Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: IStartSurf!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.05.2015, 11:41   #1
Atalon
 
IStartSurf! - Standard

IStartSurf!



Sehr geehrtes Team vom Trojaner Board!

Habe Malwarebytes drüberlaufen lassen und andschließend adw cleaner. Hier die Logs. Vorab. ich würde mich über weitere Tips freuen.

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.05.2015
Suchlauf-Zeit: 10:56:14
Logdatei: Istart.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.20.06
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Grisu

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 489340
Verstrichene Zeit: 20 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 7
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1892, , [e8fe266fabdf86b0901e0a0ba55da45c]
PUP.Optional.Giner, C:\Program Files (x86)\XTab\CmdShell.exe, 3708, , [84623c591c6e8fa776708ed1ee18a65a]
PUP.Optional.Giner, C:\Program Files (x86)\XTab\HPNotify.exe, 3876, , [6284b7de5238c2746b7ba4bbce38bd43]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, 2304, , [6a7c237217732511c2cbe38f679e6b95]
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1368, , [509696ff6c1ed462d10d0be2b54e936d]
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Roaming\istartsurf\UninstallManager.exe, 2236, , [d4128b0a5436b0864f8702bc8f744fb1]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe, 2464, , [36b04c494743fc3a8646a434a55efe02]

Module: 13
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, , [5690672ef09ae650947488be7092fd03],
PUP.Optional.Giner, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [18cefe9792f848eeb135c49b43c331cf],
PUP.Optional.Browserwatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [7a6c2273c1c9280e67b78b8af0168779],
PUP.Optional.Browserwatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [24c2f4a1464460d6819dc84d62a4c33d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\ApiHandlr.dll, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\FiddlerCore.dll, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\Newtonsoft.Json.dll, , [36b04c494743fc3a8646a434a55efe02],

Registrierungsschlüssel: 47
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [e8fe266fabdf86b0901e0a0ba55da45c],
PUP.Optional.Giner, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.Giner, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [479f5c3907835ed84912b0bb9e67b14f],
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, , [2db92570afdb1e18fadbeeebed16d52b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [a6400c8907831125f6a607e3ff04d32d],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [bd29a3f239518ea89fbc3dec9f656d93],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [f9ed692c64260234aa5941bf20e4ce32],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [974f5441b5d58fa7a399b4a907fefe02],
PUP.Optional.WajaWebEnhance.A, HKLM\SOFTWARE\WOW6432NODE\WajaWebEnhance, , [a73fc5d0513963d36f444a287392ff01],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, , [3ea812837911a591114442a570938f71],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [5c8ab0e5fc8eb3833042459f63a02ad6],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [1acc365fa2e80d29da97f9eb25def808],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [786efb9a2466f640ff2cb53db15246ba],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [ce185144ee9c082ed897a53fc1429d63],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [1ec8dcb90f7b181ea8d0d12d679c60a0],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajaWebEnhance Service, , [6a7c237217732511c2cbe38f679e6b95],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [509696ff6c1ed462d10d0be2b54e936d],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [d115cec72c5e2b0bfe8d17dd23e019e7],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\HomeTab, , [9f476f261278211532443ed13bc91be5],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\SearchProtectWS, , [56909ff692f82412b1c3925234cf23dd],
PUP.Optional.TNT.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\TNT2, , [a4427d18eb9fb581fb28d214fa095aa6],
PUP.Optional.WajaWebEnhance.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\WajaWebEnhance, , [76701c797119a2949d15a1d1937214ec],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\WajIEnhance, , [af370e874446e0567db47d6faa5915eb],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\WajIntEnhance, , [f4f2dfb67119ff3774e2569117ec946c],
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [ce18316446440531d288ea811fe654ac],
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1777DF54-E8B2-492D-B105-29E5DDFE1C81}, , [5d89098c84069e98afab75f69c694ab6],
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, , [9c4ab0e5a3e753e3e575303bd72e9967],
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [e7ff573eee9c58de2931fc6f73926d93],
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, , [b630d1c42961072f76e44f1cb74e1ee2],
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, , [994db6df4545a19595c574f7778e8977],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [faec5d38fd8d979fe7225091669d3dc3],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [8066fe975832dd59977303de2ed551af],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [14d2b2e377138caa878427ba8083a957],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [974f01942e5cd363f1bcdd92e124fb05],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [ad393b5a0f7b37ff9a726978a162b24e],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [ad396d28a4e683b39974ecf5897a26da],
PUP.Optional.FastSearch.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MOZILLA\EXTENDS, , [9452f69f35551125cf865a7fa95a7b85],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [7c6a1a7b6228c6708fe12cb88281bc44],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajaWebEnhance, , [a93dc4d16c1e52e48f67891d8a796a96],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\istartsurf uninstall, , [d4128b0a5436b0864f8702bc8f744fb1],

Registrierungswerte: 15
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, , [479f5c3907835ed84912b0bb9e67b14f]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, , [776f385d25659b9b5efd4625b74e26da]
PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com, , [e9fdd4c1890167cf2e9b59814db654ac]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, , [1ec8dcb90f7b181ea8d0d12d679c60a0]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&ts=1432195423&type=default&q={searchTerms}, , [ce18316446440531d288ea811fe654ac]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1777DF54-E8B2-492D-B105-29E5DDFE1C81}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&ts=1432195423&type=default&q={searchTerms}, , [5d89098c84069e98afab75f69c694ab6]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1777DF54-E8B2-492D-B105-29E5DDFE1C81}|TopResultURL, https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}, , [2cba7a1b25659a9c7bbb0bd1ee154ab6]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&ts=1432195423&type=default&q={searchTerms}, , [9c4ab0e5a3e753e3e575303bd72e9967]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.istartsurf.com//favicon.ico, , [ecfaf89d6b1f80b6da80fe6d8283a45c]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, , [e7ff573eee9c58de2931fc6f73926d93]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&ts=1432195423&type=default&q={searchTerms}, , [7274662f4941251199c1bfac3dc860a0]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, , [cc1af5a04347989edf7bb3b8897c14ec]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&ts=1432195423&type=default&q={searchTerms}, , [b630d1c42961072f76e44f1cb74e1ee2]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&ts=1432195423&type=default&q={searchTerms}, , [994db6df4545a19595c574f7778e8977]
PUP.Optional.FastSearch.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MOZILLA\EXTENDS|appid, searchffv2@gmail.com, , [9452f69f35551125cf865a7fa95a7b85]

Registrierungsdaten: 13
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}),,[a244d2c3d6b49c9a60c3a77153b39e62]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936),,[d115791c6f1bb77fd2e991860105cd33]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936),,[44a27520c7c392a4873497806b9b9e62]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}),,[ce18078e8efc8babb073fc1ce1255fa1]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, hxxp://www.istartsurf.com/web/?type=dspp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}),,[9155aee7eaa0340254d046d2bd49b749]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://www.istartsurf.com/web/?type=dspp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}),,[13d3286dbad0f442f331c0580ff7ee12]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[34b26530484270c6e52ec262a3637f81]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}),,[4e98cdc8eaa0ac8a3ce7ac6ca462837d]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936),,[7274583d9cee8da9a11a63b43ec8db25]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936),,[a541f79ee1a9c4722596090ec640a957]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936&q={searchTerms}),,[4c9af4a1f9912a0cf52efb1da660cb35]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936),,[ac3a2d684c3e171f44dd23f512f44fb1]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1432195371&z=4f5a8c812e3b76383a5c360g1z4c6o0g9tewfcam1g&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936),,[d016badba0ea072f031ecf497d89936d]

