Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.05.2015, 12:56   #1
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



SOS, ich scheine mir heute morgen einigen Müll eingefangen zu haben. Ständig öffnen ungefragt Pages, z.B. von de.reimageplus.com und lp.stargames.com. Außerdem hab ich einen öffnet sich ständig Unico-Browser und ein Installationsfenster, das sich nicht schließen lässt, mit der Aufforderung ich solle einer Installation von optimize pro zustimmen.

Inder ersten Verzweiflung habe ich über Systemsteuerung versucht alle heute installierten Programme zu deinstallieren. An den Symptomen hat das nichts geholfen. Nach einiger www-researche hab ich dann einen FRST-Scan durchgeführt mit folgendem Ergebnis:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Torsten (administrator) on TORSTEN-HP on 01-05-2015 13:17:45
Running from C:\Users\Torsten\Desktop
Loaded Profiles: Torsten (Available profiles: Torsten & Teaching)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Abengine) C:\Program Files (x86)\HighlightSearches\abengine.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\jnsp4BCE.tmp
() C:\Windows\loz.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
() C:\Windows\mloz.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Dropbox, Inc.) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
() C:\Users\Torsten\AppData\Local\Temp\nsgF93F.tmp
() C:\Program Files (x86)\gmsd_de_478\gmsd_de_478.exe
() C:\Users\Torsten\AppData\Local\gmsd_de_478\upgmsd_de_478.exe
(SoftBrain Technologies Ltd.) C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebApp.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
() C:\Users\Torsten\AppData\Local\Temp\nsd6F45.tmp
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(iCinema) C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(Software                                                    ) C:\Users\Torsten\AppData\Local\Temp\is-F67R0.tmp\package_optimizerpro_installer_multilang.exe
() C:\Users\Torsten\AppData\Local\Temp\is-HOS44.tmp\package_optimizerpro_installer_multilang.tmp
(PC Utilities Software Limited) C:\Users\Torsten\AppData\Local\Temp\is-BJDIL.tmp\optimizerpro_soft_partner.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe
(PCUtilities Software Limited                                ) C:\Users\Torsten\AppData\Local\Temp\optprosetup.exe
() C:\Users\Torsten\AppData\Local\Temp\is-D4UR2.tmp\optprosetup.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Ocs_SM] => C:\Users\Torsten\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_7] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_473] => [X]
HKLM-x32\...\Run: [gmsd_de_478] => C:\Program Files (x86)\gmsd_de_478\gmsd_de_478.exe [3983304 2015-04-29] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKLM-x32\...\RunOnce: [upgmsd_de_478.exe] => C:\Users\Torsten\AppData\Local\gmsd_de_478\upgmsd_de_478.exe [3285448 2015-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [Facebook Update] => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-20] (Facebook Inc.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [UnicoBrowser] => C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [1047176 2015-04-21] (The Unico Browser Authors)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.86\OptProLauncher.exe [148008 2015-04-26] ()
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: {5a8c3d5d-97bd-11e3-8c6c-74de2bacd106} - G:\LaunchU3.exe -a
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-05-01]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-01]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{01f72b04-0fc9-a443-01f7-72b040fcac10}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_p_soft_partner.lnk [2015-05-01]
ShortcutTarget: priceless_p_soft_partner.lnk -> C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe ()
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-05-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&site=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> URL hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP7683B513-4513-4287-B648-A0888416FE18&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {2E9C738F-A05D-499D-BDF0-BD55669112D8} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&site=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {AEE48452-239C-4174-AB27-61B8A9755906} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: youtubeadblocker -> {9fec92a0-7c08-4a0d-90fc-f4f2c0a61b87} -> C:\Program Files (x86)\youtubeadblocker\qFtSVYcJNQwOTj.x64.dll [2015-05-01] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: PriiceLesss -> {ae9c9be6-907b-4f78-8e45-8ad11dec46a1} -> C:\Program Files (x86)\PriiceLesss\pWN3Zn97swWiLa.x64.dll [2015-05-01] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: youtubeadblocker -> {9fec92a0-7c08-4a0d-90fc-f4f2c0a61b87} -> C:\Program Files (x86)\youtubeadblocker\qFtSVYcJNQwOTj.dll [2015-05-01] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: PriiceLesss -> {ae9c9be6-907b-4f78-8e45-8ad11dec46a1} -> C:\Program Files (x86)\PriiceLesss\pWN3Zn97swWiLa.dll [2015-05-01] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll No File
Toolbar: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 16 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 16 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1430444439&from=tugs&uid=ST9500325AS_S2W52KVP

FireFox:
========
FF ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF DefaultSearchUrl: 
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-05-01] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-05-01] (globalUpdate)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3863440553-3622452381-3390168598-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\user.js [2015-05-01]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\duckduckgo.xml [2013-06-26]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-images.xml [2014-12-13]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-maps.xml [2014-12-13]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\mystartsearch.xml [2015-05-01]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\webssearches.xml [2015-05-01]
FF Extension: I - Cinema - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\MGKN37049485@ACPSC11936960.com [2015-05-01]
FF Extension: Myanmar Converter - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\myanmar-converter@thanlwinsoft.org [2013-12-10]
FF Extension: Fast Start - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\quick_searchff@gmail.com [2015-05-01]
FF Extension: Search Enginer - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\sweetsearch@gmail.com [2015-05-01]
FF Extension: youtubeadblocker - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\W7eblu2@6.com [2015-05-01]
FF Extension: PriiceLesss - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\wjVTVk@8OuCq.net [2015-05-01]
FF Extension: Web Protector - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f} [2015-05-01]
FF Extension: EPUBReader - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-18]
FF Extension: Zoom It - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078} [2015-05-01]
FF Extension: Zoom It - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333} [2015-05-01]
FF Extension: Cliqz Beta - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\cliqz@cliqz.com.xpi [2014-12-14]
FF Extension: Preispilot - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\extension@preispilot.com.xpi [2013-01-29]
FF Extension: ProxTube - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: DuckDuckGo Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-26]
FF Extension: Test Pilot - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-20]
FF Extension: Adblock Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\cliqz@cliqz.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.oursurfing.com/?type=sc&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 abengine; C:\Program Files (x86)\HighlightSearches\abengine.exe [2329600 2015-04-22] (Abengine) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [887376 2015-05-01] (ClaraLabs)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-05-01] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-05-01] (globalUpdate) [File not signed] <==== ATTENTION
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-20] (XTab system)
R2 insvc_1.10.0.13; C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe [278600 2015-04-02] (Infonaut)
R2 kygyhosy; C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\jnsp4BCE.tmp [266240 2015-05-01] () [File not signed]
R2 loz; c:\windows\loz.exe [417792 2015-05-01] () [File not signed]
R2 mloz; c:\windows\mloz.exe [408576 2015-05-01] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2833192 2015-05-01] (Search Module Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064 2015-05-01] (SysTool PasSame LIMITED)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
R2 cipyjywi; C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
R1 innfd_1_10_0_13; C:\Windows\System32\drivers\innfd_1_10_0_13.sys [58224 2015-04-02] (Infonaut)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41632 2015-05-01] ()
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 13:17 - 2015-05-01 13:17 - 00038368 _____ () C:\Users\Torsten\Desktop\FRST.txt
2015-05-01 13:17 - 2015-05-01 13:17 - 00001103 _____ () C:\Users\Torsten\Desktop\Optimizer Pro.lnk
2015-05-01 13:17 - 2015-05-01 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-01 13:17 - 2015-05-01 13:17 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.86
2015-05-01 13:16 - 2015-05-01 13:16 - 00000000 ____D () C:\ProgramData\{01f72b04-0fc9-a443-01f7-72b040fcac10}
2015-05-01 13:14 - 2015-05-01 13:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\BrowserHelper
2015-05-01 13:14 - 2015-05-01 13:14 - 00003912 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-05-01 13:14 - 2015-05-01 13:14 - 00003730 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-05-01 13:14 - 2015-05-01 13:14 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-05-01 13:14 - 2015-05-01 13:14 - 00001953 _____ () C:\Users\Torsten\Desktop\YTDownloader.lnk
2015-05-01 13:14 - 2015-05-01 13:14 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-05-01 13:13 - 2015-05-01 13:14 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-05-01 13:13 - 2015-05-01 13:13 - 00004252 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32
2015-05-01 13:13 - 2015-05-01 13:13 - 00003848 _____ () C:\Windows\System32\Tasks\Smp
2015-05-01 13:13 - 2015-05-01 13:13 - 00003600 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-05-01 13:13 - 2015-05-01 13:13 - 00003548 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-05-01 13:13 - 2015-05-01 13:13 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashRpt
2015-05-01 13:13 - 2015-05-01 13:13 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-01 13:13 - 2015-05-01 13:13 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-05-01 13:09 - 2015-05-01 13:09 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.13
2015-05-01 13:08 - 2015-05-01 13:10 - 00063243 _____ () C:\Users\Torsten\Desktop\Addition.txt
2015-05-01 13:06 - 2015-05-01 13:07 - 00002772 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5_user.job
2015-05-01 13:06 - 2015-05-01 13:06 - 00006486 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7
2015-05-01 13:06 - 2015-05-01 13:06 - 00006148 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6
2015-05-01 13:06 - 2015-05-01 13:06 - 00005802 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5
2015-05-01 13:06 - 2015-05-01 13:06 - 00003456 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7.job
2015-05-01 13:06 - 2015-05-01 13:06 - 00003120 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.job
2015-05-01 13:06 - 2015-05-01 13:06 - 00002772 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.job
2015-05-01 13:05 - 2015-05-01 13:17 - 00000000 ____D () C:\FRST
2015-05-01 13:05 - 2015-05-01 13:07 - 00000000 ____D () C:\Program Files (x86)\I - Cinema
2015-05-01 13:05 - 2015-05-01 13:05 - 00007506 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4
2015-05-01 13:05 - 2015-05-01 13:05 - 00004476 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4.job
2015-05-01 13:05 - 2015-05-01 13:05 - 00002260 _____ () C:\Users\Torsten\Desktop\Facebook.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002258 _____ () C:\Users\Torsten\Desktop\Wikipedia.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002256 _____ () C:\Users\Torsten\Desktop\Youtube.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002256 _____ () C:\Users\Torsten\Desktop\Hotmail.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002254 _____ () C:\Users\Torsten\Desktop\Search.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002252 _____ () C:\Users\Torsten\Desktop\Amazon.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002208 _____ () C:\Users\Torsten\Desktop\Unico Browser.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002094 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10_user.job
2015-05-01 13:05 - 2015-05-01 13:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-01 13:04 - 2015-05-01 13:04 - 00003936 _____ () C:\Windows\System32\Tasks\PostPoneInstall
2015-05-01 13:04 - 2015-05-01 13:04 - 00000000 ____D () C:\Users\Torsten\AppData\Local\UnicoBrowser
2015-05-01 13:04 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Desktop\FRST64.exe
2015-05-01 13:03 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Downloads\FRST64.exe
2015-05-01 12:52 - 2015-05-01 12:52 - 00001099 _____ () C:\Users\Torsten\Desktop\Continue Live Installation.lnk
2015-05-01 05:42 - 2015-05-01 13:13 - 00000000 ____D () C:\Users\Torsten\AppData\Local\gmsd_de_478
2015-05-01 05:42 - 2015-05-01 13:02 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_478
2015-05-01 04:52 - 2015-05-01 04:52 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-01 04:42 - 2015-05-01 04:42 - 00000000 ____D () C:\ProgramData\c3b54530000537e
2015-05-01 04:38 - 2015-05-01 04:41 - 00000000 ____D () C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}
2015-05-01 04:38 - 2015-05-01 04:40 - 00000366 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-05-01 04:38 - 2015-05-01 04:39 - 00000000 ____D () C:\ProgramData\17787909045536261969
2015-05-01 04:38 - 2015-05-01 04:39 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-05-01 04:38 - 2015-05-01 04:38 - 00003282 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task
2015-05-01 04:38 - 2015-05-01 04:38 - 00000000 ____D () C:\Program Files (x86)\PriiceLesss
2015-05-01 04:35 - 2015-05-01 12:30 - 00001008 _____ () C:\Windows\Tasks\m05cG0IkR3XvF8.job
2015-05-01 04:35 - 2015-05-01 04:35 - 00004042 _____ () C:\Windows\System32\Tasks\m05cG0IkR3XvF8
2015-05-01 04:33 - 2015-05-01 12:30 - 00001060 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-05-01 04:33 - 2015-05-01 04:33 - 00004094 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-05-01 04:33 - 2015-05-01 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-05-01 04:32 - 2015-05-01 13:03 - 00000000 ____D () C:\Users\Torsten\AppData\Local\SmartWeb
2015-05-01 04:28 - 2015-05-01 04:28 - 00000815 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-05-01 04:20 - 2015-05-01 04:45 - 00000000 ____D () C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C
2015-05-01 04:17 - 2015-05-01 04:17 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446662-A127-DB63-31137A137A6C
2015-05-01 04:15 - 2015-05-01 05:04 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-05-01 04:15 - 2015-05-01 04:16 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C
2015-05-01 04:14 - 2015-05-01 05:04 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-05-01 04:14 - 2015-05-01 04:30 - 00000000 ____D () C:\Program Files\shopperz
2015-05-01 04:14 - 2015-05-01 04:14 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\WebExtend
2015-05-01 04:13 - 2015-05-01 04:13 - 00003166 _____ () C:\Windows\System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110}
2015-05-01 04:08 - 2015-05-01 04:08 - 00000000 ____D () C:\ProgramData\36848e5300006b4a
2015-05-01 04:03 - 2015-05-01 04:03 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Torsten\Downloads\SpyHunter-Installer.exe
2015-05-01 04:00 - 2015-05-01 04:00 - 00000000 ____D () C:\ProgramData\d1a8812200007e06
2015-05-01 03:58 - 2015-05-01 03:58 - 00000158 _____ () C:\Users\Torsten\Desktop\chrome.lnk
2015-05-01 03:49 - 2015-05-01 04:00 - 00003452 _____ () C:\Windows\System32\Tasks\NetEngine
2015-05-01 03:49 - 2015-05-01 03:49 - 00000000 ____D () C:\ProgramData\NetEngine
2015-05-01 03:46 - 2015-05-01 03:46 - 00000000 ____D () C:\Users\Torsten\Documents\Optimizer Pro
2015-05-01 03:45 - 2015-05-01 03:54 - 00009256 _____ () C:\Windows\SysWOW64\abengineOff.ini
2015-05-01 03:45 - 2015-05-01 03:54 - 00009256 _____ () C:\Windows\system32\abengineOff.ini
2015-05-01 03:45 - 2015-05-01 03:45 - 00003094 _____ () C:\Windows\System32\Tasks\iren3006
2015-05-01 03:45 - 2015-05-01 03:45 - 00000002 _____ () C:\END
2015-05-01 03:45 - 2015-04-22 16:51 - 00341952 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2015-05-01 03:44 - 2015-05-01 03:44 - 00000000 ____D () C:\Users\Torsten\SupTab
2015-05-01 03:44 - 2015-04-22 16:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-05-01 03:43 - 2015-05-01 03:44 - 00000000 ___HD () C:\ProgramData\loz
2015-05-01 03:43 - 2015-05-01 03:43 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-01 03:42 - 2015-05-01 13:04 - 00003176 _____ () C:\Windows\System32\Tasks\Run_Browser
2015-05-01 03:42 - 2015-05-01 12:30 - 00001028 _____ () C:\Windows\Tasks\OoANG5Rb7VhFysX0ilN9XzYh.job
2015-05-01 03:42 - 2015-05-01 04:12 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\mystartsearch
2015-05-01 03:42 - 2015-05-01 03:43 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-01 03:42 - 2015-05-01 03:42 - 00004062 _____ () C:\Windows\System32\Tasks\OoANG5Rb7VhFysX0ilN9XzYh
2015-05-01 03:42 - 2015-05-01 03:42 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-01 03:41 - 2015-05-01 13:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-01 03:41 - 2015-05-01 03:41 - 00002513 _____ () C:\Windows\patsearch.bin
2015-05-01 03:41 - 2015-05-01 03:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-05-01 03:41 - 2015-05-01 03:41 - 00000000 ____D () C:\Users\Torsten\AppData\Local\globalUpdate
2015-05-01 03:40 - 2015-05-01 13:04 - 00015844 _____ () C:\claraInstaller.txt
2015-05-01 03:40 - 2015-05-01 03:40 - 00631296 _____ () C:\Windows\loz.dat
2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () C:\Windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () C:\Windows\mloz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00003992 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-05-01 03:40 - 2015-05-01 03:40 - 00000000 ____D () C:\ProgramData\{edde8b41-5cc6-3f4c-edde-e8b415cc2d05}
2015-05-01 03:38 - 2015-05-01 03:38 - 00559528 _____ () C:\Users\Torsten\Downloads\Setup.exe
2015-04-30 18:43 - 2015-04-30 18:43 - 14400913 _____ () C:\Users\Torsten\Downloads\video-1430406369.mp4.mp4
2015-04-25 15:53 - 2015-04-25 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 16:05 - 2015-04-20 16:05 - 01246720 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe
2015-04-20 16:05 - 2015-04-20 16:05 - 01246720 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe
2015-04-14 23:10 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:10 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:10 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:10 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:10 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:10 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:10 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:10 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:10 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:10 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:10 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:09 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:09 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:09 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:09 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:09 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:09 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:09 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:09 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:09 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:09 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:09 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:09 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:09 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:09 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:09 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:09 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:09 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:09 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:09 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:08 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:08 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 23:17 - 2015-04-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-02 21:57 - 2015-04-02 21:57 - 00058224 _____ (Infonaut) C:\Windows\system32\Drivers\innfd_1_10_0_13.sys
2015-04-01 02:08 - 2015-04-01 02:08 - 00010512 _____ () C:\Users\Torsten\Desktop\Ostermenü2015.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 13:15 - 2014-09-20 18:44 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job
2015-05-01 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-01 13:13 - 2013-10-13 19:46 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-01 13:13 - 2012-05-07 17:13 - 00001225 _____ () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 13:10 - 2014-05-13 12:17 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-01 13:10 - 2014-05-13 12:17 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-01 13:05 - 2014-05-13 12:17 - 00003916 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-05-01 13:05 - 2014-05-13 12:17 - 00003662 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-05-01 13:05 - 2012-06-18 15:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashDumps
2015-05-01 12:50 - 2012-09-20 11:21 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\vlc
2015-05-01 12:41 - 2012-05-09 14:41 - 00000000 ____D () C:\Users\Torsten\Desktop\Mathe
2015-05-01 12:41 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:41 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:40 - 2012-05-12 01:05 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Winamp
2015-05-01 12:40 - 2011-11-09 14:37 - 01686703 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 12:32 - 2012-05-07 17:31 - 00000000 ___RD () C:\Users\Torsten\Dropbox
2015-05-01 12:32 - 2012-05-07 17:24 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Dropbox
2015-05-01 12:31 - 2011-05-09 12:38 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-01 12:30 - 2012-10-14 09:48 - 00191296 _____ () C:\Windows\PFRO.log
2015-05-01 12:30 - 2012-09-17 15:51 - 00055822 _____ () C:\Windows\setupact.log
2015-05-01 12:30 - 2011-11-09 15:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-01 12:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 03:54 - 2014-12-10 17:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForTorsten.job
2015-05-01 03:44 - 2012-05-07 16:14 - 00000000 ____D () C:\Users\Torsten
2015-05-01 03:26 - 2012-05-07 17:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{307F94D9-B34C-4617-AD2B-73B8502BE40E}
2015-04-29 13:11 - 2014-12-10 17:29 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTorsten
2015-04-29 13:11 - 2012-05-09 17:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-29 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 09:13 - 2011-05-09 22:12 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-04-29 09:13 - 2011-05-09 22:12 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-04-29 09:13 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 09:06 - 2012-05-07 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-29 01:09 - 2012-05-12 00:53 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\SoftGrid Client
2015-04-28 22:15 - 2014-09-20 18:44 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job
2015-04-27 22:43 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Torsten\MediathekView
2015-04-27 22:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 00:28 - 2012-05-07 17:29 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 11:38 - 2014-08-24 22:17 - 00000000 ___RD () C:\Teaching
2015-04-20 11:45 - 2012-05-07 17:12 - 00058016 _____ () C:\Users\Torsten\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 23:34 - 2015-02-01 14:10 - 00000000 ____D () C:\Users\Torsten\.mediathek3
2015-04-15 08:58 - 2012-05-07 18:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:58 - 2012-05-07 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:01 - 2014-12-11 10:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:01 - 2014-05-07 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:07 - 2012-05-12 00:52 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:04 - 2013-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:57 - 2012-05-13 23:46 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 04:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-01 02:09 - 2014-09-06 12:39 - 00000000 ____D () C:\Users\Teaching\AppData\Roaming\SoftGrid Client

