Benutzer>\Documents\Universa
2015-03-16 12:52 - 2011-12-19 11:51 - 00000000 __SHD () C:\Users\<Benutzer>\Documents\cache
2015-03-15 18:23 - 2014-01-07 09:47 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service

==================== Files in the root of some directories =======

2012-08-18 14:51 - 2012-08-18 14:51 - 0000288 _____ () C:\Users\<Benutzer>\AppData\Roaming\.backup.dm
2011-11-21 13:21 - 2015-02-05 10:51 - 0000185 _____ () C:\Users\<Benutzer>\AppData\Roaming\CASUpdateSkip.lst
2013-03-27 15:00 - 2015-01-05 08:39 - 0000014 _____ () C:\Users\<Benutzer>\AppData\Roaming\CAS_Personal_RuVPAgtnr.lst
2011-11-07 11:12 - 2011-12-19 12:08 - 0001007 _____ () C:\Users\<Benutzer>\AppData\Roaming\ConvAPIPlugin.log
2011-11-07 22:35 - 2013-07-09 17:59 - 0000077 _____ () C:\Users\<Benutzer>\AppData\Local\bullet.gif
2011-11-16 17:57 - 2012-06-18 10:50 - 0001314 _____ () C:\Users\<Benutzer>\AppData\Local\BWSmartClientAppRes.WinRisk_AboutBox.html
2011-11-07 22:35 - 2013-07-09 17:59 - 0005345 _____ () C:\Users\<Benutzer>\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html
2011-11-07 22:35 - 2013-07-09 17:59 - 0002028 _____ () C:\Users\<Benutzer>\AppData\Local\IR_LoginBtn.gif
2013-11-15 20:03 - 2013-11-15 20:03 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809012384_1.tmp
2013-08-13 10:34 - 2013-08-13 10:34 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809013136_1.tmp
2013-08-13 10:34 - 2013-08-13 10:34 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809013136_2.tmp
2012-08-21 19:42 - 2012-08-21 19:42 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015172_1.tmp
2014-02-05 21:26 - 2014-02-05 21:26 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015416_1.tmp
2013-08-14 15:30 - 2013-08-14 15:30 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809015508_1.tmp
2013-11-28 12:50 - 2013-11-28 12:50 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016024_1.tmp
2013-11-28 12:50 - 2013-11-28 12:50 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016024_2.tmp
2014-03-17 18:30 - 2014-03-17 18:30 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809016796_1.tmp
2013-08-14 15:29 - 2013-08-14 15:29 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017324_1.tmp
2013-08-19 14:12 - 2013-08-19 14:12 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017416_1.tmp
2014-02-05 21:16 - 2014-02-05 21:16 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017636_1.tmp
2014-02-05 21:37 - 2014-02-05 21:37 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809017668_1.tmp
2014-02-05 21:29 - 2014-02-05 21:29 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809018404_1.tmp
2014-02-05 21:28 - 2014-02-05 21:28 - 0000520 _____ () C:\Users\<Benutzer>\AppData\Local\TempPSTEMPFILEon0809019032_1.tmp
2011-11-07 22:35 - 2013-07-09 17:59 - 0197839 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Background.jpg
2011-11-07 22:35 - 2013-07-09 17:59 - 0000405 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Smile.gif
2011-11-16 17:57 - 2012-06-18 10:50 - 0007477 _____ () C:\Users\<Benutzer>\AppData\Local\WinRisk_Text.gif
2013-05-16 16:49 - 2013-05-16 16:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-07 11:02 - 2014-04-13 18:30 - 0006209 _____ () C:\ProgramData\hpzinstall.log
2011-03-18 01:04 - 2011-03-18 01:04 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-03-18 00:58 - 2011-03-18 00:58 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-03-18 01:01 - 2011-03-18 01:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-18 00:58 - 2011-03-18 01:01 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-03-18 01:02 - 2011-03-18 01:03 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\<Benutzer>\AppData\Local\Temp\avgnt.exe
C:\Users\<Benutzer>\AppData\Local\Temp\Quarantine.exe
C:\Users\<Benutzer>\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 11:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 13.04.2015, 15:56   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Das ist ein Fehlalarm von Avira, bekannt. Und Avira lässt Malware durch, lässt sich aber nicht durch den User komplett abschalten. der größte Mist.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
RemoveProxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 17:40   #14
Bootluder
 
Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Verstehe...na gut...

Nach dem Neustart startete Samsung Magician auch wieder in den Tray - wie es sein soll.

Hier die Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by <Benutzer> at 2015-04-13 18:33:35 Run:1
Running from C:\Users\<Benutzer>\Desktop
Loaded Profiles: <Benutzer> (Available profiles: <Benutzer>)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
RemoveProxy:
Emptytemp:

*****************


========= RemoveProxy: =========

"HKU\S-1-5-21-336442205-827502387-1674173946-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-336442205-827502387-1674173946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-336442205-827502387-1674173946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 598.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:33:52 ====
         

Alt 14.04.2015, 07:05   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Standard

Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware



Dann bitte ein frisches FRST log. Noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware
.dll, antimalware, appdata, aufgabenplanungsdienst, browser, detected, diverse, explorer, firefox, helper, ics, iexplore.exe, installmanager.exe, internet, internet explorer, log, malwarebytes, microsoft, mozilla, neustart, notebook, problem, starten, system, system32, win7, windows



Ähnliche Themen: Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware


  1. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  2. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. WIN7 - "ungültiges Bild" Error nach Anitmalwarebyte Bereinigung
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (6)
  5. Nach "Bereinigung" des BKA-Virus doch noch Rückstände!
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (11)
  6. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  7. pc bereinigung nach "GVU"-Trojaner
    Log-Analyse und Auswertung - 18.12.2012 (12)
  8. "Windowssystem blockiert 50 Euro für bereinigung", brauche Hilfe!
    Log-Analyse und Auswertung - 04.02.2012 (5)
  9. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  10. "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen
    Log-Analyse und Auswertung - 23.05.2011 (3)
  11. Festplatte beschädigt. Virus "Windows Regency"
    Log-Analyse und Auswertung - 06.05.2011 (5)
  12. Nach "Antimalware Doctor" weiterhin Probleme
    Log-Analyse und Auswertung - 08.08.2010 (33)
  13. Nach "Antimalware Doctor"-Befall weiterhin Probleme
    Log-Analyse und Auswertung - 26.07.2010 (7)
  14. Log prüfen nach Entfernung von "XP Antimalware" - Danke
    Log-Analyse und Auswertung - 16.04.2010 (1)
  15. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  16. antivir & internet funktioniert nicht mehr trotz scheinbarer "bereinigung"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (5)
  17. eScan log - scan nach bereinigung von IE "hacked by ..."
    Log-Analyse und Auswertung - 16.08.2008 (5)

Zum Thema Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware - Hallo Leutz, ich habe ein Problem auf dem Notebook eines Bekannten (Win7 HP). Ich sollte das Windows auf Schad- bzw. Nerv-Software überprüfen und das erste Tool meiner Wahl in so - Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware...
Archiv
Du betrachtest: Windows 7 "beschädigt" nach Bereinigung mit MWB Antimalware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.