Ordner: 44
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Uninstall Wajam, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, , [a93dc4d16c1e52e48f67891d8a796a96],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [5690ace9b1d961d5d976a9115da626da],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [5690ace9b1d961d5d976a9115da626da],
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Roaming\istartsurf, , [d4128b0a5436b0864f8702bc8f744fb1],
PUP.Optional.AppsHat.A, C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat, , [14d2f1a40189f14507897b4f56adb34d],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [c81e286d0d7df73f1eac458a9d6651af],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [c81e286d0d7df73f1eac458a9d6651af],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\skin, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer, , [36b04c494743fc3a8646a434a55efe02],

Dateien: 161
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [e8fe266fabdf86b0901e0a0ba55da45c],
PUP.Optional.Giner, C:\Program Files (x86)\XTab\CmdShell.exe, , [84623c591c6e8fa776708ed1ee18a65a],
PUP.Optional.Giner, C:\Program Files (x86)\XTab\HPNotify.exe, , [6284b7de5238c2746b7ba4bbce38bd43],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, , [5690672ef09ae650947488be7092fd03],
PUP.Optional.Giner, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [18cefe9792f848eeb135c49b43c331cf],
PUP.Optional.Browserwatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [7a6c2273c1c9280e67b78b8af0168779],
PUP.Optional.Browserwatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [24c2f4a1464460d6819dc84d62a4c33d],
PUP.Optional.Giner, C:\Program Files (x86)\XTab\SupTab.dll, , [e501474e2a60a591a73f3b24f80eff01],
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Local\Temp\smt_istartsurf.exe, , [22c4aaeb8208c4720a7a520c15f1946c],
PUP.Optional.Wajam.A, C:\Users\Grisu\AppData\Local\Temp\setup.exe, , [da0c5e372961191d003467f94bbbb749],
PUP.Optional.Downloader, C:\Users\Grisu\Downloads\Firefox - CHIP-Installer.exe, , [29bd4352fd8d54e2283e8de0867aef11],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Wajam Website.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Settings.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\SignIn with Facebook.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\SignIn with Twitter.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\Ask.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\Google.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\IMDb.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\Shopping.com.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\TripAdvisor.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\Wikipedia.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Search\Yahoo!.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Amazon.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Argos.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Ebay.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Etsy.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\HomeDepot.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Ikea.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Lowe's.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Mercadolivre.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\MyShopping.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Sears.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Target.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Tesco.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Walmart.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Explore Social Shopping\Zalando.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance\Uninstall Wajam\uninstall.lnk, , [2abc5b3a7515a98d2d5b6e6b669da25e],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.xdomainrequest.min.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xdomain.min.js, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [2abcc0d5f09a290d059834b611f2936d],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, , [6a7c237217732511c2cbe38f679e6b95],
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [509696ff6c1ed462d10d0be2b54e936d],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, , [a93dc4d16c1e52e48f67891d8a796a96],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [5690ace9b1d961d5d976a9115da626da],
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Roaming\istartsurf\UninstallManager.exe, , [d4128b0a5436b0864f8702bc8f744fb1],
PUP.Optional.AppsHat.A, C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\AppsHat.lnk, , [14d2f1a40189f14507897b4f56adb34d],
PUP.Optional.AppsHat.A, C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk, , [14d2f1a40189f14507897b4f56adb34d],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [c81e286d0d7df73f1eac458a9d6651af],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome.manifest, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\install.rdf, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.xul, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.SweetSearch.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\skin\icon.png, , [70767322a0eace68f2469641ac57d12f],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\uninstall.exe, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\amazon.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\argos.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\ask.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\bestbuy.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\ebay.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\etsy.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\facebook.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\favicon.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\google.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\homedepot.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\ikea.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\imdb.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\lowes.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\mercado.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\mysearchweb.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\myshopping.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\searchresult.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\sears.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\setting.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\settings.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\shopping.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\target.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\tesco.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\tripadvisor.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\twitter.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\wajam.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\walmart.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\wiki.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\yahoo.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\Logos\zalando.ico, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\007290c6eaab8e3f7a895162dbe596bc, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\27a3e026958775027c50df2378a10264, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\ApiHandlr.dll, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\fb1623258fb090ed627ec29d474d4763, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\fdc5ec3a7e8363c7ed9df3c277fa7597, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\FiddlerCore.dll, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\HtmlAgilityPack.dll, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\lan-proxy-settings.dat, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\makecert.exe, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\Newtonsoft.Json.dll, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\wie, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\WJManifest, , [36b04c494743fc3a8646a434a55efe02],
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936",), ,[0dd91c795b2f191d77c8baaa5fa7f10f]
PUP.Optional.Spigot.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p="), ,[fde9d1c4612995a1ba195a072dd96997]
PUP.Optional.HttpBreaker.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936"), ,[5d891c79315988aef8dc9fc26b9bea16]
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "istartsurf"), ,[d313791c94f638feb92170f1818511ef]
PUP.Optional.IStartSurf.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "istartsurf"), ,[30b61c79187293a38a51ce93a5617090]
PUP.Optional.QuickStart.A, C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"), ,[796d8015b3d70f27031b570d5da926da]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)



Und hier das von adw Cleaner :

# AdwCleaner v4.204 - Bericht erstellt 21/05/2015 um 11:28:29
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-20.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Grisu - GRISU-PC
# Gestarted von : C:\Users\Grisu\Downloads\AdwCleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IHProtect Service
[#] Dienst Gelöscht : WindowsMangerProtect

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\ytd video downloader
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\DriverTuner
Ordner Gelöscht : C:\Users\Grisu\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
Ordner Gelöscht : C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\Extensions\sweetsearch@gmail.com
Datei Gelöscht : C:\Users\Public\Desktop\DriverTuner.lnk
Datei Gelöscht : C:\Users\Public\Desktop\YTD Video Downloader.lnk
Datei Gelöscht : C:\Users\Grisu\AppData\Local\Temp\Uninstall.exe

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338A754C-B46E-4BF2-8AC8-23DE36862AD3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1777DF54-E8B2-492D-B105-29E5DDFE1C81}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\WajIEnhance
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SafetyNut
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner_Init
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:55205;hxxps=127.0.0.1:55205
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:55205;hxxps=127.0.0.1:55205
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v38.0.1 (x86 de)

[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "istartsurf");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936[...]
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936");
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[e9dof2pq.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v

[C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
[C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936
[C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.istartsurf.com/?type=hppp&ts=1432195416&z=78ab1b27ccd2424f30608bagbz2c0o1g8t4wbzbg5q&from=smt&uid=WDCXWD20EARX-00PASB0_WD-WCAZAA51993619936

*************************

AdwCleaner[R0].txt - [15007 Bytes] - [21/05/2015 11:25:49]
AdwCleaner[S0].txt - [11265 Bytes] - [21/05/2015 11:28:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11325 Bytes] ##########

Alt 21.05.2015, 12:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

IStartSurf! - Standard

IStartSurf!



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.05.2015, 08:42   #3
Atalon
 
IStartSurf! - Standard

IStartSurf!