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe
2014-05-13 12:18 - 2014-05-13 12:18 - 1746032 _____ (AnyProtect.com) C:\Users\Torsten\AppData\Local\nshFAA5.tmp
2015-02-12 05:02 - 2015-02-12 05:02 - 0000337 _____ () C:\Users\Torsten\AppData\Local\Perfmon.PerfmonCfg
2014-06-10 23:54 - 2014-06-10 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Teaching\AppData\Local\Temp\javagiac0.10597637860294118.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.39816240318074525.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.442629887105602.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.5304406733911293.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.5472877831344327.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.5938590991840501.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.7947854985444719.dll
C:\Users\Torsten\AppData\Local\Temp\1784.exe
C:\Users\Torsten\AppData\Local\Temp\337.exe
C:\Users\Torsten\AppData\Local\Temp\5e11e2d375d442f882caa244a85dfcba280305.exe
C:\Users\Torsten\AppData\Local\Temp\65EC0891-2155-A75A-87EB-15B46A55E26B.exe
C:\Users\Torsten\AppData\Local\Temp\94F62D35-E302-3688-7178-1813F5C78CF7.dll
C:\Users\Torsten\AppData\Local\Temp\94F62D35-E302-3688-7178-1813F5C78CF7.exe
C:\Users\Torsten\AppData\Local\Temp\9899.exe
C:\Users\Torsten\AppData\Local\Temp\autorun.dll
C:\Users\Torsten\AppData\Local\Temp\BackupSetup.exe
C:\Users\Torsten\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7lmc0.dll
C:\Users\Torsten\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Torsten\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Torsten\AppData\Local\Temp\Extract.exe
C:\Users\Torsten\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\Torsten\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Torsten\AppData\Local\Temp\javagiac0.029565658239523618.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.10965816360902281.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.1628840784214326.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.2740469830333033.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.3233192745505219.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.33674924880834367.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.41579742577658685.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.4854240265015559.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.6157665773365473.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.6327705619412034.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.8582746069402264.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.9463544007911583.dll
C:\Users\Torsten\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jue5C33.exe
C:\Users\Torsten\AppData\Local\Temp\jue8880.exe
C:\Users\Torsten\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Torsten\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Torsten\AppData\Local\Temp\nsaE054.exe
C:\Users\Torsten\AppData\Local\Temp\nsc3252.exe
C:\Users\Torsten\AppData\Local\Temp\nsgB236.exe
C:\Users\Torsten\AppData\Local\Temp\nsgEDF2.exe
C:\Users\Torsten\AppData\Local\Temp\nsqB7F1.exe
C:\Users\Torsten\AppData\Local\Temp\nsqF311.exe
C:\Users\Torsten\AppData\Local\Temp\nsr36A6.exe
C:\Users\Torsten\AppData\Local\Temp\nsw22F2.exe
C:\Users\Torsten\AppData\Local\Temp\nsw2785.exe
C:\Users\Torsten\AppData\Local\Temp\optprosetup.exe
C:\Users\Torsten\AppData\Local\Temp\Quarantine.exe
C:\Users\Torsten\AppData\Local\Temp\Resource.exe
C:\Users\Torsten\AppData\Local\Temp\sdf83DE.exe
C:\Users\Torsten\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Torsten\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Torsten\AppData\Local\Temp\Shortcut_swe-et-imBundle.exe
C:\Users\Torsten\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Torsten\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Torsten\AppData\Local\Temp\SP53998.exe
C:\Users\Torsten\AppData\Local\Temp\SP54982.exe
C:\Users\Torsten\AppData\Local\Temp\SP55152.exe
C:\Users\Torsten\AppData\Local\Temp\SP56929.exe
C:\Users\Torsten\AppData\Local\Temp\sp58915.exe
C:\Users\Torsten\AppData\Local\Temp\SP60723.exe
C:\Users\Torsten\AppData\Local\Temp\supoptsetup.exe
C:\Users\Torsten\AppData\Local\Temp\Uninstall.exe
C:\Users\Torsten\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Torsten\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Torsten\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Torsten\AppData\Local\Temp\vlc-2.1.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 09:37

==================== End Of Log ============================
         
Wer kann helfen?

Vielen Dank im Voraus,
Grüße Torsten

Alt 01.05.2015, 13:54   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.


Los geht's:

Die Addition.txt fehlt. Scan bitte wiederholen.

Schritt 1



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________

__________________

Alt 02.05.2015, 00:29   #3
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Guten Morgen Jürgen,

vielen Dank für die schnelle Antwort. Ich habe den Scan nochmal durchgeführt. Hier die Ergebnisse:

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Torsten (administrator) on TORSTEN-HP on 02-05-2015 01:01:39
Running from C:\Users\Torsten\Desktop
Loaded Profiles: Torsten (Available profiles: Torsten & Teaching)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Abengine) C:\Program Files (x86)\HighlightSearches\abengine.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
() C:\ProgramData\NetEngine\bin\D9\netengine.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(iCinema) C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe
(iCinema) C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.exe
() C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\jnsp4BCE.tmp
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
() C:\Windows\loz.exe
() C:\Windows\mloz.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\ProgramData\NetEngine\bin\D9\netengine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Users\Torsten\AppData\Local\gmsd_de_478\upgmsd_de_478.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
() C:\Program Files (x86)\gmsd_de_478\gmsd_de_478.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(SoftBrain Technologies Ltd.) C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(SoftBrain Technologies Ltd.) C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebApp.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
(The Unico Browser Authors) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Ocs_SM] => C:\Users\Torsten\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_7] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_de_473] => [X]
HKLM-x32\...\Run: [gmsd_de_478] => C:\Program Files (x86)\gmsd_de_478\gmsd_de_478.exe [3983304 2015-04-29] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKLM-x32\...\RunOnce: [upgmsd_de_478.exe] => C:\Users\Torsten\AppData\Local\gmsd_de_478\upgmsd_de_478.exe [3285448 2015-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [Facebook Update] => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-20] (Facebook Inc.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [UnicoBrowser] => C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [1047176 2015-04-21] (The Unico Browser Authors)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.86\OptProLauncher.exe [148008 2015-04-26] ()
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: {5a8c3d5d-97bd-11e3-8c6c-74de2bacd106} - G:\LaunchU3.exe -a
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-05-01]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-01]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{01f72b04-0fc9-a443-01f7-72b040fcac10}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_p_soft_partner.lnk [2015-05-01]
ShortcutTarget: priceless_p_soft_partner.lnk -> C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe ()
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-05-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Torsten\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&site=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> URL hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP7683B513-4513-4287-B648-A0888416FE18&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {2E9C738F-A05D-499D-BDF0-BD55669112D8} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&site=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {AEE48452-239C-4174-AB27-61B8A9755906} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W52KVP&ts=1430444582&type=default&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: youtubeadblocker -> {9fec92a0-7c08-4a0d-90fc-f4f2c0a61b87} -> C:\Program Files (x86)\youtubeadblocker\qFtSVYcJNQwOTj.x64.dll [2015-05-01] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: PriiceLesss -> {ae9c9be6-907b-4f78-8e45-8ad11dec46a1} -> C:\Program Files (x86)\PriiceLesss\pWN3Zn97swWiLa.x64.dll [2015-05-01] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: youtubeadblocker -> {9fec92a0-7c08-4a0d-90fc-f4f2c0a61b87} -> C:\Program Files (x86)\youtubeadblocker\qFtSVYcJNQwOTj.dll [2015-05-01] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: PriiceLesss -> {ae9c9be6-907b-4f78-8e45-8ad11dec46a1} -> C:\Program Files (x86)\PriiceLesss\pWN3Zn97swWiLa.dll [2015-05-01] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll No File
Toolbar: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9 16 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-01] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Winsock: Catalog9-x64 16 C:\Windows\system32\abengine64.dll [409168 2015-05-01] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1430444439&from=tugs&uid=ST9500325AS_S2W52KVP

FireFox:
========
FF ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Search Module
FF DefaultSearchUrl: 
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
FF Keyword.URL: hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-05-01] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-05-01] (globalUpdate)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3863440553-3622452381-3390168598-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\user.js [2015-05-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\duckduckgo.xml [2013-06-26]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-images.xml [2014-12-13]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-maps.xml [2014-12-13]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\mystartsearch.xml [2015-05-01]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\webssearches.xml [2015-05-01]
FF Extension: I - Cinema - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\MGKN37049485@ACPSC11936960.com [2015-05-01]
FF Extension: Myanmar Converter - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\myanmar-converter@thanlwinsoft.org [2013-12-10]
FF Extension: Fast Start - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\quick_searchff@gmail.com [2015-05-01]
FF Extension: Search Enginer - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\sweetsearch@gmail.com [2015-05-01]
FF Extension: youtubeadblocker - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\W7eblu2@6.com [2015-05-01]
FF Extension: PriiceLesss - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\wjVTVk@8OuCq.net [2015-05-01]
FF Extension: Web Protector - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f} [2015-05-01]
FF Extension: EPUBReader - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-18]
FF Extension: Zoom It - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078} [2015-05-01]
FF Extension: Zoom It - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333} [2015-05-01]
FF Extension: Cliqz Beta - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\cliqz@cliqz.com.xpi [2014-12-14]
FF Extension: Preispilot - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\extension@preispilot.com.xpi [2013-01-29]
FF Extension: ProxTube - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: DuckDuckGo Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-26]
FF Extension: Test Pilot - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-20]
FF Extension: Adblock Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\cliqz@cliqz.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.oursurfing.com/?type=sc&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 abengine; C:\Program Files (x86)\HighlightSearches\abengine.exe [2329600 2015-04-22] (Abengine) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [887376 2015-05-01] (ClaraLabs)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-05-01] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-05-01] (globalUpdate) [File not signed] <==== ATTENTION
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-20] (XTab system)
R2 insvc_1.10.0.13; C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe [278600 2015-04-02] (Infonaut)
R2 kygyhosy; C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\jnsp4BCE.tmp [266240 2015-05-01] () [File not signed]
R2 loz; c:\windows\loz.exe [417792 2015-05-01] () [File not signed]
R2 mloz; c:\windows\mloz.exe [408576 2015-05-01] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2833192 2015-05-01] (Search Module Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064 2015-05-01] (SysTool PasSame LIMITED)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
R2 cipyjywi; C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
R1 innfd_1_10_0_13; C:\Windows\System32\drivers\innfd_1_10_0_13.sys [58224 2015-04-02] (Infonaut)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41632 2015-05-01] ()
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 13:17 - 2015-05-02 01:06 - 00037847 _____ () C:\Users\Torsten\Desktop\FRST.txt
2015-05-01 13:17 - 2015-05-01 13:17 - 00001103 _____ () C:\Users\Torsten\Desktop\Optimizer Pro.lnk
2015-05-01 13:17 - 2015-05-01 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-01 13:17 - 2015-05-01 13:17 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.86
2015-05-01 13:16 - 2015-05-02 01:02 - 00000000 ____D () C:\ProgramData\{01f72b04-0fc9-a443-01f7-72b040fcac10}
2015-05-01 13:14 - 2015-05-01 13:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\BrowserHelper
2015-05-01 13:14 - 2015-05-01 13:14 - 00003912 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-05-01 13:14 - 2015-05-01 13:14 - 00003730 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-05-01 13:14 - 2015-05-01 13:14 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-05-01 13:14 - 2015-05-01 13:14 - 00001953 _____ () C:\Users\Torsten\Desktop\YTDownloader.lnk
2015-05-01 13:14 - 2015-05-01 13:14 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-05-01 13:13 - 2015-05-01 13:14 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-05-01 13:13 - 2015-05-01 13:13 - 00004252 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32
2015-05-01 13:13 - 2015-05-01 13:13 - 00003848 _____ () C:\Windows\System32\Tasks\Smp
2015-05-01 13:13 - 2015-05-01 13:13 - 00003600 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-05-01 13:13 - 2015-05-01 13:13 - 00003548 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-05-01 13:13 - 2015-05-01 13:13 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashRpt
2015-05-01 13:13 - 2015-05-01 13:13 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-01 13:13 - 2015-05-01 13:13 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-05-01 13:09 - 2015-05-01 13:09 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.13
2015-05-01 13:08 - 2015-05-01 13:10 - 00063243 _____ () C:\Users\Torsten\Desktop\Addition.txt
2015-05-01 13:06 - 2015-05-02 01:07 - 00002772 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5_user.job
2015-05-01 13:06 - 2015-05-02 01:06 - 00003456 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7.job
2015-05-01 13:06 - 2015-05-02 01:06 - 00003120 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.job
2015-05-01 13:06 - 2015-05-02 01:06 - 00002772 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.job
2015-05-01 13:06 - 2015-05-01 13:06 - 00006486 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7
2015-05-01 13:06 - 2015-05-01 13:06 - 00006148 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6
2015-05-01 13:06 - 2015-05-01 13:06 - 00005802 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5
2015-05-01 13:05 - 2015-05-02 01:05 - 00004476 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4.job
2015-05-01 13:05 - 2015-05-02 01:05 - 00002094 _____ () C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10_user.job
2015-05-01 13:05 - 2015-05-02 01:03 - 00000000 ____D () C:\FRST
2015-05-01 13:05 - 2015-05-01 13:07 - 00000000 ____D () C:\Program Files (x86)\I - Cinema
2015-05-01 13:05 - 2015-05-01 13:05 - 00007506 _____ () C:\Windows\System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4
2015-05-01 13:05 - 2015-05-01 13:05 - 00002256 _____ () C:\Users\Torsten\Desktop\Hotmail.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002252 _____ () C:\Users\Torsten\Desktop\Amazon.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-01 13:04 - 2015-05-01 13:04 - 00003936 _____ () C:\Windows\System32\Tasks\PostPoneInstall
2015-05-01 13:04 - 2015-05-01 13:04 - 00000000 ____D () C:\Users\Torsten\AppData\Local\UnicoBrowser
2015-05-01 13:04 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Desktop\FRST64.exe
2015-05-01 13:03 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Downloads\FRST64.exe
2015-05-01 05:42 - 2015-05-02 01:04 - 00000000 ____D () C:\Users\Torsten\AppData\Local\gmsd_de_478
2015-05-01 05:42 - 2015-05-01 13:02 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_478
2015-05-01 04:52 - 2015-05-01 04:52 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-01 04:42 - 2015-05-01 04:42 - 00000000 ____D () C:\ProgramData\c3b54530000537e
2015-05-01 04:38 - 2015-05-01 04:41 - 00000000 ____D () C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}
2015-05-01 04:38 - 2015-05-01 04:40 - 00000366 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-05-01 04:38 - 2015-05-01 04:39 - 00000000 ____D () C:\ProgramData\17787909045536261969
2015-05-01 04:38 - 2015-05-01 04:39 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-05-01 04:38 - 2015-05-01 04:38 - 00003282 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task
2015-05-01 04:38 - 2015-05-01 04:38 - 00000000 ____D () C:\Program Files (x86)\PriiceLesss
2015-05-01 04:35 - 2015-05-02 01:00 - 00001008 _____ () C:\Windows\Tasks\m05cG0IkR3XvF8.job
2015-05-01 04:35 - 2015-05-01 04:35 - 00004042 _____ () C:\Windows\System32\Tasks\m05cG0IkR3XvF8
2015-05-01 04:33 - 2015-05-02 01:00 - 00001060 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-05-01 04:33 - 2015-05-01 04:33 - 00004094 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-05-01 04:33 - 2015-05-01 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-05-01 04:32 - 2015-05-01 13:03 - 00000000 ____D () C:\Users\Torsten\AppData\Local\SmartWeb
2015-05-01 04:28 - 2015-05-01 04:28 - 00000815 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-05-01 04:20 - 2015-05-01 04:45 - 00000000 ____D () C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C
2015-05-01 04:17 - 2015-05-01 04:17 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446662-A127-DB63-31137A137A6C
2015-05-01 04:15 - 2015-05-01 05:04 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-05-01 04:15 - 2015-05-01 04:16 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C
2015-05-01 04:14 - 2015-05-01 05:04 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-05-01 04:14 - 2015-05-01 04:30 - 00000000 ____D () C:\Program Files\shopperz
2015-05-01 04:14 - 2015-05-01 04:14 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\WebExtend
2015-05-01 04:13 - 2015-05-01 04:13 - 00003166 _____ () C:\Windows\System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110}
2015-05-01 04:08 - 2015-05-01 04:08 - 00000000 ____D () C:\ProgramData\36848e5300006b4a
2015-05-01 04:03 - 2015-05-01 04:03 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Torsten\Downloads\SpyHunter-Installer.exe
2015-05-01 04:00 - 2015-05-01 04:00 - 00000000 ____D () C:\ProgramData\d1a8812200007e06
2015-05-01 03:49 - 2015-05-01 04:00 - 00003452 _____ () C:\Windows\System32\Tasks\NetEngine
2015-05-01 03:49 - 2015-05-01 03:49 - 00000000 ____D () C:\ProgramData\NetEngine
2015-05-01 03:46 - 2015-05-01 03:46 - 00000000 ____D () C:\Users\Torsten\Documents\Optimizer Pro
2015-05-01 03:45 - 2015-05-01 03:54 - 00009256 _____ () C:\Windows\SysWOW64\abengineOff.ini
2015-05-01 03:45 - 2015-05-01 03:54 - 00009256 _____ () C:\Windows\system32\abengineOff.ini
2015-05-01 03:45 - 2015-05-01 03:45 - 00003094 _____ () C:\Windows\System32\Tasks\iren3006
2015-05-01 03:45 - 2015-05-01 03:45 - 00000002 _____ () C:\END
2015-05-01 03:45 - 2015-04-22 16:51 - 00341952 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2015-05-01 03:44 - 2015-05-01 03:44 - 00000000 ____D () C:\Users\Torsten\SupTab
2015-05-01 03:44 - 2015-04-22 16:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-05-01 03:43 - 2015-05-01 03:44 - 00000000 ___HD () C:\ProgramData\loz
2015-05-01 03:43 - 2015-05-01 03:43 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-01 03:42 - 2015-05-02 01:00 - 00001028 _____ () C:\Windows\Tasks\OoANG5Rb7VhFysX0ilN9XzYh.job
2015-05-01 03:42 - 2015-05-01 13:04 - 00003176 _____ () C:\Windows\System32\Tasks\Run_Browser
2015-05-01 03:42 - 2015-05-01 04:12 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\mystartsearch
2015-05-01 03:42 - 2015-05-01 03:43 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-01 03:42 - 2015-05-01 03:42 - 00004062 _____ () C:\Windows\System32\Tasks\OoANG5Rb7VhFysX0ilN9XzYh
2015-05-01 03:42 - 2015-05-01 03:42 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-01 03:41 - 2015-05-02 01:00 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-01 03:41 - 2015-05-01 03:41 - 00002513 _____ () C:\Windows\patsearch.bin
2015-05-01 03:41 - 2015-05-01 03:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-05-01 03:41 - 2015-05-01 03:41 - 00000000 ____D () C:\Users\Torsten\AppData\Local\globalUpdate
2015-05-01 03:40 - 2015-05-01 13:04 - 00015844 _____ () C:\claraInstaller.txt
2015-05-01 03:40 - 2015-05-01 03:40 - 00631296 _____ () C:\Windows\loz.dat
2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () C:\Windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () C:\Windows\mloz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00003992 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-05-01 03:40 - 2015-05-01 03:40 - 00000000 ____D () C:\ProgramData\{edde8b41-5cc6-3f4c-edde-e8b415cc2d05}
2015-05-01 03:38 - 2015-05-01 03:38 - 00559528 _____ () C:\Users\Torsten\Downloads\Setup.exe
2015-04-30 18:43 - 2015-04-30 18:43 - 14400913 _____ () C:\Users\Torsten\Downloads\video-1430406369.mp4.mp4
2015-04-25 15:53 - 2015-04-25 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 16:05 - 2015-04-20 16:05 - 01246720 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe
2015-04-20 16:05 - 2015-04-20 16:05 - 01246720 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe
2015-04-14 23:10 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:10 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:10 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:10 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:10 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:10 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:10 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:10 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:10 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:10 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:10 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:09 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:09 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:09 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:09 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:09 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:09 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:09 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:09 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:09 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:09 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:09 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:09 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:09 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:09 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:09 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:09 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:09 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:09 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:09 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:08 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:08 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 23:17 - 2015-04-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-02 21:57 - 2015-04-02 21:57 - 00058224 _____ (Infonaut) C:\Windows\system32\Drivers\innfd_1_10_0_13.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 01:04 - 2012-05-07 17:31 - 00000000 ___RD () C:\Users\Torsten\Dropbox
2015-05-02 01:03 - 2012-05-07 17:24 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Dropbox
2015-05-02 01:01 - 2013-10-13 19:46 - 00001235 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-02 01:01 - 2012-05-07 17:13 - 00001213 _____ () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-02 01:01 - 2011-11-09 15:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-02 01:01 - 2011-05-09 12:38 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-02 01:00 - 2014-05-13 12:17 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-02 01:00 - 2012-09-17 15:51 - 00055878 _____ () C:\Windows\setupact.log
2015-05-02 01:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 00:59 - 2012-10-14 09:48 - 00191622 _____ () C:\Windows\PFRO.log
2015-05-01 13:57 - 2011-11-09 14:37 - 01688187 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 13:15 - 2014-09-20 18:44 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job
2015-05-01 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-01 13:10 - 2014-05-13 12:17 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-01 13:05 - 2014-05-13 12:17 - 00003916 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-05-01 13:05 - 2014-05-13 12:17 - 00003662 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-05-01 13:05 - 2012-06-18 15:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashDumps
2015-05-01 12:50 - 2012-09-20 11:21 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\vlc
2015-05-01 12:41 - 2012-05-09 14:41 - 00000000 ____D () C:\Users\Torsten\Desktop\Mathe
2015-05-01 12:41 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:41 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:40 - 2012-05-12 01:05 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Winamp
2015-05-01 03:54 - 2014-12-10 17:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForTorsten.job
2015-05-01 03:44 - 2012-05-07 16:14 - 00000000 ____D () C:\Users\Torsten
2015-05-01 03:26 - 2012-05-07 17:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{307F94D9-B34C-4617-AD2B-73B8502BE40E}
2015-04-29 13:11 - 2014-12-10 17:29 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTorsten
2015-04-29 13:11 - 2012-05-09 17:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-29 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 09:13 - 2011-05-09 22:12 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-04-29 09:13 - 2011-05-09 22:12 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-04-29 09:13 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 09:06 - 2012-05-07 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-29 01:09 - 2012-05-12 00:53 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\SoftGrid Client
2015-04-28 22:15 - 2014-09-20 18:44 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job
2015-04-27 22:43 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Torsten\MediathekView
2015-04-27 22:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 00:28 - 2012-05-07 17:29 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 11:38 - 2014-08-24 22:17 - 00000000 ___RD () C:\Teaching
2015-04-20 11:45 - 2012-05-07 17:12 - 00058016 _____ () C:\Users\Torsten\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 23:34 - 2015-02-01 14:10 - 00000000 ____D () C:\Users\Torsten\.mediathek3
2015-04-15 08:58 - 2012-05-07 18:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:58 - 2012-05-07 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:01 - 2014-12-11 10:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:01 - 2014-05-07 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:07 - 2012-05-12 00:52 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:04 - 2013-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:57 - 2012-05-13 23:46 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 04:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe
2014-05-13 12:18 - 2014-05-13 12:18 - 1746032 _____ (AnyProtect.com) C:\Users\Torsten\AppData\Local\nshFAA5.tmp
2015-02-12 05:02 - 2015-02-12 05:02 - 0000337 _____ () C:\Users\Torsten\AppData\Local\Perfmon.PerfmonCfg
2014-06-10 23:54 - 2014-06-10 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Teaching\AppData\Local\Temp\javagiac0.10597637860294118.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.39816240318074525.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.442629887105602.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.5304406733911293.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.5472877831344327.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.5938590991840501.dll
C:\Users\Teaching\AppData\Local\Temp\javagiac0.7947854985444719.dll
C:\Users\Torsten\AppData\Local\Temp\1784.exe
C:\Users\Torsten\AppData\Local\Temp\337.exe
C:\Users\Torsten\AppData\Local\Temp\5e11e2d375d442f882caa244a85dfcba280305.exe
C:\Users\Torsten\AppData\Local\Temp\65EC0891-2155-A75A-87EB-15B46A55E26B.exe
C:\Users\Torsten\AppData\Local\Temp\94F62D35-E302-3688-7178-1813F5C78CF7.dll
C:\Users\Torsten\AppData\Local\Temp\94F62D35-E302-3688-7178-1813F5C78CF7.exe
C:\Users\Torsten\AppData\Local\Temp\9899.exe
C:\Users\Torsten\AppData\Local\Temp\autorun.dll
C:\Users\Torsten\AppData\Local\Temp\BackupSetup.exe
C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5qoiwd.dll
C:\Users\Torsten\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Torsten\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Torsten\AppData\Local\Temp\Extract.exe
C:\Users\Torsten\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\Torsten\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Torsten\AppData\Local\Temp\javagiac0.029565658239523618.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.10965816360902281.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.1628840784214326.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.2740469830333033.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.3233192745505219.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.33674924880834367.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.41579742577658685.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.4854240265015559.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.6157665773365473.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.6327705619412034.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.8582746069402264.dll
C:\Users\Torsten\AppData\Local\Temp\javagiac0.9463544007911583.dll
C:\Users\Torsten\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Torsten\AppData\Local\Temp\jue5C33.exe
C:\Users\Torsten\AppData\Local\Temp\jue8880.exe
C:\Users\Torsten\AppData\Local\Temp\Launcher__10272.exe
C:\Users\Torsten\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Torsten\AppData\Local\Temp\nsaE054.exe
C:\Users\Torsten\AppData\Local\Temp\nsc3252.exe
C:\Users\Torsten\AppData\Local\Temp\nsgB236.exe
C:\Users\Torsten\AppData\Local\Temp\nsgEDF2.exe
C:\Users\Torsten\AppData\Local\Temp\nsqB7F1.exe
C:\Users\Torsten\AppData\Local\Temp\nsqF311.exe
C:\Users\Torsten\AppData\Local\Temp\nsr36A6.exe
C:\Users\Torsten\AppData\Local\Temp\nsw22F2.exe
C:\Users\Torsten\AppData\Local\Temp\nsw2785.exe
C:\Users\Torsten\AppData\Local\Temp\optprosetup.exe
C:\Users\Torsten\AppData\Local\Temp\Quarantine.exe
C:\Users\Torsten\AppData\Local\Temp\Resource.exe
C:\Users\Torsten\AppData\Local\Temp\sdf83DE.exe
C:\Users\Torsten\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Torsten\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Torsten\AppData\Local\Temp\Shortcut_swe-et-imBundle.exe
C:\Users\Torsten\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Torsten\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Torsten\AppData\Local\Temp\SP53998.exe
C:\Users\Torsten\AppData\Local\Temp\SP54982.exe
C:\Users\Torsten\AppData\Local\Temp\SP55152.exe
C:\Users\Torsten\AppData\Local\Temp\SP56929.exe
C:\Users\Torsten\AppData\Local\Temp\sp58915.exe
C:\Users\Torsten\AppData\Local\Temp\SP60723.exe
C:\Users\Torsten\AppData\Local\Temp\supoptsetup.exe
C:\Users\Torsten\AppData\Local\Temp\Uninstall.exe
C:\Users\Torsten\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Torsten\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Torsten\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Torsten\AppData\Local\Temp\vlc-2.1.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 09:37

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 02.05.2015, 00:36   #4
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



und Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Torsten at 2015-05-02 01:09:53
Running from C:\Users\Torsten\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3863440553-3622452381-3390168598-500 - Administrator - Disabled)
Gast (S-1-5-21-3863440553-3622452381-3390168598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3863440553-3622452381-3390168598-1002 - Limited - Enabled)
Teaching (S-1-5-21-3863440553-3622452381-3390168598-1003 - Limited - Enabled) => C:\Users\Teaching
Torsten (S-1-5-21-3863440553-3622452381-3390168598-1000 - Administrator - Enabled) => C:\Users\Torsten

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Video Call Recorder for Skype version 1.2.12.319 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.12.319 - DVDVideoSoft Ltd.)
GamesDesktop 014.478 (HKLM-x32\...\gmsd_de_478_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I - Cinema (HKLM-x32\...\I - Cinema) (Version: 1.36.01.22 - iCinema)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Infonaut 1.10.0.13 (HKLM-x32\...\Infonaut_1.10.0.13) (Version: 1.10.0.13 - Infonaut)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTION
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 12 (HKLM-x32\...\{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}) (Version: 12.0.02900 - Nero AG)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PriiceLesss (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version:  - ) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo)
Sekundo 7 (HKLM-x32\...\com.schroedel.sekundo7v2.5E8736CC72780A3AB44A7F466B5597F22FEA1697.1) (Version: 1.2 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterwe)
Sekundo 7 (x32 Version: 1.2 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterwe) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
Unico Browser (HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\UnicoBrowser) (Version: 39.0.2132.14 - Unico Browser)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoDownloadConverter Internet Explorer Toolbar (HKLM-x32\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-04-2015 00:59:32 Windows Update
15-04-2015 06:52:53 Windows Update
18-04-2015 19:26:22 Windows Update
22-04-2015 10:54:57 Windows Update
25-04-2015 12:42:55 Windows Update
29-04-2015 09:17:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DDA2E24-6338-49B0-A575-A4ACC9EB9C55} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-05-01] (globalUpdate) <==== ATTENTION
Task: {12FF5640-1553-459F-8FBC-D39DF1BF29D8} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-05-01] (globalUpdate) <==== ATTENTION
Task: {2E5B6BD4-BC74-4271-9080-F6932FF89C38} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {3041A8A1-104C-442F-B7B1-0F3B4E7F5500} - System32\Tasks\HPCeeScheduleForTorsten => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {345B6B25-A4C7-4E9A-B928-07608240EEBD} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-01-08] (YTDownloader) <==== ATTENTION
Task: {390D7972-588B-43C8-BF15-B5CF1FC21BA8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {394398CC-0A7D-4E67-B95C-9D36BB9DD712} - System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110} => pcalua.exe -a C:\Users\Torsten\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=tugs
Task: {43154D13-8B2B-45FA-80EB-50E27A6749B1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {432C5811-6CF1-4A10-8A69-2F193D8573C4} - System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6 => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.exe [2015-05-01] (iCinema) <==== ATTENTION
Task: {4FBBEBFD-52FC-461C-B22D-8463C952994E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {51049843-ED44-483C-A203-939891A5591D} - System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7 => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7.exe [2015-05-01] (iCinema) <==== ATTENTION
Task: {53E2418B-1BD8-4826-9E53-4A2B4D8F08C7} - System32\Tasks\OoANG5Rb7VhFysX0ilN9XzYh => C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe [2015-04-20] () <==== ATTENTION
Task: {5848375A-AD6D-4C3B-9DBB-85C8EF46B97C} - System32\Tasks\m05cG0IkR3XvF8 => C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe [2015-04-20] () <==== ATTENTION
Task: {5BF0472F-8E6B-41B2-96C3-998765F1553A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6577B4E9-952C-4F92-AF3D-B3D1E28737BB} - System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4 => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4.exe [2015-05-01] (iCinema) <==== ATTENTION
Task: {66480ACC-3009-4FED-9EE5-725AB4C9D4B8} - System32\Tasks\Run_Browser => C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [2015-04-21] (The Unico Browser Authors) <==== ATTENTION
Task: {6C263D44-29A5-4529-85FB-EE4235AB65DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {70A939AB-2227-4C52-A998-B74A071E189D} - System32\Tasks\{D7F12247-CCE6-4714-BFFF-4DA6AA154FBC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {749BCA98-2C64-4229-B18A-01D066B63CA4} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [2015-05-01] (Goobzo) <==== ATTENTION
Task: {77B5C3B0-F132-4940-8262-A1BD109FF6C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7B5C88C7-2D7E-48E3-87BB-746274B6345A} - System32\Tasks\PostPoneInstall => C:\Users\Torsten\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {7BF78F2C-4C54-4C40-B2B5-0DAE4768055B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {7C689A37-BC41-4BE5-A703-FE5F92FA570C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {82203187-BD84-4184-A217-E14A209FDE21} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe [2014-05-01] ()
Task: {8400EE20-6E12-4241-8088-346BBF713D1A} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D9\netengine.exe [2015-05-01] () <==== ATTENTION
Task: {8D6BDBC5-0C61-4EA5-A583-3EAE678C9D15} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-20] (Facebook Inc.)
Task: {90112101-FAF9-48A3-AF3A-B7AD5978504D} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2015-04-01] () <==== ATTENTION
Task: {94A76D94-3467-4299-971F-40DEB48965A9} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-01-08] (Goobzo) <==== ATTENTION
Task: {99519131-5F47-45E5-A633-B2135C9A1DCF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9E4E21BC-C13D-4147-8CA8-2514CF1A1D73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A1C377FC-2405-4617-ADB4-92FDFF339F85} - System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5 => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.exe [2015-05-01] (iCinema) <==== ATTENTION
Task: {A1F30297-51B1-405F-A70B-49CDF642C6F9} - System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10_user => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10.exe [2015-05-01] (iCinema) <==== ATTENTION
Task: {A9402A1E-E17B-49B1-AD51-6EACEB2B2F02} - System32\Tasks\iren3006 => C:\Program Files (x86)\HighlightSearches\iren3006.exe [2015-04-24] () <==== ATTENTION
Task: {AF08274A-E482-4A99-BC6D-84DE69F5EA5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-20] (Facebook Inc.)
Task: {B1377076-3F92-4DFF-B9FE-3C9C0AAA6D96} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {B7C32D6C-EAF9-4F89-8B1B-864D02A7FF5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C54187C9-EA08-4052-B227-86444695A046} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {DDAE3D4C-F273-4BB6-BF80-52291BBED741} - System32\Tasks\SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {E428C5C2-34BB-4985-80AF-4B179685AA40} - System32\Tasks\{C1FE1179-651F-4AF3-8B05-B335AEA97FAA} => pcalua.exe -a C:\Users\Torsten\Downloads\QuickTimeInstaller.exe -d C:\Users\Torsten\Downloads
Task: {EEA8E09D-961C-43CC-A74C-ED021EC2A7F5} - System32\Tasks\Inst_Rep => C:\Users\Torsten\AppData\Local\Installer\Install_27865\DCytdkietut_tutdk_setup.exe [2015-05-01] ()
Task: {EF070F1B-A413-40D7-A8AD-3639C91C52E6} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {F8DCC707-B599-4D5E-8744-124446BD64B8} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {FB7ECB15-240B-45DA-9BC8-71A24BFD79D9} - System32\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5_user => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.exe [2015-05-01] (iCinema) <==== ATTENTION
Task: {FBEAE3A3-79F2-4962-B53D-3EA8A7E8A5B8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.job => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7.job => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10_user.job => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4.job => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.job => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5_user.job => C:\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForTorsten.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\m05cG0IkR3XvF8.job => C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe <==== ATTENTION
Task: C:\Windows\Tasks\OoANG5Rb7VhFysX0ilN9XzYh.job => C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-05-01 03:49 - 2015-05-01 03:49 - 00075776 _____ () C:\ProgramData\NetEngine\bin\D9\netengine.exe
2015-01-08 16:08 - 2015-01-08 16:08 - 00022376 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
2015-05-01 04:16 - 2015-05-01 04:16 - 00341504 _____ () C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs
2015-05-01 04:16 - 2015-05-01 04:16 - 00266240 _____ () C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\jnsp4BCE.tmp
2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () c:\windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () c:\windows\mloz.exe
2015-05-01 05:42 - 2015-04-29 17:20 - 03285448 _____ () C:\Users\Torsten\AppData\Local\gmsd_de_478\upgmsd_de_478.exe
2010-07-21 14:33 - 2010-07-21 14:33 - 00008192 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
2010-12-17 02:37 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-01 05:42 - 2015-04-29 17:20 - 03983304 _____ () C:\Program Files (x86)\gmsd_de_478\gmsd_de_478.exe
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-01 13:04 - 2015-04-21 02:28 - 01037448 _____ () C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\39.0.2132.14\libglesv2.dll
2015-05-01 13:04 - 2015-04-21 02:28 - 00210568 _____ () C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\39.0.2132.14\libegl.dll
2015-05-01 13:04 - 2015-04-21 02:28 - 08875144 _____ () C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\39.0.2132.14\pdf.dll
2015-05-01 13:04 - 2015-04-21 02:28 - 01679496 _____ () C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\39.0.2132.14\ffmpegsumo.dll
2015-05-02 01:02 - 2015-05-02 01:02 - 00043008 _____ () c:\users\torsten\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5qoiwd.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-01 04:38 - 2014-05-01 04:38 - 00301056 _____ () C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe
2014-10-17 15:08 - 2014-10-17 15:08 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-11-09 14:39 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-04-06 23:17 - 2015-04-06 23:18 - 03348592 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-04-06 23:17 - 2015-04-06 23:18 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-06 23:17 - 2015-04-06 23:18 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-04-15 08:57 - 2015-04-15 08:57 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{2BB1D4D1-55B0-4416-B116-F832F593D3E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51812DAD-2915-4EC4-82B6-08C5D554B248}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6CC50EF5-0581-4680-988A-68D51095167E}] => (Allow) LPort=2869
FirewallRules: [{C2887135-D2B6-4212-B536-E91D30E1F702}] => (Allow) LPort=1900
FirewallRules: [{2912670C-CFF8-44B6-A02C-D795F5D36C53}] => (Allow) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A799F554-693A-4E68-9B81-42609897CA2A}] => (Allow) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DF59E101-9E02-4DE0-9C30-2E72E06A7594}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5314B784-4681-469E-B8E0-C0BD284AED34}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{CBE54819-6286-4588-AB2F-C7D809075CBE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{DC4C9796-394E-4B81-B785-C7381AD97E2A}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{FEE3E038-A515-4161-9E85-9280CE629814}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{1671DE36-1133-4C1B-9FD8-EAAAB54FF95A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B59F61-D01C-4487-A9B4-E6CDE94A7235}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3932796-8464-49F2-801D-063919797649}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0EAB560-D0A7-4039-836D-A4440C92BDDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7240D466-F1AD-4CCC-9E48-06A794D4AFCE}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B8611E65-64E3-4E78-9B8C-1B6D82FE53D9}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3B2F5EBE-BD27-40C4-B222-E0C3BDC0EEFF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A98B68D9-C0DA-4B3D-8718-7EA65E5B9E70}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A7B9AECC-5398-4C9A-8A03-0D209547ECCF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{AC56B0F3-2A0C-4222-A67B-A9F27B2B4E1B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{CCEA5EC5-0854-4F03-9537-7389970F0114}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{E6533106-96C1-4B41-8DFA-3FED95E0E80B}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{AC6E76F7-69C0-4B68-96A3-0DA0A478F71E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{6FD04E96-6AD7-4C1C-ABF0-27BECA6C0B7B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7C1B2101-2A97-4031-AEE1-7AB575740EA2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{C7C68200-E02D-40C0-AF3A-4ED2D371156D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{50FA55DE-0E62-44E1-8C36-81B35F8F14CA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{331C1E2B-2272-4D23-A85E-AF45CE035D95}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{404C9FF9-7D79-4664-8961-FEFE78859CF9}] => (Allow) C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0EAD8562-B7B5-46A8-B9D4-209240FCCAEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1AD6C967-D061-41FF-84D6-3E3A39F0A7E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{685FA4AC-BD69-400E-BCCC-A49893E59E20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFA5FA39-CB19-4B74-B259-749180A3BBC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FDD435F1-9CD4-40F0-B67A-36BF31B34E48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C797EBC3-D024-4CE3-AE3E-B2AF67D36D61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{29967E53-FFF5-48FC-88E7-26AA720A951A}C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{30E5E72C-2FF5-4E7E-8E23-45626039FD05}C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{311FED86-55A0-4E04-B1F3-9647C62BD476}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{77D052A2-48F5-45C2-A9BE-3B429324C2BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C06F4FA4-543A-44FF-82F5-90A505FB7F15}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{EF2C9823-2F39-4568-A530-922CC1C5E913}] => (Allow) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: cherimoya
Description: cherimoya
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: cherimoya
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: innfd_1_10_0_14
Description: innfd_1_10_0_14
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: innfd_1_10_0_14
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2015 01:01:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 01:05:44 PM) (Source: MsiInstaller) (EventID: 11309) (User: Torsten-HP)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (05/01/2015 01:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x5e0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/01/2015 00:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 05:42:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/01/2015 05:10:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 04:41:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 04:35:00 AM) (Source: MsiInstaller) (EventID: 11309) (User: Torsten-HP)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (05/01/2015 04:34:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x2274
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/01/2015 04:28:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/02/2015 01:01:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/02/2015 01:00:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
innfd_1_10_0_14