Hier die FRST Datei
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Grisu (administrator) on GRISU-PC on 22-05-2015 08:36:51
Running from C:\Users\Grisu\Downloads
Loaded Profiles: Grisu (Available profiles: Grisu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Google Inc.) C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Flux Software LLC) C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [Google Update] => C:\Users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-19] (Google Inc.)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-19] (BillP Studios)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [f.lux] => C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\JUNE05~1.SCR
AppInit_DLLs:  =>  File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-10-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2014-06-12]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
BootExecute: 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:55205;https=127.0.0.1:55205
ProxyEnable: [S-1-5-21-2002501991-1074103417-190154067-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2002501991-1074103417-190154067-1000] => http=127.0.0.1:55205;https=127.0.0.1:55205
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2002501991-1074103417-190154067-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8A11670B-D557-4B1F-838C-213E1F33D76F}: [NameServer] 195.202.128.2,195.202.128.3

FireFox:
========
FF ProfilePath: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Extension: Adblock Plus - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-21]
FF HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-19]
CHR Extension: (Google Search) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-19]
CHR Extension: (Gmail) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-19]
StartMenuInternet: Google Chrome - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
R2 WajaWebEnhance Service; C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [691200 2015-05-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [32768 2014-03-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 08:36 - 2015-05-22 08:37 - 00018443 _____ () C:\Users\Grisu\Downloads\FRST.txt
2015-05-22 08:36 - 2015-05-22 08:36 - 00000000 ____D () C:\FRST
2015-05-22 08:35 - 2015-05-22 08:35 - 02108416 _____ (Farbar) C:\Users\Grisu\Downloads\FRST64.exe
2015-05-21 11:57 - 2015-05-21 11:57 - 02347384 _____ (ESET) C:\Users\Grisu\Downloads\esetsmartinstaller_deu(1).exe
2015-05-21 11:46 - 2015-05-21 11:46 - 02347384 _____ (ESET) C:\Users\Grisu\Downloads\esetsmartinstaller_deu.exe
2015-05-21 11:46 - 2015-05-21 11:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-21 11:45 - 2015-05-21 11:45 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Grisu\Downloads\sc-cleaner.exe
2015-05-21 11:45 - 2015-05-21 11:45 - 00001874 _____ () C:\Users\Grisu\Desktop\sc-cleaner.txt
2015-05-21 11:44 - 2015-05-21 11:44 - 00000757 _____ () C:\Users\Grisu\Desktop\JRT.txt
2015-05-21 11:42 - 2015-05-21 11:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GRISU-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-21 11:42 - 2015-05-21 11:42 - 00000000 ____D () C:\RegBackup
2015-05-21 11:41 - 2015-05-21 11:42 - 02720009 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT.exe
2015-05-21 11:25 - 2015-05-21 11:28 - 00000000 ____D () C:\AdwCleaner
2015-05-21 11:25 - 2015-05-21 11:25 - 02209792 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.204.exe
2015-05-21 11:19 - 2015-05-21 11:19 - 00048170 _____ () C:\Users\Grisu\Desktop\Istart.txt
2015-05-21 10:59 - 2015-05-21 10:59 - 00000000 ____D () C:\Users\Grisu\Desktop\Alte Firefox-Daten
2015-05-21 10:54 - 2015-05-21 10:54 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\Cliqz
2015-05-21 10:52 - 2015-05-21 10:52 - 01196832 _____ () C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-05-21 10:48 - 2015-05-21 10:48 - 00000000 __SHD () C:\Users\Grisu\AppData\Local\EmieBrowserModeList
2015-05-21 10:02 - 2015-05-21 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaWebEnhance
2015-05-21 10:02 - 2015-05-21 10:02 - 00000000 ____D () C:\Program Files (x86)\WajaWebEnhance
2015-05-21 10:01 - 2015-05-21 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2
2015-05-21 10:00 - 2015-05-21 10:00 - 03132924 _____ ( ) C:\Users\Grisu\Downloads\setup_Project64_2.2.exe
2015-05-21 09:54 - 2015-05-21 09:54 - 04825931 _____ () C:\Users\Grisu\Downloads\Snowboard Kids (USA).zip
2015-05-15 09:43 - 2015-05-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 19:13 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:13 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:37 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:37 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:37 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:37 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:37 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:37 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:37 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:37 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:37 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:37 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:37 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:37 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:37 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:37 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:37 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:37 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:37 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:37 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:37 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:37 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:37 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:37 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:37 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:36 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:36 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:36 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:36 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:36 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:36 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:36 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:36 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:36 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:36 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:36 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:36 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 19:08 - 2015-05-05 19:09 - 00000000 ____D () C:\Users\Grisu\Documents\BloodBowlLegendary

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 08:34 - 2012-01-14 23:14 - 01529058 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 08:30 - 2013-03-21 16:38 - 00212359 _____ () C:\Windows\setupact.log
2015-05-22 08:30 - 2012-01-14 16:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 08:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 23:56 - 2012-08-15 11:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 23:30 - 2012-09-15 14:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 23:25 - 2013-10-20 10:50 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA.job
2015-05-21 22:36 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 22:36 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 19:14 - 2013-12-24 03:33 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Battle.net
2015-05-21 19:13 - 2012-01-16 05:55 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\Skype
2015-05-21 18:11 - 2013-03-21 16:37 - 00193162 _____ () C:\Windows\PFRO.log
2015-05-21 13:35 - 2012-04-19 01:15 - 00002356 _____ () C:\Users\Grisu\Desktop\Google Chrome.lnk
2015-05-21 11:01 - 2013-06-25 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Duel of Champions Launcher.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-01-14 16:24 - 00001421 _____ () C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-21 10:56 - 2014-08-25 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 10:55 - 2014-08-25 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-21 10:55 - 2014-08-25 08:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-21 10:55 - 2012-08-30 16:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 08:10 - 2014-08-25 08:47 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Adobe
2015-05-21 00:25 - 2013-10-20 10:50 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core.job
2015-05-20 17:37 - 2012-05-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 23:43 - 2014-12-20 00:07 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-17 15:25 - 2012-01-14 16:36 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:25 - 2012-01-14 16:36 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 15:19 - 2015-04-20 17:27 - 00000000 ____D () C:\Windows\rescache
2015-05-16 09:29 - 2012-07-19 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 00:20 - 2013-10-20 10:50 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA
2015-05-16 00:20 - 2013-10-20 10:50 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core
2015-05-15 16:30 - 2013-03-21 10:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 20:01 - 2013-12-24 03:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-14 00:41 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 00:41 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 00:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 00:35 - 2009-07-14 06:45 - 00440096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:32 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 00:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:22 - 2012-08-25 11:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:22 - 2012-08-25 11:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 19:21 - 2012-11-18 23:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 19:20 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:16 - 2012-01-24 01:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:13 - 2012-05-17 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 13:07 - 2013-12-24 03:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-05 19:06 - 2013-06-11 20:49 - 00054459 _____ () C:\Windows\DirectX.log
2015-05-03 17:11 - 2012-01-16 05:55 - 00000000 ____D () C:\ProgramData\Skype
2015-04-27 00:26 - 2012-01-15 15:44 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\TS3Client
2015-04-24 09:28 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-04-08 19:09 - 2015-04-20 22:33 - 0421066 _____ () C:\Users\Grisu\AppData\Roaming\lx.zip
2015-04-08 19:09 - 2015-04-20 22:33 - 0000006 _____ () C:\Users\Grisu\AppData\Roaming\version.txt
2015-03-22 20:51 - 2015-03-22 20:51 - 0001461 _____ () C:\Users\Grisu\AppData\Local\recently-used.xbel
2013-04-06 23:40 - 2013-04-07 19:51 - 0007602 _____ () C:\Users\Grisu\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Grisu\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Grisu\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Grisu\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Grisu\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Grisu\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Grisu\AppData\Local\Temp\nvStInst.exe
C:\Users\Grisu\AppData\Local\Temp\oi_{99FED090-DDA6-415A-AF1D-A07C9595BF1F}.exe
C:\Users\Grisu\AppData\Local\Temp\Quarantine.exe
C:\Users\Grisu\AppData\Local\Temp\setup.exe
C:\Users\Grisu\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Grisu\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Grisu\AppData\Local\Temp\sqlite3.dll
C:\Users\Grisu\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Grisu\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 14:46

==================== End of log ============================
         
__________________

Alt 22.05.2015, 08:43   #4
Atalon
 
IStartSurf! - Standard

IStartSurf!