Error: (05/01/2015 01:03:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/01/2015 00:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/01/2015 00:31:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/01/2015 00:31:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
innfd_1_10_0_14

Error: (05/01/2015 05:12:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/01/2015 05:11:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/01/2015 05:10:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
innfd_1_10_0_14

Error: (05/01/2015 04:42:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/02/2015 01:01:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 01:05:44 PM) (Source: MsiInstaller) (EventID: 11309) (User: Torsten-HP)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/01/2015 01:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa15e001d083fae4da1531C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle8858e4e-eff1-11e4-aa99-74de2bacd106

Error: (05/01/2015 00:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 05:42:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1169401d083c0c0ec1313C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll107de945-efb4-11e4-a5be-74de2bacd106

Error: (05/01/2015 05:10:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 04:41:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 04:35:00 AM) (Source: MsiInstaller) (EventID: 11309) (User: Torsten-HP)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/01/2015 04:34:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1227401d083b712796ee2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll985e4d4d-efaa-11e4-a24b-74de2bacd106

Error: (05/01/2015 04:28:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-05-01 12:38:04.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 05:20:27.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-30 15:37:08.165
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 10:46:41.154
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 09:48:14.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-28 15:09:03.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-28 14:53:42.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-28 14:45:22.498
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-28 14:32:04.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-28 14:22:04.294
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 46%
Total physical RAM: 8043.86 MB
Available physical RAM: 4325.98 MB
Total Pagefile: 16085.91 MB
Available Pagefile: 12415.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.59 GB) (Free:163.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.87 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4F1C5FDC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
         
Alleine beim schreiben dieses Postings haben sich unzählige Taps ungefragt geöffnet:
nodepositbonus.cc; supervideoslots.com; mcafeestore.com; lp.stargames.com; mrgreen.com; sunmaker.com; de.reimageplus.com, ich komme garnicht hiterher alle aufzuzählen

Vielen Dank nochmal und liebe Grüße
Torsten

Alt 02.05.2015, 13:21   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Hi,
nicht rumheulen, bekommen wir schon hin.

Schritt 1

Bitte deinstalliere folgende Programme:

Java 7 Update 51
GamesDesktop 014.478
mystartsearch uninstall
Optimizer Pro v3.2
PriiceLesss
SmartWeb
VideoDownloadConverter Internet Explorer Toolbar
youtubeadblocker


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 15:34   #6
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Vielen Dank für die Hilfe. Die gennannten Programme sind deinstalliert.
Java 7 Update 51 und mystartsearch uninstall haben sich gewehrt, so dass ich tatsächlich RevoUninstallerPortable verwenden musste.

Da ich unter meinem normalen account nicht mal mehr IE und Firefox starten konnte und nicht mit dem Unico-Browser arbeiten wollte, habe ich von meinem Gast-Account aus arbeiten müssen.

Während der Malware-Scan läuft, kann ich schonmal die AdwCleaner Logs posten. Unter C:\AdwCleaner habe ich zwei aktuelle Dateien gefunden: AdwCleaner[R2] und AdwCleaner[S2].

AdwCleaner[R2]:
Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 02/05/2015 um 15:53:34
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Torsten - TORSTEN-HP
# Gestarted von : C:\Users\Teaching\Desktop\adwcleaner_4.203.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : abengine
Dienst Gefunden : BrsHelper
Dienst Gefunden : cherimoya
Dienst Gefunden : ClaraUpdater
Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
Dienst Gefunden : IHProtect Service
Dienst Gefunden : sbmntr
Dienst Gefunden : SMUpd
Dienst Gefunden : SMUpdd
Dienst Gefunden : WindowsMangerProtect

***** [ Dateien / Ordner ] *****

Datei Gefunden : \claraInstaller.txt
Datei Gefunden : \END
Datei Gefunden : C:\Program Files\Common Files\System\SysMenu.dll
Datei Gefunden : C:\Program Files\Common Files\System\SysMenu64.dll
Datei Gefunden : C:\Users\Torsten\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Unico Browser.lnk
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Unico Browser.lnk
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\extension@preispilot.com.xpi
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\invalidprefs.js
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\mystartsearch.xml
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\webssearches.xml
Datei Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\user.js
Datei Gefunden : C:\Users\Torsten\Desktop\YTDownloader.lnk
Datei Gefunden : C:\Users\Torsten\Favorites\Links\Startfenster.lnk
Datei Gefunden : C:\Users\Torsten\Favorites\Links\Startfenster.lnk
Datei Gefunden : C:\Users\Torsten\Favorites\Startfenster.lnk
Datei Gefunden : C:\Users\Torsten\Favorites\Startfenster.lnk
Datei Gefunden : C:\Windows\patsearch.bin
Datei Gefunden : C:\Windows\System32\abengine64.dll
Datei Gefunden : C:\Windows\System32\abengineOff.ini
Datei Gefunden : C:\Windows\SysWOW64\abengine.dll
Datei Gefunden : C:\Windows\SysWOW64\abengineOff.ini
Ordner Gefunden : C:\Program Files (x86)\Common Files\ClaraUpdater
Ordner Gefunden : C:\Program Files (x86)\globalUpdate
Ordner Gefunden : C:\Program Files (x86)\HighlightSearches
Ordner Gefunden : C:\Program Files (x86)\I - Cinema
Ordner Gefunden : C:\Program Files (x86)\Infonaut_1.10.0.13
Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro 3.86
Ordner Gefunden : C:\Program Files (x86)\predm
Ordner Gefunden : C:\Program Files (x86)\XTab
Ordner Gefunden : C:\Program Files (x86)\YTDownloader
Ordner Gefunden : C:\Program Files\Common Files\Goobzo
Ordner Gefunden : C:\Program Files\shopperz
Ordner Gefunden : C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}
Ordner Gefunden : C:\ProgramData\{edde8b41-5cc6-3f4c-edde-e8b415cc2d05}
Ordner Gefunden : C:\ProgramData\36848e5300006b4a
Ordner Gefunden : C:\ProgramData\442c5a2b000040c4
Ordner Gefunden : C:\ProgramData\d1a8812200007e06
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
Ordner Gefunden : C:\ProgramData\NetEngine
Ordner Gefunden : C:\ProgramData\SearchModule
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\Teaching\AppData\Local\BrowserHelper
Ordner Gefunden : C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\Extensions\MGKN37049485@ACPSC11936960.com
Ordner Gefunden : C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\Extensions\MGKN37049485@ACPSC11936960.com
Ordner Gefunden : C:\Users\Torsten\AppData\Local\BrowserHelper
Ordner Gefunden : C:\Users\Torsten\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\Torsten\AppData\Local\SmartWeb
Ordner Gefunden : C:\Users\Torsten\AppData\Local\UnicoBrowser
Ordner Gefunden : C:\Users\Torsten\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\extension@preispilot.com.xpi
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\MGKN37049485@ACPSC11936960.com
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\MGKN37049485@ACPSC11936960.com
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\quick_searchff@gmail.com
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\sweetsearch@gmail.com
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\W7eblu2@6.com
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\wjVTVk@8OuCq.net
Ordner Gefunden : C:\Users\Torsten\AppData\Roaming\WebExtend
Ordner Gefunden : C:\Users\Torsten\SupTab
Ordner Gefunden : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine

***** [ Geplante Tasks ] *****

Task Gefunden : Crossbrowse
Task Gefunden : globalUpdateUpdateTaskMachineCore
Task Gefunden : globalUpdateUpdateTaskMachineUA
Task Gefunden : Inst_Rep
Task Gefunden : PostPoneInstall
Task Gefunden : Smp
Task Gefunden : SMupdate1
Task Gefunden : YTDownloader
Task Gefunden : YTDownloaderUpd
Task Gefunden : NetEngine
Task Gefunden : Run_Browser
Task Gefunden : iren3006
Task Gefunden : LaunchPreSignup
Task Gefunden : Bidaily Synchronize Task
Task Gefunden : Microsoft\Windows\Multimedia\SMupdate3
Task Gefunden : Microsoft\Windows\Maintenance\SMupdate2
Task Gefunden : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6
Task Gefunden : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7
Task Gefunden : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10_user
Task Gefunden : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4
Task Gefunden : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5
Task Gefunden : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5_user

***** [ Verknüpfungen ] *****

Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Free Realms.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk
Verknüpfung Infiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Infiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Infiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Infiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Infiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Verknüpfung Infiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.oursurfing.com/?type=sc&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1430444439&from=tugs&uid=ST9500325AS_S2W52KVP
Schlüssel Gefunden : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\CheckMeUp
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gefunden : HKCU\Software\ArenaHD
Schlüssel Gefunden : HKCU\Software\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}
Schlüssel Gefunden : HKCU\Software\CrossBrowser
Schlüssel Gefunden : HKCU\Software\GAMESDESKTOP
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\HighDefAction
Schlüssel Gefunden : HKCU\Software\HomeTab
Schlüssel Gefunden : HKCU\Software\I - Cinema
Schlüssel Gefunden : HKCU\Software\I - Cinema-nv-ie
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Linkey
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E9C738F-A05D-499D-BDF0-BD55669112D8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AEE48452-239C-4174-AB27-61B8A9755906}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\unicobrowser.exe
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnicoBrowser
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SearchProtectWS
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\Squeaky
Schlüssel Gefunden : HKCU\Software\TNT2
Schlüssel Gefunden : HKCU\Software\TutoTag
Schlüssel Gefunden : HKCU\Software\UnicoBrowser
Schlüssel Gefunden : HKCU\Software\WajIntEnhance
Schlüssel Gefunden : HKCU\Software\Wnkey
Schlüssel Gefunden : HKCU\Software\YorkNewCin
Schlüssel Gefunden : HKCU\Software\YTDownloader
Schlüssel Gefunden : [x64] HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\ArenaHD
Schlüssel Gefunden : [x64] HKCU\Software\CrossBrowser
Schlüssel Gefunden : [x64] HKCU\Software\GAMESDESKTOP
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\HighDefAction
Schlüssel Gefunden : [x64] HKCU\Software\HomeTab
Schlüssel Gefunden : [x64] HKCU\Software\I - Cinema
Schlüssel Gefunden : [x64] HKCU\Software\I - Cinema-nv-ie
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Linkey
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E9C738F-A05D-499D-BDF0-BD55669112D8}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AEE48452-239C-4174-AB27-61B8A9755906}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\SearchProtectWS
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\Squeaky
Schlüssel Gefunden : [x64] HKCU\Software\TNT2
Schlüssel Gefunden : [x64] HKCU\Software\TutoTag
Schlüssel Gefunden : [x64] HKCU\Software\UnicoBrowser
Schlüssel Gefunden : [x64] HKCU\Software\WajIntEnhance
Schlüssel Gefunden : [x64] HKCU\Software\Wnkey
Schlüssel Gefunden : [x64] HKCU\Software\YorkNewCin
Schlüssel Gefunden : [x64] HKCU\Software\YTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\ArenaHD
Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\c36d199f-731e-9db4-1d29-5320f7a78c94
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataContainer
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataContainer.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataController
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataController.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataTable
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataTable.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\abengine.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{028F96B8-C73A-4C60-B82F-3944A19B046E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{51F7DE65-A990-4213-BDB9-C2657FA7F3F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{879F721E-7F23-4B7F-B65B-F5A8F518864A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5544F7B-C413-4CAC-8DB4-9A8D1986DD86}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B9EE49F9-62A3-408D-858F-4ED9A23BAA24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BF6D8439-BAC1-4E73-94FE-9910D098AE00}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4F14684-336F-44FC-8D9E-8A73DAE003EC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66d59105-fe06-43a4-b292-eb0097e9eb74}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\HighDefAction
Schlüssel Gefunden : HKLM\SOFTWARE\I - Cinema
Schlüssel Gefunden : HKLM\SOFTWARE\I - Cinema-nv-ie
Schlüssel Gefunden : HKLM\SOFTWARE\IHProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\luckysearchesSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66d59105-fe06-43a4-b292-eb0097e9eb74}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103c314-c4e2-4463-8934-b19bcb46236d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97cef41c-5055-474a-855a-892d4fe3e596}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d375ee64-f893-498a-a0e9-0e9829c88c3d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\unicobrowser.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\unicobrowser.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SearchModule
Schlüssel Gefunden : HKLM\SOFTWARE\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\SiteSee
Schlüssel Gefunden : HKLM\SOFTWARE\SpeedBit
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\SupTab
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\TabNav
Schlüssel Gefunden : HKLM\SOFTWARE\Taronja
Schlüssel Gefunden : HKLM\SOFTWARE\Tutorials
Schlüssel Gefunden : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gefunden : HKLM\SOFTWARE\WebProtector
Schlüssel Gefunden : HKLM\SOFTWARE\YorkNewCin
Schlüssel Gefunden : HKLM\SOFTWARE\YTDownloader
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\ArenaHD
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66d59105-fe06-43a4-b292-eb0097e9eb74}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\HighDefAction
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\SearchModule
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\YorkNewCin
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\YTDownloader
Schlüssel Gefunden : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gefunden : HKU\.DEFAULT\Software\I - Cinema-nv-ie
Wert Gefunden : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [UnicoBrowser]
Wert Gefunden : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}

-\\ Mozilla Firefox v37.0.2 (x86 de)

[erufibpf.default] - Zeile Gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[erufibpf.default] - Zeile Gefunden : user_pref("browser.search.searchengine.alias", "oursurfing");
[erufibpf.default] - Zeile Gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/favicon.ico");
[erufibpf.default] - Zeile Gefunden : user_pref("browser.search.searchengine.name", "oursurfing");
[erufibpf.default] - Zeile Gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}");
[erufibpf.default] - Zeile Gefunden : user_pref("browser.startup.homepage", "hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP");
[erufibpf.default] - Zeile Gefunden : user_pref("extensions.2hohwHbviPs0T8aI.scode", "(function(){try{if(window.location.href.indexOf(\"qjs6rdU8qTk4qHYHqjCGrjCHpa\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"fl[...]
[erufibpf.default] - Zeile Gefunden : user_pref("extensions.DkH5nzWsCalEHxu1.scode", "(function(){try{if(window.location.href.indexOf(\"qjs6rdU8qTk4qHYHqjCGrjCHpa\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"fl[...]
[erufibpf.default] - Zeile Gefunden : user_pref("extensions.crossrider.bic", "14d0d5b5953f7837eeb5b4f7b7702433");
[erufibpf.default] - Zeile Gefunden : user_pref("extensions.quick_start.enable_search1", false);
[erufibpf.default] - Zeile Gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[erufibpf.default] - Zeile Gefunden : user_pref("extensions.quick_start@gmail.com.install-event-fired", true);
[erufibpf.default] - Zeile Gefunden : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&q=");

*************************

AdwCleaner[R0].txt - [30696 Bytes] - [13/05/2014 13:44:27]
AdwCleaner[R1].txt - [937 Bytes] - [14/05/2014 20:00:33]
AdwCleaner[R2].txt - [38000 Bytes] - [02/05/2015 15:53:34]
AdwCleaner[S0].txt - [28406 Bytes] - [13/05/2014 13:45:28]
AdwCleaner[S1].txt - [997 Bytes] - [14/05/2014 20:01:05]

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [38178 Bytes] ##########
         
AdwCleaner[S2]:
Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 02/05/2015 um 15:55:53
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Torsten - TORSTEN-HP
# Gestarted von : C:\Users\Teaching\Desktop\adwcleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : abengine
[#] Dienst Gelöscht : BrsHelper
[#] Dienst Gelöscht : cherimoya
[#] Dienst Gelöscht : ClaraUpdater
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : IHProtect Service
Dienst Gelöscht : sbmntr
[#] Dienst Gelöscht : SMUpd
Dienst Gelöscht : SMUpdd
[#] Dienst Gelöscht : WindowsMangerProtect

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SearchModule
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\NetEngine
Ordner Gelöscht : C:\ProgramData\36848e5300006b4a
Ordner Gelöscht : C:\ProgramData\442c5a2b000040c4
Ordner Gelöscht : C:\ProgramData\d1a8812200007e06
Ordner Gelöscht : C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}
Ordner Gelöscht : C:\ProgramData\{edde8b41-5cc6-3f4c-edde-e8b415cc2d05}
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\YTDownloader
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\HighlightSearches
Ordner Gelöscht : C:\Program Files (x86)\I - Cinema
Ordner Gelöscht : C:\Program Files (x86)\Infonaut_1.10.0.13
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro 3.86
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ClaraUpdater
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine
Ordner Gelöscht : C:\Program Files\shopperz
Ordner Gelöscht : C:\Program Files\Common Files\Goobzo
Ordner Gelöscht : C:\Users\Teaching\AppData\Local\BrowserHelper
Ordner Gelöscht : C:\Users\Torsten\SupTab
Ordner Gelöscht : C:\Users\Torsten\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Torsten\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\Torsten\AppData\Local\BrowserHelper
Ordner Gelöscht : C:\Users\Torsten\AppData\Local\UnicoBrowser
Ordner Gelöscht : C:\Users\Torsten\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\WebExtend
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
[!] Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\extension@preispilot.com.xpi
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\sweetsearch@gmail.com
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\quick_searchff@gmail.com
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\W7eblu2@6.com
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\wjVTVk@8OuCq.net
Ordner Gelöscht : C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\Extensions\MGKN37049485@ACPSC11936960.com
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\MGKN37049485@ACPSC11936960.com
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\extension@preispilot.com.xpi
Datei Gelöscht : \END
Datei Gelöscht : \claraInstaller.txt
Datei Gelöscht : C:\Users\Torsten\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Torsten\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Windows\patsearch.bin
Datei Gelöscht : C:\Windows\SysWOW64\abengine.dll
Datei Gelöscht : C:\Windows\SysWOW64\abengineOff.ini
Datei Gelöscht : C:\Users\Torsten\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Program Files\Common Files\System\SysMenu.dll
Datei Gelöscht : C:\Program Files\Common Files\System\SysMenu64.dll
Datei Gelöscht : C:\Windows\System32\abengine64.dll
Datei Gelöscht : C:\Windows\System32\abengineOff.ini
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Unico Browser.lnk
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Unico Browser.lnk
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Datei Gelöscht : C:\Users\Torsten\Desktop\YTDownloader.lnk
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\invalidprefs.js
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\mystartsearch.xml
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : Crossbrowse
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : Inst_Rep
Task Gelöscht : PostPoneInstall
Task Gelöscht : Smp
Task Gelöscht : SMupdate1
Task Gelöscht : YTDownloader
Task Gelöscht : YTDownloaderUpd
Task Gelöscht : NetEngine
Task Gelöscht : Run_Browser
Task Gelöscht : iren3006
Task Gelöscht : LaunchPreSignup
Task Gelöscht : Bidaily Synchronize Task
Task Gelöscht : Microsoft\Windows\Multimedia\SMupdate3
Task Gelöscht : Microsoft\Windows\Maintenance\SMupdate2
Task Gelöscht : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6
Task Gelöscht : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7
Task Gelöscht : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10_user
Task Gelöscht : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4
Task Gelöscht : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5
Task Gelöscht : 685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5_user

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Free Realms.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk
Verknüpfung Desinfiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataContainer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataContainer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTable
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTable.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [UnicoBrowser]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\abengine.EXE
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gelöscht : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\unicobrowser.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\unicobrowser.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\unicobrowser.exe
Schlüssel Gelöscht : HKCU\Software\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}
Schlüssel Gelöscht : HKLM\SOFTWARE\c36d199f-731e-9db4-1d29-5320f7a78c94
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{028F96B8-C73A-4C60-B82F-3944A19B046E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51F7DE65-A990-4213-BDB9-C2657FA7F3F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{879F721E-7F23-4B7F-B65B-F5A8F518864A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5544F7B-C413-4CAC-8DB4-9A8D1986DD86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B9EE49F9-62A3-408D-858F-4ED9A23BAA24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BF6D8439-BAC1-4E73-94FE-9910D098AE00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4F14684-336F-44FC-8D9E-8A73DAE003EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66d59105-fe06-43a4-b292-eb0097e9eb74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66d59105-fe06-43a4-b292-eb0097e9eb74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103c314-c4e2-4463-8934-b19bcb46236d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97cef41c-5055-474a-855a-892d4fe3e596}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d375ee64-f893-498a-a0e9-0e9829c88c3d}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66d59105-fe06-43a4-b292-eb0097e9eb74}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E9C738F-A05D-499D-BDF0-BD55669112D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AEE48452-239C-4174-AB27-61B8A9755906}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\YTDownloader
Schlüssel Gelöscht : HKCU\Software\GAMESDESKTOP
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\CrossBrowser
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Squeaky
Schlüssel Gelöscht : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gelöscht : HKCU\Software\UnicoBrowser
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\HighDefAction
Schlüssel Gelöscht : HKCU\Software\ArenaHD
Schlüssel Gelöscht : HKCU\Software\I - Cinema
Schlüssel Gelöscht : HKCU\Software\I - Cinema-nv-ie
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\CheckMeUp
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\TabNav
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchModule
Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\luckysearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\SiteSee
Schlüssel Gelöscht : HKLM\SOFTWARE\YorkNewCin
Schlüssel Gelöscht : HKLM\SOFTWARE\HighDefAction
Schlüssel Gelöscht : HKLM\SOFTWARE\WebProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\ArenaHD
Schlüssel Gelöscht : HKLM\SOFTWARE\I - Cinema
Schlüssel Gelöscht : HKLM\SOFTWARE\I - Cinema-nv-ie
Schlüssel Gelöscht : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\I - Cinema-nv-ie
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnicoBrowser
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SearchModule
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YorkNewCin
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\HighDefAction
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ArenaHD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v37.0.2 (x86 de)

[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "oursurfing");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/favicon.ico");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "oursurfing");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=ds&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP&q={searchTerms}");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.oursurfing.com/?type=hp&ts=1430451735&z=90867131b13f5d35994f6edgdz5c9eezbw3g1mdoam&from=cmi&uid=ST9500325AS_S2W52KVP");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.2hohwHbviPs0T8aI.scode", "(function(){try{if(window.location.href.indexOf(\"qjs6rdU8qTk4qHYHqjCGrjCHpa\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"fl[...]
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.DkH5nzWsCalEHxu1.scode", "(function(){try{if(window.location.href.indexOf(\"qjs6rdU8qTk4qHYHqjCGrjCHpa\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"fl[...]
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14d0d5b5953f7837eeb5b4f7b7702433");
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start@gmail.com.install-event-fired", true);
[erufibpf.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&q=");

*************************

AdwCleaner[R0].txt - [30696 Bytes] - [13/05/2014 13:44:27]
AdwCleaner[R1].txt - [937 Bytes] - [14/05/2014 20:00:33]
AdwCleaner[R2].txt - [38516 Bytes] - [02/05/2015 15:53:34]
AdwCleaner[S0].txt - [28406 Bytes] - [13/05/2014 13:45:28]
AdwCleaner[S1].txt - [997 Bytes] - [14/05/2014 20:01:05]
AdwCleaner[S2].txt - [34132 Bytes] - [02/05/2015 15:55:53]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [34192  Bytes] ##########
         
Nochmals vielen Dank,
Grüße Torsten

Alt 02.05.2015, 16:04   #7
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Und hier noch der Malewarebytes Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.05.2015
Suchlauf-Zeit: 16:07:45
Logdatei: Malwarebytes Anti-Malware_log.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.02.01
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Torsten

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 415855
Verstrichene Zeit: 47 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 22
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\innfd_1_10_0_13, In Quarantäne, [3c9db3dbcbbf0135d11e68e2b94d7f81], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16c3830b91f96acc4e5de26c9d66956b], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16c3830b91f96acc4e5de26c9d66956b], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [994046483357ea4c2bd91d2be41e1ee2], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [994046483357ea4c2bd91d2be41e1ee2], 
PUP.Optional.UnicoBrowser.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Unico Browser.KQTFO4JMA6O4P6O6HPVC72KR7E, In Quarantäne, [c0193c52ed9d1521b7b914b9ef1423dd], 
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.13, In Quarantäne, [e7f23856ef9b45f195ece6e5ea19ca36], 
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.14, In Quarantäne, [0ccd018d8505ac8afa87547718ebca36], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ba1fddb194f62a0cd79dd6f49e65a858], 
PUP.Optional.UnicoBrowser.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\Unico Browser.KQTFO4JMA6O4P6O6HPVC72KR7E, In Quarantäne, [60797717b1d99a9c2d43f7d67a89ad53], 
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\innfd_1_10_0_14, In Quarantäne, [6277325c97f340f6542b0bc07c877987], 
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INSVC_1.10.0.13, In Quarantäne, [22b706881476d066641c913aa162a060], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV30.04-nv-ie, In Quarantäne, [4d8c4945b2d893a333c50dd318eb8080], 
PUP.Optional.HQVideo.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-1.9, In Quarantäne, [30a94e404d3dfc3ad199b89bb74ef709], 
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [80597c123357280e24b2ff0dfa0add23], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, In Quarantäne, [37a239555b2f33036bc625c451b208f8], 
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [73665d31cbbf0a2ccf890859cb3a31cf], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [2faa0a84751596a0812305cbb152c23e], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [bf1ad4ba9af0d561990b428e867dd030], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\CinemaPlus-3.2cV30.04-nv-ie, In Quarantäne, [03d6b0de107af83ea15715cb1ce7b44c], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\I-Cinema, In Quarantäne, [d108e6a8e9a1e94df43720cf7a89cd33], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, In Quarantäne, [fadfdfaf6426f93df73a8c5dcb38ab55], 

Registrierungswerte: 24
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.htm, CRSBRWSHTML, In Quarantäne, [7564c2ccc5c53df9f95c4b169b6a51af]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.html, CRSBRWSHTML, In Quarantäne, [f7e2ade11c6e1b1b470e0b5627de867a]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.shtml, CRSBRWSHTML, In Quarantäne, [d405127cbad0cf6791c4253c25e00bf5]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.xht, CRSBRWSHTML, In Quarantäne, [7f5aef9f137739fd34217de4e421ca36]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.xhtml, CRSBRWSHTML, In Quarantäne, [964328663b4f00367cd98ad71ce94db3]
PUP.Optional.Mindspark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VideoDownloadConverter Home Page Guard 64 bit, "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe", In Quarantäne, [25b4a4ea53377fb730b7bf7ccd386997]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities, In Quarantäne, [2dac503e3a5033034116a8b99174f709]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.htm, CRSBRWSHTML, In Quarantäne, [0bcedeb04b3fe551e66f164b788d51af]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.html, CRSBRWSHTML, In Quarantäne, [e3f6117d3e4c1026be970859798cad53]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.shtml, CRSBRWSHTML, In Quarantäne, [a138dcb2d5b544f2c19494cdbf46e41c]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.xht, CRSBRWSHTML, In Quarantäne, [d801cac4791142f4243188d935d046ba]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.xhtml, CRSBRWSHTML, In Quarantäne, [e4f58b032a603df96de8421fab5a37c9]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_7, In Quarantäne, [24b5b5d9bccec76f0f9e897ed43003fd], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_473, In Quarantäne, [6c6d7f0f6c1e9f97e3074d9122e19d63], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_478, In Quarantäne, [a039820c5c2e06304aa015c914efbf41], 
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities, In Quarantäne, [e2f7e7a7d3b78aacdd7af26fb94c03fd]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cipyjywi|ImagePath, C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs, In Quarantäne, [7960fb93008ab3834352550728ddf010]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\kygyhosy|ImagePath, C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\jnsp4BCE.tmp, In Quarantäne, [ce0bb0deaddd40f6afe7b7a5b1549a66]
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.13|ImagePath, "C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe", In Quarantäne, [22b706881476d066641c913aa162a060]
PUP.Optional.Searching.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}|URL, hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&q={searchTerms}, In Quarantäne, [3c9df49a5f2bc571e816da82ea1bdb25]
PUP.Optional.Searching.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}|TopResultURL, hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&q={searchTerms}, In Quarantäne, [17c288065b2fb28467970b519f66817f]
PUP.Optional.Searching.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}|TopResultURLFallback, hxxp://www-searching.com/search.aspx?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&q={searchTerms}, In Quarantäne, [7069aee0d1b9be78e71724388184d030]
PUP.Optional.Searching.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}|FaviconURL, hxxp://www-searching.com/favicon.ico, In Quarantäne, [69700985800a6dc94ab4dc80798c47b9]
PUP.Optional.Searching.A, HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}|FaviconURLFallback, hxxp://www-searching.com/favicon.ico, In Quarantäne, [04d5bdd13b4f85b17b831b4172932dd3]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 25
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C, In Quarantäne, [5287414d602a76c0010c1b43cb3a39c7], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446662-A127-DB63-31137A137A6C, In Quarantäne, [7168eda1eb9fb77f1ef5d589877e25db], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.131302, In Quarantäne, [f4e5eca2d0ba1f178b4dd1dbd72c758b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.148561, In Quarantäne, [b02995f9fd8d51e59b3d09a332d116ea], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.203714, In Quarantäne, [6b6ebdd13b4f6fc77761feaef80b54ac], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.27336, In Quarantäne, [4b8e880672183afc934513998b78ed13], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.61068, In Quarantäne, [52877f0fd2b8ae8883559517798ab34d], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\tools, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\tools, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\content, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\tools, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 