Anebi die Addition Datei
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Grisu at 2015-05-22 08:37:47
Running from C:\Users\Grisu\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2002501991-1074103417-190154067-500 - Administrator - Disabled)
Gast (S-1-5-21-2002501991-1074103417-190154067-501 - Limited - Disabled)
Grisu (S-1-5-21-2002501991-1074103417-190154067-1000 - Administrator - Enabled) => C:\Users\Grisu
HomeGroupUser$ (S-1-5-21-2002501991-1074103417-190154067-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Age of Wonders Shadow Magic (HKLM-x32\...\Age of Wonders Shadow Magic) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AoW... (HKLM-x32\...\AoWSM_UPatch) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blood Bowl: Legendary Edition (HKLM-x32\...\Steam App 58520) (Version:  - Cyanide Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series Benutzerregistrierung (HKLM-x32\...\Canon MP220 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.0 - CLIQZ.com)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version:  - Ubisoft)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Flux) (Version:  - )
FHMcom_OxleyStrip Screen Saver (HKLM-x32\...\FHMcom_OxleyStrip) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
june05FHMcom Screen Saver (HKLM-x32\...\june05FHMcom) (Version:  - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlet Blade (HKLM-x32\...\Scarlet Blade) (Version:  - )
Secunia PSI (3.0.0.8013) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Songr (HKLM-x32\...\Songr) (Version: 1.9.63 - hxxp://at-my-window.blogspot.com/?page=songr)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.2.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.2.2 - SteelSeries ApS)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Wajam (HKLM-x32\...\WajaWebEnhance) (Version: 2.31.2.12 (i2.6) - WajaWebEnhance) <==== ATTENTION
Wakfu (HKLM-x32\...\Wakfu) (Version:  - Ankama Games)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wintergames 3 (HKLM-x32\...\Wintergames 3) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2002501991-1074103417-190154067-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-05-2015 08:13:41 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-10-10 16:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025506CC-BD76-4037-BF70-81D84B681C43} - System32\Tasks\{5B7FB8DB-133A-4C90-AF58-9245EB294F24} => pcalua.exe -a "C:\Users\Grisu\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {0B4E42F2-D7FA-4FE6-B083-AC1FFF6DCDFC} - System32\Tasks\{CB2CA768-8C3B-4A15-A696-B4D57FEF4C01} => pcalua.exe -a "F:\Fabi Cam\SB3\SB3_Uncensor_0.9.exe" -d "F:\Fabi Cam\SB3"
Task: {31AC4B56-FA16-467A-BDE1-62E082B3671B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core => C:\Users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {40BC8855-B4F7-48F8-921A-CF5380BFB117} - System32\Tasks\{4F3D099D-3D1A-4F3D-9D21-C14608688D7C} => pcalua.exe -a E:\UNINST.EXE -d E:\
Task: {7BB20020-D893-474B-90D2-27709D753255} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {80F34F5E-FC9D-43B3-ACA7-FB0BAB5378F8} - System32\Tasks\{6BFA51C2-3029-43D7-8840-56E291E66BAC} => pcalua.exe -a "D:\Meine Daten\Bilder\june_screensaver_setup.exe" -d "D:\Meine Daten\Bilder"
Task: {8838FBD7-0784-4D40-B888-0ABF65F3C225} - System32\Tasks\{7256F069-EEA4-46A0-838B-E2F9AB551377} => pcalua.exe -a "G:\Lieder\Meine Daten\june_screensaver_setup.exe" -d "G:\Lieder\Meine Daten"
Task: {A2E9E8C2-975F-4D3F-8BE5-5D42380E39BF} - System32\Tasks\{7B63B186-3FE8-42B0-8362-B1D0632FF633} => pcalua.exe -a C:\Users\Grisu\Downloads\mp220swin64101ea24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AD414989-7D56-41AE-97A3-E2F3B1B38A69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {ADBE29E4-321E-4B58-95E6-073A358698DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C04270E4-66C3-433D-A271-A25374659500} - System32\Tasks\{88429D66-624C-44F4-A781-79105E8900C8} => pcalua.exe -a "G:\Lieder\Meine Daten\OXLEYstrip_setup.exe" -d "G:\Lieder\Meine Daten"
Task: {C242FC04-B95F-4400-BDC9-FE48016BFF81} - System32\Tasks\AdobeAAMUpdater-1.0-Grisu-PC-Grisu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {CF13C93F-21FB-49CB-8675-E0223B26FD17} - System32\Tasks\{433D9ECE-6CA5-40AA-AD09-0581D0A0CF90} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.80.102/de/abandoninstall?page=tsPlugin
Task: {D8C7184B-9B83-4C41-B567-64CF679FD05B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {E62297E3-73EB-400F-8929-065F0D81224B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA => C:\Users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {F6C10C72-DD4C-4DEE-8518-F1271F456B5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F977F133-75CF-4567-BD93-FA358826615D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {FDDFF752-9A7F-40C7-A577-8443548C1F91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core.job => C:\Users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA.job => C:\Users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-21 08:59 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-06 10:34 - 2015-05-06 10:34 - 00691200 _____ () C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe
2015-05-06 10:34 - 2015-05-06 10:34 - 00274944 _____ () C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe
2014-04-28 22:22 - 2014-04-28 22:22 - 17247744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2013-11-16 02:09 - 2013-11-16 02:09 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2015-05-06 10:34 - 2015-05-06 10:34 - 00011776 _____ () C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\ApiHandlr.dll
2013-10-19 21:51 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2015-04-19 20:56 - 2015-04-19 20:56 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\aeriagames.com -> hxxp://aeriagames.com

IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2002501991-1074103417-190154067-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.202.128.2 - 195.202.128.3