Dateien: 253
PUP.Optional.Infonaut.A, C:\Windows\System32\drivers\innfd_1_10_0_13.sys, In Quarantäne, [3c9db3dbcbbf0135d11e68e2b94d7f81], 
PUP.Optional.OptimizerPro, C:\ProgramData\loz\165878D2A8B544BBADC4BD7D26D8874D\setup.exe, In Quarantäne, [fedb2767503a5adcac0fdc650af89967], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\loz\346F8AF3A60345B4AA8CE796EBF7BCAD\setup.exe, In Quarantäne, [fbdecbc3008ae2544a8c7be39c64ac54], 
PUP.Optional.CrossRider.A, C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh.exe, In Quarantäne, [c019b8d636543ef889efdc7bd12f55ab], 
PUP.Optional.CrossRider.A, C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8.exe, In Quarantäne, [8851ff8f7e0c75c199dfd87ff30daf51], 
PUP.Adware.InstallCore, C:\$Recycle.Bin\S-1-5-21-3863440553-3622452381-3390168598-1000\$R7C0HJA.exe, In Quarantäne, [6475a1ed4f3b9e9823a29a0ddd232dd3], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\nsm42E1.tmp, In Quarantäne, [8d4c3b532e5c76c0e3582b78a45d52ae], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\nsmB723.tmp, In Quarantäne, [b425e6a844469f97f64561422ed3b848], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\nsoEDD5.tmp, In Quarantäne, [d2076c221377fe38211a3172b24f0af6], 
Trojan.FakeAlert, C:\Users\Torsten\AppData\Local\Temp\TVwAXRGa.zip.part, In Quarantäne, [48916b23b1d91d197f46789a6c948c74], 
Trojan.Downloader, C:\Users\Torsten\AppData\Local\Temp\nsz3AB5.tmp, In Quarantäne, [c613414ddbaf82b4c21e65d7758ec040], 
PUP.Optional.Bundle, C:\Users\Torsten\AppData\Local\Temp\nsz3AB6.tmp, In Quarantäne, [35a4c4ca19716ec8a81e2ad4fa0b0bf5], 
PUP.Optional.DomaIQ, C:\Users\Torsten\AppData\Local\Temp\dfsF913.tmp, In Quarantäne, [25b4eea0f199270f4f3641d63dc6fc04], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsaE054.exe, In Quarantäne, [ab2e49456e1c30064f651b4018e95da3], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsc3252.exe, In Quarantäne, [5e7be2aca7e3f93d7c3888d3fa0758a8], 
PUP.Optional.Imali.SID.A, C:\Users\Torsten\AppData\Local\Temp\nseA9EB.tmp, In Quarantäne, [d80176182664b87e56a9c189e5212ed2], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsgB236.exe, In Quarantäne, [38a196f88a0026105b59f06bfd04b54b], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsgEDF2.exe, In Quarantäne, [9742137bb9d1b383d6de5cffd8295ea2], 
PUP.Optional.Tuto4PC.A, C:\Users\Torsten\AppData\Local\Temp\nshDC47.tmp, In Quarantäne, [6673f39b98f296a0a7714b0040c6ce32], 
PUP.Optional.AnyProtect.A, C:\Users\Torsten\AppData\Local\Temp\nshFAA5.tmp, In Quarantäne, [f2e799f5b6d4023475dde16927df9868], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\nsj46DA.tmp, In Quarantäne, [08d15e3068224fe7bc7faaf9768b41bf], 
PUP.Optional.OfferInstaller.C, C:\Users\Torsten\AppData\Local\Temp\sdf83DE.exe, In Quarantäne, [74653a545832f83e3af774c76d959e62], 
PUP.Optional.SweetIM, C:\Users\Torsten\AppData\Local\Temp\Shortcut_swe-et-imBundle.exe, In Quarantäne, [07d2e7a794f63006b087b383996d3ac6], 
PUP.Optional.CrossRider, C:\Users\Torsten\AppData\Local\Temp\9899.exe, In Quarantäne, [5e7b1d7129617abc30ffce1654ada957], 
Backdoor.Agent.RCGen, C:\Users\Torsten\AppData\Local\Temp\mBq96GZH.zip.part, In Quarantäne, [f5e4e8a6dfab9b9b5706e0db4ab60bf5], 
PUP.Optional.SweetIM, C:\Users\Torsten\AppData\Local\Temp\mgsqlite3.dll, In Quarantäne, [b227bcd2058559dd4ee97abced195da3], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\ICReinstall_nsj46DA.tmp, In Quarantäne, [d1080c8241495fd78daebce7df22649c], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\ICReinstall_nsm42E1.tmp, In Quarantäne, [72676f1f7812af873209861dd130d52b], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\ICReinstall_nsmB723.tmp, In Quarantäne, [77623955c9c1053107342e755ea3d828], 
PUP.Optional.InstallCore.A, C:\Users\Torsten\AppData\Local\Temp\ICReinstall_nsoEDD5.tmp, In Quarantäne, [a435c3cbb6d491a586b5c8dbe120ab55], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsqF311.exe, In Quarantäne, [f4e5e1ad741687afe1d381da9e63728e], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsr36A6.exe, In Quarantäne, [18c10f7fa8e20432eec6e87332cff40c], 
PUP.Optional.PreBackup.A, C:\Users\Torsten\AppData\Local\Temp\5e11e2d375d442f882caa244a85dfcba280305.exe, In Quarantäne, [9c3da8e6c6c4ac8aec4901737789d927], 
Trojan.Agent.rfz, C:\Users\Torsten\AppData\Local\Temp\fN66Ynpj.zip.part, In Quarantäne, [c316ddb1eaa02d0910bc9bb7cd349b65], 
PUP.Optional.CrossRider.A, C:\Users\Torsten\AppData\Local\Temp\1784.exe, In Quarantäne, [41980589127870c6f7e98eb4c046cf31], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsqB7F1.exe, In Quarantäne, [7663bed0c7c382b4862e88d3b44dee12], 
PUP.Optional.Mypcbackup, C:\Users\Torsten\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [cf0ae1ad75152610f6385eed55b14eb2], 
Backdoor.Agent.RCGen, C:\Users\Torsten\AppData\Local\Temp\oqTapR6I.zip.part, In Quarantäne, [4792ace264261c1aa1bce5d679875da3], 
Backdoor.Agent.RCGen, C:\Users\Torsten\AppData\Local\Temp\_vPLoKRx.zip.part, In Quarantäne, [f3e6503e058536004815417a12eebe42], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsw22F2.exe, In Quarantäne, [4f8a3d5133576bcb6b494714b1500cf4], 
PUP.Optional.SearchProtect.A, C:\Users\Torsten\AppData\Local\Temp\nsw2785.exe, In Quarantäne, [ab2e018d9feba393e2d2253638c97f81], 
PUP.Optional.LuckySearches.A, C:\Users\Torsten\AppData\Local\Temp\nswCF82.tmp, In Quarantäne, [5d7ce3abf298bb7bfd049eacec1adc24], 
PUP.Optional.Goobzo, C:\Users\Torsten\AppData\Local\Temp\Install_17249\ins_ytd.exe, In Quarantäne, [0ccdb8d64545072f0730f05b986eef11], 
PUP.Optional.OptimizerPro, C:\Users\Torsten\AppData\Local\Temp\is-3PDMQ.tmp\optimizerpro_soft_partner.exe, In Quarantäne, [f7e2e4aa741658de516ae8596a9805fb], 
PUP.Optional.Infonaut.A, C:\Users\Torsten\AppData\Local\Temp\is-76OBM.tmp\infonaut.exe, In Quarantäne, [fbde404eacde2313bd327dcd17efc838], 
PUP.Optional.OptimizerPro, C:\Users\Torsten\AppData\Local\Temp\is-BJDIL.tmp\optimizerpro_soft_partner.exe, In Quarantäne, [73667d11d9b1c571902b7ac742c048b8], 
PUP.Optional.Conduit.A, C:\Users\Torsten\AppData\Local\Temp\nsl595C\SpSetup.exe, In Quarantäne, [e6f3147ad3b750e6a602ba96bb46ac54], 
PUP.Optional.RinoReader.A, C:\Users\Torsten\AppData\Local\Temp\c9b17661-b7e5-4d47-8cce-e3f9350bc671\setup.exe, In Quarantäne, [8f4a4e404644c373a8a99fd47b8536ca], 
PUP.Optional.SkyTech.A, C:\Users\Torsten\AppData\Local\Temp\tmp-RunningMan\QQBrowserFrame.dll, In Quarantäne, [e0f992fcdeacb77f829af412857db44c], 
PUP.Optional.Tuto4PC.A, C:\Users\Torsten\AppData\Local\Temp\31130fbc-859f-4f10-b732-8d4efba81ed4\games desktop.exe, In Quarantäne, [00d92b6339513501b46464e740c6bb45], 
PUP.Optional.ProPlusExtender.A, C:\Users\Torsten\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_83.exe, In Quarantäne, [02d7bcd24941e551b59fb893de24ea16], 
PUP.Optional.OfferInstaller.C, C:\Users\Torsten\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, In Quarantäne, [677237570c7e0333151cfc3fb0528d73], 
PUP.Optional.MyStartSearch.A, C:\Users\Torsten\AppData\Local\Temp\fdf05567-c1aa-498e-8ee0-85f310ad6edb\lly_mystartsearch.exe, In Quarantäne, [68711a7483072b0bbcfd6ddd4bbb857b], 
PUP.Optional.Conduit.A, C:\Users\Torsten\AppData\Local\Temp\nsbD2A0\SpSetup.exe, In Quarantäne, [fbdeeda13c4ec571b0f8123eec15a957], 
PUP.Optional.OpenCandy, C:\Users\Torsten\AppData\Local\Temp\nsj369F.tmp\OCSetupHlp.dll, In Quarantäne, [eeebd6b89febcd69e1c511254abc08f8], 
PUP.Optional.SweetIM, C:\Users\Torsten\AppData\Local\Temp\2827278562\chromeupdaterfull.exe, In Quarantäne, [3b9e4b437b0f81b578bfcc6af115c23e], 
PUP.Optional.SkyTech.A, C:\Users\Torsten\AppData\Local\Temp\fullpackage_temp1399976181\alilog.dll, In Quarantäne, [e2f75d31a5e566d0f72539cde71bac54], 
PUP.Optional.V9.A, C:\Users\Torsten\AppData\Local\Temp\fullpackage_temp1399976181\qSE.exe, In Quarantäne, [5287b5d997f3280e2cd4014a1be5fa06], 
PUP.Optional.IePluginService.A, C:\Users\Torsten\AppData\Local\Temp\fullpackage_temp1399976181\tmp\SupTab.exe, In Quarantäne, [32a7f8963654360038f74e3a887944bc], 
PUP.Optional.WpManager, C:\Users\Torsten\AppData\Local\Temp\fullpackage_temp1399976181\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [e0f9fc92c9c1db5b616c3f53d1303dc3], 
PUP.Optional.Adlyrics.A, C:\Users\Torsten\AppData\Local\Temp\4d691d47-21ff-45d4-8118-628dc3a1753a\5555-1007_checkmeup.exe, In Quarantäne, [d900ace26d1d3afc99bab9921ae843bd], 
Backdoor.Bot, C:\Users\Torsten\AppData\Local\Temp\android\android.exe, In Quarantäne, [b326bfcfc0ca6cca8c35dfbf33cedb25], 
PUP.Optional.WebBar.A, C:\Users\Torsten\AppData\Local\Temp\ba6e4670-f809-4aee-9bd6-486f8f514459\web_bar_setup.exe, In Quarantäne, [5e7b4648e8a249ed0665ec5248bae61a], 
PUP.Optional.MixVideoPlayer.A, C:\Users\Torsten\AppData\Local\Temp\08f8a91e-c80c-4223-825e-8af2324b50b5\mixvideoplayersetup.exe, In Quarantäne, [2bae305e602a8aac0ff8beb29769f808], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\GoogleCrashHandler.exe, In Quarantäne, [92475638c8c241f502024cfc46bcb947], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\GoogleUpdate.exe, In Quarantäne, [994046483357ea4c2bd91d2be41e1ee2], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\GoogleUpdateBroker.exe, In Quarantäne, [d405e6a8a8e20a2cb054a3a56e94b848], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\GoogleUpdateOnDemand.exe, In Quarantäne, [2cadace25a301026d430e06806fc5ba5], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\goopdate.dll, In Quarantäne, [538691fddeaccd6954b073d5a85ab24e], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\goopdateres_en.dll, In Quarantäne, [1abfaee098f2bb7b8282b098ce34867a], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\npGoogleUpdate4.dll, In Quarantäne, [2baee9a52c5e0f27fb0967e1738f6c94], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\psmachine.dll, In Quarantäne, [5a7f840ab9d13ff72ada97b109f9867a], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.131302\psuser.dll, In Quarantäne, [c21795f9602afe38c53f01478979a858], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\GoogleCrashHandler.exe, In Quarantäne, [7d5ccbc38ffbaa8cd3312a1e24de758b], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\GoogleUpdate.exe, In Quarantäne, [ae2b3d51f09a4de9d034450358aaa55b], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\GoogleUpdateBroker.exe, In Quarantäne, [17c2eca29befcf6734d09dab887a47b9], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\GoogleUpdateOnDemand.exe, In Quarantäne, [5a7f85095e2c89ad50b457f15aa8a15f], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\goopdate.dll, In Quarantäne, [15c4d4ba98f21a1cfa0a75d3c240c937], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\goopdateres_en.dll, In Quarantäne, [d4052e608a007db99e66dd6b11f19e62], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\npGoogleUpdate4.dll, In Quarantäne, [9b3e0e80e6a476c006fe3513aa585aa6], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\psmachine.dll, In Quarantäne, [b5243e50b5d535012adaaa9ee121fc04], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.148561\psuser.dll, In Quarantäne, [3a9f9af4d6b4fe383aca65e3f30f9a66], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\GoogleCrashHandler.exe, In Quarantäne, [e6f3a0eec0cac670966e2b1d0ff36c94], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\GoogleUpdate.exe, In Quarantäne, [6c6d29653753a98d8c782a1ec93930d0], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\GoogleUpdateBroker.exe, In Quarantäne, [15c42c62266450e6e22293b528dae31d], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\GoogleUpdateOnDemand.exe, In Quarantäne, [5089800e800ab0869a6adc6c49b97e82], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\goopdate.dll, In Quarantäne, [8e4bc0ce2e5cbe7834d049ff2ed4e31d], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\goopdateres_en.dll, In Quarantäne, [01d8820cc4c6bd79a85c34140101d12f], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\npGoogleUpdate4.dll, In Quarantäne, [5782c4ca731764d264a0d8703bc735cb], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\psmachine.dll, In Quarantäne, [a930602e3c4e3600b054c187639f9c64], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.203714\psuser.dll, In Quarantäne, [3b9e99f5b5d50a2c0bf90444d32fdb25], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\GoogleCrashHandler.exe, In Quarantäne, [a435018dfc8ec4728183f1579d6558a8], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\GoogleUpdate.exe, In Quarantäne, [b623e0ae5b2ffe38f80c2028c53d8878], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\GoogleUpdateBroker.exe, In Quarantäne, [f6e3fc92cac07bbb5ea63e0a16ece41c], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\GoogleUpdateOnDemand.exe, In Quarantäne, [2aaf2569f59583b3b351ce7a8b77a957], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\goopdate.dll, In Quarantäne, [6f6a8c02c7c3ef470ef6ac9cea18c33d], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\goopdateres_en.dll, In Quarantäne, [f7e2a2ec2b5f0531f410c286c141619f], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\npGoogleUpdate4.dll, In Quarantäne, [01d8aee045451224a064e068ae54639d], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\psmachine.dll, In Quarantäne, [e2f70a84f397999d15efff49649e9a66], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.27336\psuser.dll, In Quarantäne, [f5e40e80f397aa8cf70d9fa99d656d93], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\GoogleCrashHandler.exe, In Quarantäne, [ce0b8d0169214fe729dbbd8b7d856a96], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\GoogleUpdate.exe, In Quarantäne, [5980a4ea0a80e551848051f7ec16d729], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\GoogleUpdateBroker.exe, In Quarantäne, [d0092c628ffbcb6b8b7963e55ba76f91], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\GoogleUpdateOnDemand.exe, In Quarantäne, [52874d413a50999d7e86f94fed15c63a], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\goopdate.dll, In Quarantäne, [3a9faee0e1a95cda6e967ace22e023dd], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\goopdateres_en.dll, In Quarantäne, [9e3b3757b3d73df96e96d771946e827e], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\npGoogleUpdate4.dll, In Quarantäne, [805917775535eb4b60a41c2c7f830cf4], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\psmachine.dll, In Quarantäne, [4792c7c7f19947efee1651f7c33f4cb4], 
PUP.Optional.ModGoog, C:\Users\Torsten\AppData\Local\Temp\comh.61068\psuser.dll, In Quarantäne, [cf0a0d81fd8d67cf43c14dfbc33f7b85], 
PUP.Optional.SystemNotifier.A, C:\Users\Torsten\AppData\Local\Temp\db623289-da40-4126-a0f2-e1419e7fdcc7\mini_installer.exe, In Quarantäne, [a237fa945c2e082e8324fd4c4fb79070], 
PUP.Optional.CrossRider, C:\Users\Torsten\AppData\Local\Temp\DwlTempFolder\temp.exe, In Quarantäne, [8c4dafdf434750e6c06ff9eb42bf41bf], 
PUP.Optional.Clara.A, C:\Users\Torsten\AppData\Local\Temp\ededee87-00c4-4f8b-ac42-7ed1bee4623d\unicobrowser.exe, In Quarantäne, [607990febad060d69d2c41a144bdd42c], 
Backdoor.Bot, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\android.exe, In Quarantäne, [66730d81e4a67abcdbe61f7f22df57a9], 
PUP.Optional.Conduit.A, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\spidentifierimpl.exe, In Quarantäne, [1cbd07878cfe360077cb595c0df4847c], 
PUP.Optional.Mypcbackup, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\software\Cloud_Backup_Setup.exe, In Quarantäne, [9841711d59310b2b37f79ab19670f10f], 
Adware.EoRezo, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\software\Freesofttoday.exe, In Quarantäne, [4594117de0aa73c3d4199210a95839c7], 
PUP.Optional.ScramblePacker.A, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\software\mediaplayerplus.exe, In Quarantäne, [6a6f632b7a10c86e980de7c6e21f18e8], 
PUP.Optional.NewPlayer, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\software\New_Player.exe, In Quarantäne, [07d2a9e5b1d961d5a5d18a4caa574ab6], 
PUP.Optional.ScramblePacker.A, C:\Users\Torsten\AppData\Local\Temp\8de16e29-bdf0-4df9-a187-8d9bdb584288\software\setup.exe, In Quarantäne, [daffbcd2c5c53ff78e17931afd04c53b], 
PUP.Optional.Tuto4PC.A, C:\Users\Torsten\AppData\Local\Temp\is-FBH2F.tmp\gentlemjmp_ieu.exe, In Quarantäne, [6178c9c5c6c439fd9e7a9cafd2344fb1], 
PUP.Optional.Tuto4PC.A, C:\Users\Torsten\AppData\Local\Temp\is-QC222.tmp\gentlemjmp_ieu.exe, In Quarantäne, [5584d5b9f595cb6b41d74cffa75f4ab6], 
PUP.Optional.Tuto4PC.A, C:\Users\Torsten\AppData\Local\Temp\is-QESUR.tmp\gentlemjmp_ieu.exe, In Quarantäne, [6a6f513dd3b71c1ab068c78418eeeb15], 
PUP.Optional.AnyProtect.A, C:\Users\Torsten\AppData\Local\Temp\is45637729\45980624_stp\AnyProtectScannerSetup.exe, In Quarantäne, [98415c32bdcd9c9ae86a29212fd77f81], 
PUP.Optional.AnyProtect.A, C:\Users\Torsten\AppData\Local\Temp\is45637729\47211672_stp\AnyProtectScannerSetup.exe, In Quarantäne, [5584137b3c4e36004c06da70eb1b59a7], 
PUP.Optional.AnyProtect.A, C:\Users\Torsten\AppData\Local\Temp\is45637729\48427899_stp\AnyProtectScannerSetup.exe, In Quarantäne, [7564494596f485b1ba98e16931d58e72], 
PUP.Optional.AnyProtect.A, C:\Users\Torsten\AppData\Local\Temp\is45637729\49641271_stp\AnyProtectScannerSetup.exe, In Quarantäne, [994089055238f2449ab854f6ca3c7c84], 
PUP.Optional.OpenCandy, C:\Users\Torsten\Downloads\winamp5623_full_emusic-7plus_de-de.exe, In Quarantäne, [a237bdd1c3c756e0e8bee84ef5119967], 
PUP.Optional.OpenCandy, C:\Users\Torsten\Downloads\winamp563_full_emusic-7plus_de-de.exe, In Quarantäne, [ffda91fd602a072f26801e185caa3bc5], 
PUP.Optional.Softonic.SID.C, C:\Users\Torsten\Downloads\Setup.exe, In Quarantäne, [6673b9d5c5c524121bf1b596877f9b65], 
PUP.Optional.Downloader, C:\Users\Torsten\Downloads\PowerPoint Viewer - CHIP-Installer.exe, In Quarantäne, [ca0fe6a8bad042f4fb6dfc718a7605fb], 
PUP.Optional.AnyProtect.A, C:\Users\Torsten\AppData\Local\nshFAA5.tmp, In Quarantäne, [9643721c4842a294440e2b1fed1949b7], 
PUP.Optional.SpeedBit, C:\Users\Torsten\AppData\Local\Installer\Install_26235\DCytdkietut_tutdk_setup.exe, In Quarantäne, [eaefbed08604092db35098b5d62caa56], 
PUP.Optional.SpeedBit, C:\Users\Torsten\AppData\Local\Installer\Install_27865\DCytdkietut_tutdk_setup.exe, In Quarantäne, [5188cdc19ceee1555fa49eafb9494fb1], 
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf, In Quarantäne, [5386eca2b4d6b68076bc6b6816ed936d], 
PUP.Optional.ABEngine.A, C:\Users\Torsten\AppData\Local\Temp\abengine.log, In Quarantäne, [aa2f95f9781212248e349c3b28dbd62a], 
PUP.Optional.ABEngine.A, C:\Windows\Temp\abengine.log, In Quarantäne, [1abfddb14248d660c6fc8c4b15ee0df3], 
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32, In Quarantäne, [3d9c5935b3d759ddc835cb2361a25ca4], 
PUP.Optional.Vitruvian.A, C:\Users\Torsten\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [8a4f7d11266463d310ed005674919f61], 
PUP.Optional.Vitruvian.A, C:\Users\Torsten\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [12c71975315951e58e6f7bdb1fe6a957], 
PUP.Optional.Vitruvian.A, C:\Users\Torsten\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [4693652947439e98cb324e0857ae4cb4], 
PUP.Optional.Vitruvian.A, C:\Users\Torsten\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [04d55c32f8924cea7885322452b3e020], 
PUP.Optional.Vitruvian.A, C:\Users\Torsten\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [d306325c692146f0b14c490da263a060], 
PUP.Optional.Vitruvian.A, C:\Users\Torsten\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, In Quarantäne, [b623e5a9a7e352e4feff7adc3ec72fd1], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C\onsb4FB9.tmp, In Quarantäne, [5287414d602a76c0010c1b43cb3a39c7], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C\pnsl5046.exe, In Quarantäne, [5287414d602a76c0010c1b43cb3a39c7], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C\rnsb4FB8.exe, In Quarantäne, [5287414d602a76c0010c1b43cb3a39c7], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C\snsw4FA7.tmp, In Quarantäne, [5287414d602a76c0010c1b43cb3a39c7], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Local\B63BBC13-1430454056-A127-DB63-31137A137A6C\Uninstall.exe, In Quarantäne, [5287414d602a76c0010c1b43cb3a39c7], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446662-A127-DB63-31137A137A6C\vnsz45AD.tmp, In Quarantäne, [7168eda1eb9fb77f1ef5d589877e25db], 
PUP.Optional.MultiPlug.A, C:\Users\Torsten\AppData\Roaming\B63BBC13-1430446662-A127-DB63-31137A137A6C\Uninstall.exe, In Quarantäne, [7168eda1eb9fb77f1ef5d589877e25db], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.131302\GoogleUpdateHelper.msi, In Quarantäne, [f4e5eca2d0ba1f178b4dd1dbd72c758b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.148561\GoogleUpdateHelper.msi, In Quarantäne, [b02995f9fd8d51e59b3d09a332d116ea], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.203714\GoogleUpdateHelper.msi, In Quarantäne, [6b6ebdd13b4f6fc77761feaef80b54ac], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.27336\GoogleUpdateHelper.msi, In Quarantäne, [4b8e880672183afc934513998b78ed13], 
PUP.Optional.GlobalUpdate.A, C:\Users\Torsten\AppData\Local\Temp\comh.61068\GoogleUpdateHelper.msi, In Quarantäne, [52877f0fd2b8ae8883559517798ab34d], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome.manifest, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\install.rdf, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\content.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\html5slider.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\jquery-1.8.3.min.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\li.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\main.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\main.xul, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\options.html, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\options.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\tools.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\tr.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\content\zoom.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\button.png, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\icon32x32-disabled.png, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\icon32x32.png, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\options.css, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\options_bg.png, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\otaznik.png, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\chrome\skin\slider.png, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\addon_d.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\addon_info.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\file_cacher.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\guid.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\observer.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\pref_man.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\pu_upd.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\timer.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\time_passed.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\xcipher.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\tools\days_passed.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\tools\ff_info.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\tools\firstrun.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{cccff9e1-cf06-8e2a-9ee5-5a99cd322078}\modules\tools\os.js, In Quarantäne, [aa2f9fef90fad363fb0b74d87f87b848], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome.manifest, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\install.rdf, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\content.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\html5slider.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\jquery-1.8.3.min.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\li.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\main.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\main.xul, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\options.html, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\options.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\tools.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\tr.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\content\zoom.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\button.png, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\icon32x32-disabled.png, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\icon32x32.png, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\options.css, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\options_bg.png, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\otaznik.png, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\chrome\skin\slider.png, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\addon_d.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\addon_info.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\file_cacher.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\guid.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\observer.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\pref_man.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\pu_upd.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\timer.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\time_passed.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\xcipher.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\tools\days_passed.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\tools\ff_info.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\tools\firstrun.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.ZoomIt.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{eeae344b-96c4-9874-4dfd-ad30d8e98333}\modules\tools\os.js, In Quarantäne, [dcfd2d61b5d585b1887e301c5da9a858], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\install.rdf, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome.manifest, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\content\main.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\content\main.xul, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\content\tools.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\content\tr.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\content\wp.html, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\favicon.ico, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\icon16x16.png, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\icon32x32.png, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\loader.css, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\main.css, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\notSafe150x30.png, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\safe150x30.png, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\chrome\skin\wp.css, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\AddonInfo.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\FileCacher.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\GUID.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\MessageDisplayer.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\Observer.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\PrefMan.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\TimePassed.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\Timer.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\ToolbarButton.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\WebsiteVerifier.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\tools\DaysPassed.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\tools\FFInfo.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\tools\Firstrun.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.WebProtector.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\{091b6afa-55ed-d744-2edb-3f53f48efa6f}\modules\tools\Os.js, In Quarantäne, [e2f7a5e9355545f1096013388581768a], 
PUP.Optional.MyStartSearch.A, C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\search.json, Gut: (), Schlecht: (mystartsearch), Ersetzt,[5f7ae5a96228072fe6bc74d8996dc63a]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