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Grisu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Grisu\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: sdpbuqecykkocot => C:\ProgramData\sdpbuqec.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AD81D88-A06C-4C06-9680-106377BA3E24}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C37A5F65-0719-4314-814E-50F8C7C754A0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{02A098B8-DD6C-47D7-9784-3A14981A5679}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{664CAAC8-C90D-4BD3-AC0A-44305F3992BD}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{46BFC318-25C5-4BBC-B17B-8223A0F2BB80}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{E56A8D9A-0E14-46E7-924E-78FE0FE246D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{78B3F0E4-BBB0-417E-A3A2-FB1FBB3E686C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7B0AB5D-E386-45FD-AF48-C7DE9498F605}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1DE81C9-A9B9-4F19-B1F6-8D25AE3A43DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79488AA1-9BE0-4003-BA4F-438DD21EB0E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{406BFEAB-0865-4723-B011-0E2C2F07DB14}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{74544866-CF84-4C2E-A910-A92D4748D274}] => (Allow) LPort=2869
FirewallRules: [{6685BCA2-A037-4C61-921B-7BB7FA14520B}] => (Allow) LPort=1900
FirewallRules: [{626BFA29-2276-4F22-A3F2-0ECEE9016B67}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0A796897-BB33-4DBA-B5F4-C3802A6A2344}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{72084968-D307-4C1B-A1B5-38CE1C5CC2D1}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{E60D482B-90C2-4DA0-951E-A78F89469386}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{DE07AE6C-F1D5-48E5-BFA7-E83BC1B90BB8}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{2F4BBF2E-B96B-4CEA-B58F-CBA6F637034D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{C9EE6E5B-F21A-4635-972E-903720D4D1CA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{6C8671EB-90A2-49B9-A264-267F162AB419}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{11483551-E641-47D9-B9F3-1F83EB4F6909}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8A18AD81-367E-48E7-A0EA-61F529BE35E3}C:\users\grisu\appdata\local\temp\gw2.exe] => (Allow) C:\users\grisu\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{C45E8F68-1F64-4467-8FC3-1C7DC73D6457}C:\users\grisu\appdata\local\temp\gw2.exe] => (Allow) C:\users\grisu\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{4FEFE1D6-2183-405D-BF20-5662C2BF61C5}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{62F315E6-1DA5-47F8-9F04-8C4D19624C44}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{87970594-F41A-44A6-8238-2FBF2C05B8EA}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [UDP Query User{AF22B346-CD95-4BA1-9513-0DB143480912}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [{79EF8866-3B30-4145-A331-89E7D6E67736}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{D971EE70-4D31-4317-B652-4D4EDE5CA4B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{5885B28A-CF05-425F-AC2F-BCAF0267C785}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2C332F15-8129-4CCC-BD59-DDA1C67F201A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{E31F1C3A-7D46-458B-B6F4-5DDCB6DD553B}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [UDP Query User{EF9B1D53-D061-446B-9B1B-00E02A3E42AE}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{C560F358-D83A-4984-AA06-DB315F97FD55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{0340A7DB-0DE0-4CC6-AEF7-80C6A1952A1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [TCP Query User{9EF0CF25-1BC5-4203-92C5-DED0FE754DDE}C:\users\grisu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\grisu\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E1923791-3852-479A-AE7B-7608B192A0CA}C:\users\grisu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\grisu\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FBF9690E-4298-41EE-B652-06E48596D2FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{CAB21E9F-E8C2-4875-B483-785025F1B08A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\Torchlight2.exe
FirewallRules: [TCP Query User{FB72DB0C-6E36-4732-8567-BC5136C5C613}C:\users\grisu\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\grisu\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C0B37C92-E4FA-4317-A922-189C6E7A8A30}C:\users\grisu\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\grisu\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A3D6F676-5BAB-4182-9D42-7262E53AFF09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EF7F3327-6E75-46D5-BEE4-1B6A6AAFA90D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{55D5E1A2-3D08-4A24-9171-048A40FBEBA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{473C11D7-66D8-42DC-AAA8-3C19B926E2C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{94118FC0-7C81-4700-A2C5-2F8E8F4F67FB}C:\program files (x86)\age of wonders shadow magic\aowsm.exe] => (Allow) C:\program files (x86)\age of wonders shadow magic\aowsm.exe
FirewallRules: [UDP Query User{D436B159-FE07-4AF1-A0C7-6021CA6B3289}C:\program files (x86)\age of wonders shadow magic\aowsm.exe] => (Allow) C:\program files (x86)\age of wonders shadow magic\aowsm.exe
FirewallRules: [{7F7ED53A-B54F-4D11-9128-2DC072810791}] => (Allow) C:\program files (x86)\age of wonders shadow magic\aowsm.exe
FirewallRules: [{C57AEC93-4AF3-4795-B2B3-277170D3D9D8}] => (Allow) C:\program files (x86)\age of wonders shadow magic\aowsm.exe
FirewallRules: [TCP Query User{B21B2707-C9F6-42BB-A9A9-965DC6B6B03F}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{3988BBE0-6D4A-4F43-BE40-AF9DF46369E2}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{1F43440E-F6B5-45DE-BB86-8AADB52285AA}] => (Block) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{6D19B1C4-8563-45D1-9ED1-003CBD47C953}] => (Block) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{7300D086-4CF1-4C6B-8B6F-53C96BCAB227}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{F456CFA7-3224-4BBE-B141-C89CCA571A29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [TCP Query User{32E33F91-4E26-468E-9047-28F4EE86C64A}C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe] => (Allow) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe
FirewallRules: [UDP Query User{83990931-ADA0-4820-A5A5-5B9A292DC6E3}C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe] => (Allow) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe
FirewallRules: [{B4D0DE7D-AC60-49A6-B9E7-8ED79E163D8E}] => (Block) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe
FirewallRules: [{4F54BC01-D236-4735-A17E-4F8E13949E09}] => (Block) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe
FirewallRules: [TCP Query User{7BE79D19-253F-441F-87C1-99A3B6DA6F22}C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe] => (Allow) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe
FirewallRules: [UDP Query User{C1B2D16B-4198-4093-9A3E-0C553B98D9F1}C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe] => (Allow) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe
FirewallRules: [{DDB8BA7A-CC6B-40FC-B402-12A321960896}] => (Block) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe
FirewallRules: [{610F2106-672C-4EBC-AB9A-3E93BE81559D}] => (Block) C:\users\grisu\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe
FirewallRules: [{1E561441-0EA1-432D-9653-BAD915F6C655}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{6F43E94D-CB6A-4CC4-BB64-F09938599BD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{09321CBB-5427-4753-8ABA-6891043BC02F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{27CE441D-A27B-4914-9194-40B47F594D8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{CFA6C64F-82B6-48AC-8710-EC3C50BD029A}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{0E05C52E-970A-4842-89CB-DFA033BA7BEF}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{DB0F2EBB-91B7-4275-AC00-D0C96F2ADB23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{FFAAF19B-36AC-464B-9A0E-E9D0F7F77EE4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{8BE2A411-2F97-4EEF-A31B-B9FEE69CB7D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{46036487-4BB8-4602-8422-2D0B2BF8A282}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7CFAD1EE-703A-458D-8A97-4718BAC8ECB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6BF06F43-4EEC-4CBA-86E6-A78701F0EF7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{584E13FA-89FA-498F-AE74-28E9215B73B0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B3AC797F-4255-40AC-AA6E-C20DEFFF2EC8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{40D08AFE-F067-4F9D-BA52-786BB540C746}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{DF71863A-B691-4E8C-BBA5-E92EFE49E48B}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{E960CE26-7693-4691-A16A-CCB38A6B5A6B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{B9E6E8F6-E851-4827-8717-560565FD6A59}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{9E72EDB8-27BD-4744-A5A5-9092F1B22F32}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{3515301A-61E3-4946-AAC1-A866EF20A3D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{7B0E04F9-633A-41DE-AF99-1694B7A01673}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{29BF6100-CDBF-4BB0-90F7-717122E0799D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3FCB5EBA-468D-4855-8862-796EF46C12B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F40B077D-E0D0-4C8B-B047-9ECD870C1647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{478BAD50-5CDB-4FB9-AC95-7DEE4E4E7435}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{17ACC4CE-8A4E-4E1F-9679-BB9027474110}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{ED8A0F93-56C3-47CD-93EA-28A0A41BF95B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0D675F77-94C6-463F-9ED6-C5FEC2B98287}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B8BD8232-47EA-4D96-9E1C-9D8C68EC4110}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{056F9853-A63B-4894-96CE-CDEB01BE9F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{098F7E04-E893-4E53-903A-A2FFA2FA9D19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2D49679A-01BD-464F-8902-93E4DB21DDBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7DB8345-F9D7-41D2-8701-EBFA047C4239}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{69A72F26-8429-4C64-840E-92CA24C9031C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{36EDD3FA-AF83-4675-B864-E8A1AE72C24B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FAF00082-0F97-4EFC-83FE-BAFC84657DA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4AC00C64-EB6E-4C3C-B3AC-7C70881AF6A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2E68D16F-F17F-43E4-90C6-B1463AB48220}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{48FFBBE9-C5CC-4A39-ADFD-A16A506A2A7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{08A95BA3-278C-4090-A948-8F0551A6C326}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E55DDBCA-1CFB-4185-BB5A-2794067BF74A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{A3863C8A-DAE5-4AB5-88B1-3949D9E10826}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{827FFED2-DE29-4D0C-8CB4-09B6BEAA2A69}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C1064844-0025-4B46-8F96-EB186C7CCDB4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B46EBD5D-2B2D-42B1-884D-936CF5089C83}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{6F70FE67-A197-4A2C-A3BC-1D0E4209046C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C161B626-C5A9-4033-9698-9094E7FD33CC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16E9C092-01C1-48F8-B33D-9046DAE901B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C17F4FBD-1EA4-4747-82B6-AC9FC42F3F40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{4FA4134E-4C8A-4587-9389-1D6BC1547DAB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{5E9CF2F7-8690-467E-9688-7540866C12FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C9A1131-386E-4F37-A02B-E59BE660CA58}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D4FCB0E-2583-4676-B8B3-CCFBC4055CC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D78DFA9-06F2-4CA6-B8E2-467DC9834DA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23158EDE-D1D2-4C22-B382-18BBEAE0AFB2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{3EF1D052-C223-4FF1-85F8-3B1F00D92431}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{76D568C8-3EF6-4BDF-862B-5AABD5CA21A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{40D8C881-C3BB-48BE-B156-1C72C2BFD295}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{6783AC61-3F41-47CC-AD23-255C5572A5B0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C84A204-F33B-41D4-A9AA-A9FE4AF7A757}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{613CDC63-C1C3-4E87-B4D6-A93541592645}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0470D902-41C3-4BB9-91D1-8C1214533591}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{23C91B0F-02EC-4B0C-B612-F71582277FB4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{6E458221-F20C-47A3-ADD5-7464CA58CC4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{61E111D9-0828-45F1-A75B-7BE3997B3DC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{9DA562AE-B7EA-4563-9E62-C61BACF2647F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{F7405CDC-57AE-4A66-984C-824A722D2DEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{1C3E5A44-1C35-4A40-8DAB-526F86BDCE77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{C504A436-A58F-49B0-851B-DAD9D1CA0AE4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{34F6894F-4A6C-4009-BB81-C2C5050AA83F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E69C229E-0293-42E2-B0D4-3E68223870B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{73EB5E89-EE38-4316-9654-FBE9D3C13638}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{7E242018-47B2-4E25-BFE8-C20BB86CD496}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3.exe
FirewallRules: [{87A9A812-35BE-4EF1-B6CA-5ECB834F0F0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3.exe
FirewallRules: [{3E8C32F4-B38F-47D4-9074-FA59BDB42915}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3_Debug.exe
FirewallRules: [{005A9E2F-215E-439F-BF73-01B7FD6392D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3_Debug.exe
FirewallRules: [{D75C876C-55F8-4A3E-8489-E3DB2B217218}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{B54F5575-F650-41EF-8059-8B766E31FB48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{8AA1AF7D-EB4F-47CE-8514-C52F6EBC7A51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{8101BFD6-048C-4C44-A5EB-084BC972750A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2C5969CD-E863-4A07-9818-BF847CF2A281}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{371DA003-FB2C-45B0-A142-0F2443B81EC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{E512C9C3-EB23-465A-96D7-1B75B26F6840}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{BB9EAFDF-5536-406D-83C2-CC5F4A6C07C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{049F631E-8059-4496-81CB-0DD713DDBF91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{B90CF1F3-B046-4C7C-A44F-6AC37A3236B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{4B4BAF92-706A-45BE-BEFE-F09FB7A6C012}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BEC28542-C406-4BA0-BB1A-E86AC224FA01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{7ADBF8CD-829E-4B0B-ACDB-98C3FD6528F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{6CB0D7C5-5383-41DD-8409-0E9BF2DDE328}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [TCP Query User{4CEF0A6C-C943-42E7-83ED-50470CBC45CD}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [UDP Query User{E649BC0B-DD2F-419D-BC8E-E3A106463F4F}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [{F76CD8F3-CFEE-41CD-A725-2E0272D57BA9}] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [{78D1CFD6-9C63-4E86-AC99-DDE7B3C15E41}] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [{349B8BF4-9EAF-4646-98B8-0A078DD56D90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{DF1B9E93-58C1-434E-9436-F9132541AC3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{F8995F92-0906-4C6F-84A3-907BA304896D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{974A6D18-251F-4BC7-8318-47424F4B1520}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{241F19E0-FF22-443C-8629-132A636B4194}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{BCDC86DA-3026-409C-AF61-2F393480FB2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{0AADC54C-A1EA-4B49-A5FC-3774A5FDE96F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{FC1B4632-337B-4747-8CB9-9AA55D17892F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{A6703AD7-66D4-4713-A268-ECEEE74ABC73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{CB37D67C-8AE5-4FF2-A069-0A5881190CB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{AF6C29F0-BE6F-4263-B996-DA7817D7CC23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{CF8D768A-0F8F-4F44-9D95-15A5BA5BA92F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{95EEA531-9FA1-4192-90AC-22727F47E662}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{ACC06DA3-6DC1-4AF2-91AC-36AFC95A1663}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{3175F901-AF80-49E8-AA20-ACBEA86F7884}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{E730C195-5F25-42CE-A778-EE623C9D2A53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{818F8375-01E5-4DCB-AD5D-7827FB94A492}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{45ACE1C0-F842-453D-AE4A-EE7D8EDC5844}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0F707949-F5D9-47D7-A6FA-8F55DF3BA987}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{93E810E4-2269-4729-BBC6-F9B3330D2A1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{CA7A500B-8B7E-428A-B76F-FAEA0E27E4AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{293D8AB6-C6E9-4D29-BA57-7DEAB8C3364F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{847E2FED-70C3-408E-B026-500E3A61D701}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{80E727C7-F0B9-49BB-A357-5E115C9993B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{D0C78DBE-4308-43C2-9FA9-4E7B2722C628}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{740AE463-DC24-4CB3-B0E0-F750ED870643}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{37C62711-8BA4-44B3-A085-3C05DBCB1D2B}C:\program files (x86)\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{487612A5-154F-46BD-91F7-CA29C80B7402}C:\program files (x86)\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe
FirewallRules: [{72BB517E-2C45-440C-B6A3-A3D541D8D603}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A4FAA788-ABC1-440B-BAB0-9332F8945539}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{296E43D3-C31C-44C5-A987-EB0D14DD41A3}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98ABD14D-9696-4415-9F2A-2D516C14982F}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{D24E3428-A334-4C72-8236-BBCADCBA8D47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{7EB3C186-31D9-4F8A-860C-0982407700D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{DC966273-2C3F-41FB-9DAA-8BBF3A643FD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A085977-DA18-4A67-8789-47EC18078437}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D7ACB74-3C47-4485-BF8E-99166A7E6C55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5286E2C8-42A8-4B1E-8BF3-3E4EFEA6D4CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{B1BB4FB2-EC48-4918-921E-00E2F2AA1B89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{FE910566-9770-413E-B23B-40E68763EF13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{C1551B21-BB30-432C-A7A5-BD38BCC73972}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{9700BB60-C70D-4405-90F3-7C121F406368}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EB6796B8-E257-4197-A0F1-6F106FF4E6D8}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CE673E47-AA79-4D0E-A4E2-9531A634E5DF}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{B67668CB-A1E3-4A5E-A865-2869F2274118}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{248D7A29-242B-41BB-8916-F5AE0D10E428}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{B4842C8E-CAC4-447A-A270-B18245C8FF14}D:\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{6528AC2B-0D87-4719-BFE3-2CF4B136D8B1}D:\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{B4B3A556-2DF7-4835-AFA7-FF243A832B7A}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A5AE5926-5F1B-4B9B-8E57-15CE53AE3A49}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [{8B5217EC-29BE-405E-B722-22E75169576D}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{018F70EF-5A93-41F0-8BAE-3FF100A25B68}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{59D5E257-F425-47DD-A77F-AF188722A4AD}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C2423B68-E76D-4CCC-9263-3776A63309A7}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{3593BEBF-E4CF-481D-9563-9CBEDD42EB41}] => (Allow) D:\Steam\SteamApps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{ACFC76DA-5853-42FF-9910-245CD399F21F}] => (Allow) D:\Steam\SteamApps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{879198FE-6A9F-4C82-BB40-1FD28B040E30}] => (Allow) D:\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{E57B8AA4-5E60-421F-8C33-AC033764C1A1}] => (Allow) D:\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{BD9A9AE1-DFC7-44BA-BC2E-E843E0DD03DE}D:\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) D:\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{742B4F49-2DB1-44AB-8551-2D4C320B40F6}D:\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) D:\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{C8C4EF7B-CCE1-4E4D-80E6-ADA16F9F53F3}D:\steam\steamapps\common\aow3\aow3.exe] => (Allow) D:\steam\steamapps\common\aow3\aow3.exe
FirewallRules: [UDP Query User{E89E594F-21CC-4D25-8E4F-71442615ACD5}D:\steam\steamapps\common\aow3\aow3.exe] => (Allow) D:\steam\steamapps\common\aow3\aow3.exe
FirewallRules: [TCP Query User{82D3605A-688D-44C7-BCAF-6D4D29F1F0CE}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CECEEB77-90AE-4B07-A85D-7ED7CCEA945D}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{BE9E1C4E-AA66-4BC7-AF83-79EC5BC02F9F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{57671057-43A3-45F2-8A49-B99D3A6CDE6C}] => (Allow) D:\Steam\SteamApps\common\Blood Bowl Legendary Edition\BB_LE.exe
FirewallRules: [{5CAF335B-4A8C-4DF7-8858-7DBB7D818F72}] => (Allow) D:\Steam\SteamApps\common\Blood Bowl Legendary Edition\BB_LE.exe
FirewallRules: [TCP Query User{1FE7EE7E-A824-46BB-86C4-95BDC10FE99C}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5F2CDEAC-AACF-44F3-93B4-CECD66C23950}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 08:33:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/22/2015 08:32:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/22/2015 08:32:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/22/2015 08:31:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:29:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 06:13:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 04:15:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/21/2015 11:57:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/21/2015 11:57:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/21/2015 11:57:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.