Alt 02.05.2015, 17:57   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Schritt 1
Download von ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    systemspecs;
    autoclean;
    FFdefaults;
    iedefaults;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.

Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 18:18   #9
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Bei Microsoft Security Essentials hab ich keine Möglichkeit gefunden, das Programm zu deaktivieren, lediglich eine Möglichkeit den Echtzeitschutz du deaktivieren. I hoffe, das ist ausreichend. Die Logs kommen dann gleich.

Danke, Torsten

Alt 02.05.2015, 18:19   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Zitat:
Zitat von TSOW Beitrag anzeigen
lediglich eine Möglichkeit den Echtzeitschutz du deaktivieren.
Hallo Torsten,
genau das ist gemeint. Prima gemacht!
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 18:30   #11
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Funktioniert nicht. Hab zoek gedoppelklickt. Dann kommt ein Popup "Wollen Sie zulassen,dass das Programm ... " - auf "Ja" geklickt und nichts passiert, keine Programmoberfläche, keine Skriptbox, garnichts.

Zu ungeduldig - jetzt ist sie da ...

Alt 02.05.2015, 18:30   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Steht aber in der Anleitung gell....
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 20:09   #13
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Hier schonmal der Zoek Log:
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Torsten on 02.05.2015 at 19:27:54,48.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Torsten\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

02.05.2015 19:31:51 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Teaching\AppData\Roaming\hpqlog deleted successfully
C:\Users\Torsten\AppData\Roaming\TP deleted successfully
C:\Users\Teaching\AppData\Local\PDFC deleted successfully
C:\Users\Teaching\AppData\Local\VirtualStore deleted successfully
C:\Users\Torsten\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FBB2A64-1698-42FB-B14D-FA35C84761C} deleted successfully
HKEY_USERS\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8E6B592-752C-4754-8C21-57B8886532D2} deleted successfully
HKEY_USERS\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCE10165-92A7-4CC5-BEC3-6D4AAEAA2F49} deleted successfully
HKEY_USERS\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5F20DE2-8F93-4471-A681-16AD4F8B0A7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-3863440553-3622452381-3390168598-1000\Software\Mozilla\Firefox\Extensions\cliqz@cliqz.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\prefs.js:

Added to C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default\prefs.js:

Added to C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\prefs.js:
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default\prefs.js:

Added to C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default

user.js not found
---- Lines extensions.2hohwHbviPs0T8aI removed from prefs.js ----
user_pref("extensions.2hohwHbviPs0T8aI.epoch", "1430664366");
user_pref("extensions.2hohwHbviPs0T8aI.url", "hxxp://sunveteranbox.info/sync2/?q=hfZ9ofV9CShEAen0qjk6rdYMg708BNmGWj8wmihGheDUojw8rdkErjaGrHY9qihIC7n0r
---- Lines extensions.DkH5nzWsCalEHxu1 removed from prefs.js ----
user_pref("extensions.DkH5nzWsCalEHxu1.epoch", "1430664367");
user_pref("extensions.DkH5nzWsCalEHxu1.url", "hxxp://good-tech.net/sync2/?q=hfZ9oemMhdCHtNbPhd98qjCEpchTB6lKDzt4okmxtNtVh7n0rjkEqjaFrdsHpds6tMFHhd9Fqj
---- FireFox user.js and prefs.js backups ---- 

prefs__2020_.backup

ProfilePath: C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__2020_.backup

ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default

user.js not found
---- Lines Customized removed from prefs.js ----
user_pref("extensions.testpilot.alreadyCustomizedToolbar", true);
---- Lines ffxtbr removed from prefs.js ----
user_pref("extensions.4zffxtbr@VideoDownloadConverter_4z.com.install-event-fired", true);
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----
user_pref("extensions.{EEE6C361-6118-11DC-9C72-001320C79847}.install-event-fired", true);
---- Lines Sweet removed from prefs.js ----
user_pref("extensions.sweetsearch@gmail.com.install-event-fired", true);
---- Lines extensions.2hohwHbviPs0T8aI removed from prefs.js ----
user_pref("extensions.2hohwHbviPs0T8aI.epoch", "1430534602");
user_pref("extensions.2hohwHbviPs0T8aI.url", "hxxp://styleuniit.com/sync2/?q=hfZ9ofV9CShEAen0qjk6rdYMg708BNmGWj8wmihGheDUojw8rdkErjaGrHY9qihIC7n0rjkEq
---- Lines extensions.DkH5nzWsCalEHxu1 removed from prefs.js ----
user_pref("extensions.DkH5nzWsCalEHxu1.epoch", "1430534602");
user_pref("extensions.DkH5nzWsCalEHxu1.url", "hxxp://couponbluemy.us/sync2/?q=hfZ9oemMhdCHtNbPhd98qjCEpchTB6lKDzt4okmxtNtVh7n0rjkEqjaFrdsHpds6tMFHhd9F
---- Lines cliqz@cliqz.com removed from prefs.js ----
user_pref("extensions.cliqz@cliqz.com.install-event-fired", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"cliqz@cliqz.com\":{\"d\":\"C:\\\\Users\\\\Torsten\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\
---- FireFox user.js and prefs.js backups ---- 

prefs__2020_.backup

ProfilePath: C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__2020_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~3\17787909045536261969 deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Torsten\AppData\Local\Installer deleted
C:\Users\Torsten\AppData\Local\CrashRpt deleted
C:\Users\Torsten\AppData\LocalLow\Company deleted
C:\windows\SysNative\tasks\SMWUpd deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Torsten\Documents\Optimizer Pro deleted
C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\foxydeal.json deleted
C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\foxydeal.sqlite deleted
C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\jetpack deleted
C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\extensions\W7eblu2@6.com deleted
C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\extensions\wjVTVk@8OuCq.net deleted
"C:\Users\Torsten\AppData\Roaming\m05cG0IkR3XvF8" deleted
"C:\Windows\tasks\m05cG0IkR3XvF8.job" deleted
"C:\Windows\SysNative\tasks\m05cG0IkR3XvF8" deleted
"C:\Users\Torsten\AppData\Roaming\OoANG5Rb7VhFysX0ilN9XzYh" deleted
"C:\Windows\tasks\OoANG5Rb7VhFysX0ilN9XzYh.job" deleted
"C:\Windows\SysNative\tasks\OoANG5Rb7VhFysX0ilN9XzYh" deleted
"C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\websearches.sqlite" deleted
"C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\extensions\cliqz@cliqz.com.xpi" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8044 MB
CPU Info: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
CPU Speed: 2105,3 MHz
Sound Card: Lautsprecher (Realtek High Defi | 
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; PnP-Monitor (Standard) | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth-Gerät (PAN) | Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVDRAM GT50N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  450,6GB | D:  14,9GB | F:  99,0MB | Q:  0,0MB
Hard Disks - Free: C:  166,8GB | D:  1,8GB | F:  84,6MB | Q:  0,0MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 12/17/11 | HPQOEM - 1
Time Zone: Mitteleuropäische Zeit
Motherboard *: Hewlett-Packard 3672
Country: Deutschland 
Language: DEU 

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox	37.0.2
Internet Explorer Version: 11.0.9600.17728 
Mozilla Firefox version: 37.0.2 (x86 de)
Adobe Reader version: 10.1.9.22
Flash Player version: 17.0.0.169

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
- Myanmar Converter - %ProfilePath%\extensions\myanmar-converter@thanlwinsoft.org
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- ProxTube - %ProfilePath%\extensions\ich@maltegoetz.de.xpi
- DuckDuckGo Plus - %ProfilePath%\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC	- C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aakchaleigkohafkfjfjbblobjifikek - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx[19.04.2012 15:10]
kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Torsten\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Torsten\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Teaching\AppData\Local\Mozilla\Firefox\Profiles\5sd3ty35.default\cache2 emptied successfully
C:\Users\Torsten\AppData\Local\Mozilla\Firefox\Profiles\erufibpf.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=157 folders=53 24073503 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Teaching\AppData\Local\Temp will be emptied at reboot
C:\Users\Torsten\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Torsten\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Teaching\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not found
"C:\Users\Teaching\AppData\Local\Temp\nsyC2C3.tmp" not found
"C:\Users\Teaching\AppData\Local\Temp\~DF05E58B62919DFB29.TMP" not found
"C:\Users\Teaching\AppData\Local\Temp\~DF0D6452A6327404F2.TMP" not found
"C:\Users\Teaching\AppData\Local\Temp\~DF1257622B0FF5B5D5.TMP" not found
"C:\Users\Teaching\AppData\Local\Temp\~DF337FD404D4AF8161.TMP" not found
"C:\Users\Teaching\AppData\Local\Temp\~DF33BF2FE95DE5BA1D.TMP" not found
"C:\Users\Teaching\AppData\Local\Temp\~DFCA854FE95C1B4827.TMP" not found
"C:\Users\Torsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VXZTPBAA\p0.focus.de"  not found
"C:\Users\Torsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VXZTPBAA\resmy.brandwire.tv"  not found
"C:\Users\Torsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VXZTPBAA\static.xx.fbcdn.net"  not found
"C:\Users\Torsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VXZTPBAA\tag.kineto.hiro.tv"  not found
"C:\Users\Teaching\AppData\Local\Temp\nstC2F3.tmp" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 02.05.2015 at 21:02:50,58 ======================
         
FRST folgt.