System errors:
=============
Error: (05/22/2015 08:36:14 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5!051d(2558)

Error: (05/22/2015 08:30:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/22/2015 08:30:32 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature: %%886

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert 

	Grund: %%892

Error: (05/22/2015 08:30:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎05.‎2015 um 00:06:18 unerwartet heruntergefahren.

Error: (05/22/2015 00:06:56 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5!051d(2558)

Error: (05/21/2015 06:12:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎21.‎05.‎2015 um 17:32:05 unerwartet heruntergefahren.

Error: (05/21/2015 11:42:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 11:42:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia Update Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 11:42:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 11:42:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-22 11:00:41.529
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-22 11:00:41.498
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-10 16:10:26.308
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-10 16:10:26.268
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 66%
Total physical RAM: 4077.24 MB
Available physical RAM: 1365.9 MB
Total Pagefile: 8152.68 MB
Available Pagefile: 4891.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:0.02 GB) NTFS
Drive d: () (Fixed) (Total:1667.6 GB) (Free:1464.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 94DF006D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1667.6 GB) - (Type=07 NTFS)

==================== End of log ============================
         

Alt 22.05.2015, 21:03   #5
schrauber
/// the machine
/// TB-Ausbilder
 

IStartSurf! - Standard

IStartSurf!



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Wajam


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.05.2015, 13:13   #6
Atalon
 
IStartSurf! - Standard

IStartSurf!



Beim Deinstallieren kam eine Warnung: "Uninstall ist fehlgeschlagen! Vermutlich ungültiger deinstall Befehl!" Habe auf "Ok" gedrückt und den Scan auf weiter.