Gruß Torsten

Hier der FRST-LOG

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Torsten (administrator) on TORSTEN-HP on 02-05-2015 21:03:37
Running from C:\Users\Torsten\Desktop
Loaded Profiles: Torsten (Available profiles: Torsten & Teaching)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\loz.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\mloz.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Ocs_SM] => C:\Users\Torsten\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [Facebook Update] => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-20] (Facebook Inc.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: {5a8c3d5d-97bd-11e3-8c6c-74de2bacd106} - G:\LaunchU3.exe -a
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_p_soft_partner.lnk [2015-05-01]
ShortcutTarget: priceless_p_soft_partner.lnk -> C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> URL hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP7683B513-4513-4287-B648-A0888416FE18&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3863440553-3622452381-3390168598-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\duckduckgo.xml [2013-06-26]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-images.xml [2014-12-13]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-maps.xml [2014-12-13]
FF Extension: Myanmar Converter - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\myanmar-converter@thanlwinsoft.org [2013-12-10]
FF Extension: EPUBReader - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-18]
FF Extension: ProxTube - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: DuckDuckGo Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-26]
FF Extension: Test Pilot - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-20]
FF Extension: Adblock Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-25]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 loz; c:\windows\loz.exe [417792 2015-05-01] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 mloz; c:\windows\mloz.exe [408576 2015-05-01] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
S2 cipyjywi; No ImagePath
S2 kygyhosy; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 21:03 - 2015-05-02 21:03 - 00000000 ____D () C:\Users\Torsten\AppData\Local\PDFC
2015-05-02 20:47 - 2015-05-02 19:19 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-02 19:31 - 2015-05-02 21:02 - 00018660 _____ () C:\zoek-results.log
2015-05-02 19:19 - 2015-05-02 20:59 - 00000000 ____D () C:\zoek_backup
2015-05-02 19:10 - 2015-05-02 19:10 - 01305600 _____ () C:\Users\Torsten\Desktop\zoek.exe
2015-05-02 17:12 - 2015-05-02 17:12 - 02785665 _____ (PortableApps.com) C:\Users\Torsten\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-05-02 16:06 - 2015-05-02 21:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 16:06 - 2015-05-02 16:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 16:02 - 2015-05-02 16:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Teaching\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-02 15:50 - 2015-05-02 15:50 - 02204160 _____ () C:\Users\Teaching\Desktop\adwcleaner_4.203.exe
2015-05-02 15:36 - 2015-05-02 16:24 - 00000000 ____D () C:\Users\Teaching\Desktop\RevoUninstallerPortable
2015-05-02 15:34 - 2015-05-02 15:34 - 02785665 _____ (PortableApps.com) C:\Users\Teaching\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-05-01 13:17 - 2015-05-02 21:05 - 00022074 _____ () C:\Users\Torsten\Desktop\FRST.txt
2015-05-01 13:08 - 2015-05-02 01:11 - 00055423 _____ () C:\Users\Torsten\Desktop\Addition.txt
2015-05-01 13:05 - 2015-05-02 21:03 - 00000000 ____D () C:\FRST
2015-05-01 13:05 - 2015-05-01 13:05 - 00002256 _____ () C:\Users\Torsten\Desktop\Hotmail.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002252 _____ () C:\Users\Torsten\Desktop\Amazon.lnk
2015-05-01 13:04 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Desktop\FRST64.exe
2015-05-01 13:03 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Downloads\FRST64.exe
2015-05-01 04:42 - 2015-05-01 04:42 - 00000000 ____D () C:\ProgramData\c3b54530000537e
2015-05-01 04:28 - 2015-05-01 04:28 - 00000815 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-05-01 04:13 - 2015-05-01 04:13 - 00003166 _____ () C:\Windows\System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110}
2015-05-01 04:03 - 2015-05-01 04:03 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Torsten\Downloads\SpyHunter-Installer.exe
2015-05-01 03:43 - 2015-05-01 03:44 - 00000000 ___HD () C:\ProgramData\loz
2015-05-01 03:41 - 2015-05-02 15:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-01 03:40 - 2015-05-01 03:40 - 00631296 _____ () C:\Windows\loz.dat
2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () C:\Windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () C:\Windows\mloz.exe
2015-04-30 18:43 - 2015-04-30 18:43 - 14400913 _____ () C:\Users\Torsten\Downloads\video-1430406369.mp4.mp4
2015-04-25 15:53 - 2015-04-25 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 23:10 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:10 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:10 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:10 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:10 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:10 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:10 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:10 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:10 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:10 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:10 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:09 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:09 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:09 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:09 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:09 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:09 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:09 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:09 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:09 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:09 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:09 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:09 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:09 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:09 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:09 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:09 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:09 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:09 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:09 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:08 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:08 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 23:17 - 2015-04-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 21:03 - 2012-05-07 17:31 - 00000000 ___RD () C:\Users\Torsten\Dropbox
2015-05-02 21:03 - 2012-05-07 17:24 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Dropbox
2015-05-02 21:03 - 2011-11-09 15:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-02 21:00 - 2011-05-09 12:38 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-02 20:59 - 2014-05-13 12:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-02 20:59 - 2012-10-14 09:48 - 00287062 _____ () C:\Windows\PFRO.log
2015-05-02 20:59 - 2012-09-17 15:51 - 00056158 _____ () C:\Windows\setupact.log
2015-05-02 20:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 20:58 - 2012-05-12 00:53 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\SoftGrid Client
2015-05-02 20:58 - 2011-11-09 14:37 - 01794078 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-02 20:16 - 2012-06-18 15:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashDumps
2015-05-02 19:15 - 2014-09-20 18:44 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job
2015-05-02 18:04 - 2014-08-24 22:14 - 00000000 ____D () C:\Users\Teaching\Documents\Bluetooth Folder
2015-05-02 18:04 - 2012-05-07 17:14 - 00000000 ____D () C:\Users\Torsten\Documents\Bluetooth Folder
2015-05-02 17:17 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:17 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2015-05-02 17:02 - 2014-08-24 22:17 - 00000000 ___RD () C:\Teaching
2015-05-02 15:56 - 2014-05-13 13:44 - 00000000 ____D () C:\AdwCleaner
2015-05-02 15:56 - 2013-10-13 19:46 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-02 15:56 - 2012-05-07 17:13 - 00001186 _____ () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-02 15:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-02 15:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-02 15:55 - 2012-05-07 16:14 - 00000000 ____D () C:\Users\Torsten
2015-05-02 15:27 - 2014-08-24 22:14 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FFD84C7-6732-4C5B-A72B-D723AB6E6469}
2015-05-02 15:23 - 2014-08-24 22:14 - 00001595 _____ () C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 12:50 - 2012-09-20 11:21 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\vlc
2015-05-01 12:41 - 2012-05-09 14:41 - 00000000 ____D () C:\Users\Torsten\Desktop\Mathe
2015-05-01 12:40 - 2012-05-12 01:05 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Winamp
2015-05-01 03:54 - 2014-12-10 17:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForTorsten.job
2015-05-01 03:26 - 2012-05-07 17:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{307F94D9-B34C-4617-AD2B-73B8502BE40E}
2015-04-29 13:11 - 2014-12-10 17:29 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTorsten
2015-04-29 13:11 - 2012-05-09 17:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-29 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 09:13 - 2011-05-09 22:12 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-04-29 09:13 - 2011-05-09 22:12 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-04-29 09:13 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 09:06 - 2012-05-07 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-28 22:15 - 2014-09-20 18:44 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job
2015-04-27 22:43 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Torsten\MediathekView
2015-04-27 22:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 00:28 - 2012-05-07 17:29 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 11:45 - 2012-05-07 17:12 - 00058016 _____ () C:\Users\Torsten\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 23:34 - 2015-02-01 14:10 - 00000000 ____D () C:\Users\Torsten\.mediathek3
2015-04-15 08:58 - 2012-05-07 18:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:58 - 2012-05-07 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:01 - 2014-12-11 10:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:01 - 2014-05-07 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:07 - 2012-05-12 00:52 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:04 - 2013-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:57 - 2012-05-13 23:46 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 04:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-02-12 05:02 - 2015-02-12 05:02 - 0000337 _____ () C:\Users\Torsten\AppData\Local\Perfmon.PerfmonCfg
2015-05-02 15:08 - 2015-05-02 15:09 - 0000804 _____ () C:\Users\Torsten\AppData\Local\Temp-log.txt
2014-06-10 23:54 - 2014-06-10 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpttcim6.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 09:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Und letztlich Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Torsten at 2015-05-02 21:06:25
Running from C:\Users\Torsten\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3863440553-3622452381-3390168598-500 - Administrator - Disabled)
Gast (S-1-5-21-3863440553-3622452381-3390168598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3863440553-3622452381-3390168598-1002 - Limited - Enabled)
Teaching (S-1-5-21-3863440553-3622452381-3390168598-1003 - Limited - Enabled) => C:\Users\Teaching
Torsten (S-1-5-21-3863440553-3622452381-3390168598-1000 - Administrator - Enabled) => C:\Users\Torsten

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Video Call Recorder for Skype version 1.2.12.319 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.12.319 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Infonaut 1.10.0.13 (HKLM-x32\...\Infonaut_1.10.0.13) (Version: 1.10.0.13 - Infonaut)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 12 (HKLM-x32\...\{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}) (Version: 12.0.02900 - Nero AG)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Sekundo 7 (HKLM-x32\...\com.schroedel.sekundo7v2.5E8736CC72780A3AB44A7F466B5597F22FEA1697.1) (Version: 1.2 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterwe)
Sekundo 7 (x32 Version: 1.2 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterwe) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoDownloadConverter Internet Explorer Toolbar (HKLM-x32\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-04-2015 06:52:53 Windows Update
18-04-2015 19:26:22 Windows Update
22-04-2015 10:54:57 Windows Update
25-04-2015 12:42:55 Windows Update
29-04-2015 09:17:59 Windows Update
02-05-2015 14:45:05 Removed Java 7 Update 51
02-05-2015 14:51:06 Removed Java 7 Update 51
02-05-2015 15:38:52 Revo Uninstaller's restore point - Java 7 Update 51
02-05-2015 15:42:24 Revo Uninstaller's restore point - mystartsearch uninstall
02-05-2015 19:31:31 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3041A8A1-104C-442F-B7B1-0F3B4E7F5500} - System32\Tasks\HPCeeScheduleForTorsten => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {390D7972-588B-43C8-BF15-B5CF1FC21BA8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {394398CC-0A7D-4E67-B95C-9D36BB9DD712} - System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110} => pcalua.exe -a C:\Users\Torsten\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=tugs
Task: {43154D13-8B2B-45FA-80EB-50E27A6749B1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {4FBBEBFD-52FC-461C-B22D-8463C952994E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5BF0472F-8E6B-41B2-96C3-998765F1553A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6C263D44-29A5-4529-85FB-EE4235AB65DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {70A939AB-2227-4C52-A998-B74A071E189D} - System32\Tasks\{D7F12247-CCE6-4714-BFFF-4DA6AA154FBC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {749BCA98-2C64-4229-B18A-01D066B63CA4} - \SMWUpd No Task File <==== ATTENTION
Task: {77B5C3B0-F132-4940-8262-A1BD109FF6C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7BF78F2C-4C54-4C40-B2B5-0DAE4768055B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {7C689A37-BC41-4BE5-A703-FE5F92FA570C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8D6BDBC5-0C61-4EA5-A583-3EAE678C9D15} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-20] (Facebook Inc.)
Task: {99519131-5F47-45E5-A633-B2135C9A1DCF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9E4E21BC-C13D-4147-8CA8-2514CF1A1D73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AF08274A-E482-4A99-BC6D-84DE69F5EA5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-20] (Facebook Inc.)
Task: {B7C32D6C-EAF9-4F89-8B1B-864D02A7FF5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {DDAE3D4C-F273-4BB6-BF80-52291BBED741} - \SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32 No Task File <==== ATTENTION
Task: {E428C5C2-34BB-4985-80AF-4B179685AA40} - System32\Tasks\{C1FE1179-651F-4AF3-8B05-B335AEA97FAA} => pcalua.exe -a C:\Users\Torsten\Downloads\QuickTimeInstaller.exe -d C:\Users\Torsten\Downloads
Task: {FBEAE3A3-79F2-4962-B53D-3EA8A7E8A5B8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTorsten.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () c:\windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () c:\windows\mloz.exe
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00008192 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
2010-12-17 02:37 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-17 15:08 - 2014-10-17 15:08 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-11-09 14:39 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-05-02 21:03 - 2015-05-02 21:03 - 00043008 _____ () c:\users\torsten\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpttcim6.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Torsten\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{2BB1D4D1-55B0-4416-B116-F832F593D3E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51812DAD-2915-4EC4-82B6-08C5D554B248}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6CC50EF5-0581-4680-988A-68D51095167E}] => (Allow) LPort=2869
FirewallRules: [{C2887135-D2B6-4212-B536-E91D30E1F702}] => (Allow) LPort=1900
FirewallRules: [{2912670C-CFF8-44B6-A02C-D795F5D36C53}] => (Allow) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A799F554-693A-4E68-9B81-42609897CA2A}] => (Allow) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DF59E101-9E02-4DE0-9C30-2E72E06A7594}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5314B784-4681-469E-B8E0-C0BD284AED34}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{CBE54819-6286-4588-AB2F-C7D809075CBE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{DC4C9796-394E-4B81-B785-C7381AD97E2A}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{FEE3E038-A515-4161-9E85-9280CE629814}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{1671DE36-1133-4C1B-9FD8-EAAAB54FF95A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B59F61-D01C-4487-A9B4-E6CDE94A7235}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3932796-8464-49F2-801D-063919797649}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0EAB560-D0A7-4039-836D-A4440C92BDDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7240D466-F1AD-4CCC-9E48-06A794D4AFCE}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B8611E65-64E3-4E78-9B8C-1B6D82FE53D9}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3B2F5EBE-BD27-40C4-B222-E0C3BDC0EEFF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A98B68D9-C0DA-4B3D-8718-7EA65E5B9E70}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A7B9AECC-5398-4C9A-8A03-0D209547ECCF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{AC56B0F3-2A0C-4222-A67B-A9F27B2B4E1B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{CCEA5EC5-0854-4F03-9537-7389970F0114}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{E6533106-96C1-4B41-8DFA-3FED95E0E80B}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{AC6E76F7-69C0-4B68-96A3-0DA0A478F71E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{6FD04E96-6AD7-4C1C-ABF0-27BECA6C0B7B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7C1B2101-2A97-4031-AEE1-7AB575740EA2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{C7C68200-E02D-40C0-AF3A-4ED2D371156D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{50FA55DE-0E62-44E1-8C36-81B35F8F14CA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{331C1E2B-2272-4D23-A85E-AF45CE035D95}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{404C9FF9-7D79-4664-8961-FEFE78859CF9}] => (Allow) C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0EAD8562-B7B5-46A8-B9D4-209240FCCAEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1AD6C967-D061-41FF-84D6-3E3A39F0A7E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{685FA4AC-BD69-400E-BCCC-A49893E59E20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFA5FA39-CB19-4B74-B259-749180A3BBC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FDD435F1-9CD4-40F0-B67A-36BF31B34E48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C797EBC3-D024-4CE3-AE3E-B2AF67D36D61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{29967E53-FFF5-48FC-88E7-26AA720A951A}C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{30E5E72C-2FF5-4E7E-8E23-45626039FD05}C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{311FED86-55A0-4E04-B1F3-9647C62BD476}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{77D052A2-48F5-45C2-A9BE-3B429324C2BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C06F4FA4-543A-44FF-82F5-90A505FB7F15}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{EF2C9823-2F39-4568-A530-922CC1C5E913}] => (Allow) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2015 09:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2015 08:15:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x12d2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/02/2015 07:08:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1296166

Error: (05/02/2015 07:08:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1296166

Error: (05/02/2015 07:08:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2015 07:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1295136

Error: (05/02/2015 07:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1295136

Error: (05/02/2015 07:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2015 07:08:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1294106

Error: (05/02/2015 07:08:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1294106


System errors:
=============
Error: (05/02/2015 09:00:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/02/2015 08:59:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Capacity Sort" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (05/02/2015 08:59:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Margin Free Space" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (05/02/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/02/2015 08:19:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/02/2015 08:19:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/02/2015 08:19:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/02/2015 08:19:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/02/2015 05:10:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/02/2015 05:08:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Capacity Sort" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3


Microsoft Office Sessions:
=========================
Error: (05/02/2015 09:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2015 08:15:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa112d2c01d08500333431dfC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll474dd56d-f0f7-11e4-9e05-74de2bacd106

Error: (05/02/2015 07:08:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1296166

Error: (05/02/2015 07:08:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1296166

Error: (05/02/2015 07:08:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2015 07:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1295136

Error: (05/02/2015 07:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1295136

Error: (05/02/2015 07:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2015 07:08:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1294106

Error: (05/02/2015 07:08:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1294106


CodeIntegrity Errors:
===================================
  Date: 2015-05-02 20:58:15.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 20:47:17.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 20:24:09.040
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 19:48:32.429
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 19:19:15.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 19:08:43.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 17:57:08.676
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 17:50:13.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 17:34:39.599
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-02 16:47:12.472
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 42%
Total physical RAM: 8043.86 MB
Available physical RAM: 4657.79 MB
Total Pagefile: 16085.91 MB
Available Pagefile: 12867.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.59 GB) (Free:176.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.87 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4F1C5FDC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
         
Nochmals vielen Dank

Alt 02.05.2015, 20:09   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Gut soweit. PC vom Internet trennen. Machen morgen weiter, OK?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 20:18   #15
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Ok, dann nochmals vielen Dank und gute Nacht.

Antwort

Themen zu mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?
administrator, adobe, bonjour, cherimoya.sys, defender, dll, downloader, explorer, home, homepage, iexplore.exe, launch, mozilla, newtab, officejet, pdf, priceless, realtek, registry, reimage repair, rundll, schließen, security, services.exe, software, svchost.exe, temp, windows, winlogon.exe, wlan, ytdownloader, öffnet



Ähnliche Themen: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?


  1. Würde gerne diesen Mist wieder vom System haben
    Plagegeister aller Art und deren Bekämpfung - 14.05.2016 (20)
  2. Reimage Repair
    Plagegeister aller Art und deren Bekämpfung - 16.09.2015 (14)
  3. Windows 7 / Google Chrome: Browserlinks führen auf reimage repair Webseite
    Log-Analyse und Auswertung - 13.08.2015 (13)
  4. Win 7 Pro 64bit - Probleme beim Entfernen von Reimage Repair.
    Log-Analyse und Auswertung - 03.08.2015 (3)
  5. Reimage Repair/Spy Hunter - deinstallieren!
    Log-Analyse und Auswertung - 13.06.2015 (15)
  6. Reimage Repair - Ja oder lieber nicht?
    Antiviren-, Firewall- und andere Schutzprogramme - 11.04.2015 (10)
  7. Reimage Repair entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  8. Webssearches.com wieder da - oder hab ich es gar nicht richtig entfernt?
    Log-Analyse und Auswertung - 05.07.2014 (24)
  9. Trojaner qv06 wie werd ich den wieder los ?
    Log-Analyse und Auswertung - 29.08.2013 (16)
  10. Ihren Fahrkartenkauf_TM6ACN - "Bahn Trojaner" geöffnet - Mist! Infiziert? Und wie werd ich ihn wieder los?
    Log-Analyse und Auswertung - 19.05.2013 (7)
  11. InCrediBar - wie werd ich das Ding wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (27)
  12. EXP/CVE-2012-1723.BU Wie werd ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (1)
  13. Wie werd ich den wieder los?
    Mülltonne - 21.12.2008 (2)
  14. Brave-Sentry: Wie werd ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2007 (1)
  15. wie werd ich rsvp32_2.dll wieder los?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2007 (2)
  16. Wie werd ich die denn wieder los?
    Log-Analyse und Auswertung - 25.05.2006 (2)
  17. Schon wieder Mist auf der Festplatte :(
    Log-Analyse und Auswertung - 15.05.2005 (12)

Zum Thema mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - SOS, ich scheine mir heute morgen einigen Müll eingefangen zu haben. Ständig öffnen ungefragt Pages, z.B. von de.reimageplus.com und lp.stargames.com. Außerdem hab ich einen öffnet sich ständig Unico-Browser und ein - mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?...
Archiv
Du betrachtest: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.