Beim 2. Versuch ht es dann geklappt. Hier nun die Combofix logs
Code:
ATTFilter
ComboFix 15-05-19.01 - Grisu 23.05.2015  12:23:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4077.1954 [GMT 2:00]
ausgeführt von:: c:\users\Grisu\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-23 bis 2015-05-23  ))))))))))))))))))))))))))))))
.
.
2015-05-23 10:30 . 2015-05-23 10:30	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-05-23 10:30 . 2015-05-23 10:30	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2015-05-23 10:10 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBEE9F44-F4D1-4889-A446-0BE5066B7584}\mpengine.dll
2015-05-23 09:59 . 2015-05-23 09:59	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-05-22 06:41 . 2015-03-26 08:22	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E39D1DCA-BF0D-48A3-A84D-8DE1C18199B4}\gapaengine.dll
2015-05-22 06:41 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-22 06:36 . 2015-05-22 06:38	--------	d-----w-	C:\FRST
2015-05-21 09:46 . 2015-05-21 09:46	--------	d-----w-	c:\program files (x86)\ESET
2015-05-21 09:42 . 2015-05-21 09:42	--------	d-----w-	C:\RegBackup
2015-05-21 09:25 . 2015-05-21 09:28	--------	d-----w-	C:\AdwCleaner
2015-05-21 08:48 . 2015-05-21 08:48	--------	d-sh--w-	c:\users\Grisu\AppData\Local\EmieBrowserModeList
2015-05-21 08:02 . 2015-05-21 08:02	--------	d-----w-	c:\program files (x86)\WajaWebEnhance
2015-05-13 17:13 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:13 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:36 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-21 08:56 . 2014-08-25 06:42	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-13 17:16 . 2012-01-23 23:38	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 06:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-19 18:56 . 2012-04-22 21:07	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-19 18:56 . 2012-04-22 21:07	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-08-25 06:42	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-08-25 06:42	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2012-08-30 14:08	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-26 08:22 . 2012-10-02 15:09	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 12:39	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:39	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:39	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:39	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:39	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:39	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:39	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:39	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:39	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:39	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:39	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:39	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:39	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:39	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:39	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:39	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:38	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:38	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:38	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:38	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:38	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:38	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 12:38	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 12:38	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 12:38	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 12:38	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 12:38	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 12:38	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 12:38	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 12:38	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 17:34 . 2015-03-04 17:34	280376	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2015-03-04 17:34 . 2012-03-20 18:44	124568	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2015-03-04 04:55 . 2015-04-15 12:37	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 12:37	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 06:36	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 06:36	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 12:37	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 06:36	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 06:36	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 06:36	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-03-03 13:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-25 03:18 . 2015-04-15 12:38	754688	----a-w-	c:\windows\system32\drivers\http.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-10-19 456768]
"f.lux"="c:\users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-10-14 565464]
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-4-28 17247744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WajaWebEnhance Service;WajaWebEnhance Service;c:\program files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe;c:\program files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 18:56]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 11:10]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 11:10]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core.job
- c:\users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-20 19:33]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA.job
- c:\users\Grisu\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-20 19:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49271;https=127.0.0.1:49271
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8A11670B-D557-4B1F-838C-213E1F33D76F}: NameServer = 195.202.128.2,195.202.128.3
FF - ProfilePath - c:\users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870\
FF - prefs.js: network.proxy.type - 5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-FHMcom_OxleyStrip - c:\windows\system32\FHMcom_OxleyStrip.scr
AddRemove-june05FHMcom - c:\windows\system32\june05FHMcom.scr
AddRemove-Scarlet Blade - c:\aeriagames\ScarletBlade\Uninst.exe
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
AddRemove-Steam App 200710 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 226840 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 238960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 570 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 65800 - c:\program files (x86)\Steam\steam.exe
AddRemove-Wintergames 3 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2002501991-1074103417-190154067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*N*T*E*R*N*A*ؤ§)\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-23  13:11:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-23 11:11
.
Vor Suchlauf: 7.155.081.216 Bytes frei
Nach Suchlauf: 6.776.950.784 Bytes frei
.
- - End Of File - - 5BE2F2506188179E2DB65C184EAD23AC
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 24.05.2015, 07:12   #7
schrauber
/// the machine
/// TB-Ausbilder
 

IStartSurf! - Standard

IStartSurf!



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.05.2015, 12:11   #8
Atalon
 
IStartSurf! - Standard

IStartSurf!



Was passiert mit den Funden die in Quarantäne gestellt wurden?
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.05.2015
Suchlauf-Zeit: 11:32:50
Logdatei: MBAM2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.23.05
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Grisu

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 475635
Verstrichene Zeit: 8 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.Downloader, C:\Users\Grisu\Downloads\Firefox - CHIP-Installer.exe, In Quarantäne, [e594e65d2c5e999d069ac6a5689804fc], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Hier die Protection Log
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Error, 24.05.2015 11:10:56, SYSTEM, GRISU-PC, Protection, IsLicensed, 13, 
Protection, 24.05.2015 11:10:56, SYSTEM, GRISU-PC, Protection, Malware Protection, Stopping, 
Protection, 24.05.2015 11:10:56, SYSTEM, GRISU-PC, Protection, Malware Protection, Stopped, 
Protection, 24.05.2015 11:32:48, SYSTEM, GRISU-PC, Protection, Malware Protection, Starting, 
Protection, 24.05.2015 11:32:48, SYSTEM, GRISU-PC, Protection, Malware Protection, Started, 
Protection, 24.05.2015 11:32:48, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Starting, 
Protection, 24.05.2015 11:32:48, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Started, 
Update, 24.05.2015 11:32:51, SYSTEM, GRISU-PC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, 
Update, 24.05.2015 11:32:51, SYSTEM, GRISU-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.5.16.1, 
Update, 24.05.2015 11:32:56, SYSTEM, GRISU-PC, Manual, Malware Database, 2015.3.9.5, 2015.5.23.5, 
Protection, 24.05.2015 11:32:56, SYSTEM, GRISU-PC, Protection, Refresh, Starting, 
Protection, 24.05.2015 11:32:56, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 24.05.2015 11:32:56, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 24.05.2015 11:33:06, SYSTEM, GRISU-PC, Protection, Refresh, Success, 
Protection, 24.05.2015 11:33:06, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Starting, 
Protection, 24.05.2015 11:33:06, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Started, 
Scan, 24.05.2015 11:44:31, SYSTEM, GRISU-PC, Context, Start: 24.05.2015 11:32:50, Dauer: 8 Minuten 42 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "1" nicht-Malwareerkennung, 
Protection, 24.05.2015 11:46:04, SYSTEM, GRISU-PC, Protection, Malware Protection, Starting, 
Protection, 24.05.2015 11:46:04, SYSTEM, GRISU-PC, Protection, Malware Protection, Started, 
Protection, 24.05.2015 11:46:04, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Starting, 
Detection, 24.05.2015 11:46:10, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancer.exe, Quarantäne, [d04120777119fb3b8ce6bb20f112d12f]
Protection, 24.05.2015 11:46:12, SYSTEM, GRISU-PC, Protection, Malicious Website Protection, Started, 
Detection, 24.05.2015 11:46:30, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:46:30, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:46:40, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:46:40, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:46:50, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:46:50, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:47:00, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:47:00, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:47:10, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:47:10, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:47:20, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:47:20, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:47:30, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:47:30, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:47:40, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:47:40, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:47:50, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:47:50, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:48:00, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:48:00, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:48:11, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:48:11, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:48:21, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:48:21, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:48:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:48:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:48:41, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:48:41, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:48:51, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:48:51, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:49:01, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:49:01, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:49:11, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:49:11, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:49:21, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:49:21, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:49:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:49:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:49:41, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:49:41, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:49:51, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:49:51, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:50:01, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:50:01, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:50:11, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:50:11, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:50:21, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:50:21, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:50:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:50:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:50:41, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:50:42, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:50:52, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:50:52, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:51:02, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:51:02, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:51:12, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:51:12, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:51:22, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:51:22, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:51:32, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:51:32, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:51:42, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:51:42, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:51:52, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:51:52, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:52:02, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:52:02, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:52:12, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:52:12, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:52:22, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:52:22, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:52:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\FiddlerCore.dll, Quarantäne, [f21fa3f4a1e91d19caa85784f90a1de3]
Detection, 24.05.2015 11:52:31, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\Newtonsoft.Json.dll, Quarantäne, [15fc4e49d5b5a78f7ff3914afe05d22e]
Detection, 24.05.2015 11:52:32, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:52:32, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:52:42, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:52:42, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:52:52, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:52:52, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:53:02, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:53:02, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:53:07, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\ApiHandlr.dll, Quarantäne, [25ec3e591d6db581d89a4c8f83802bd5]
Detection, 24.05.2015 11:53:12, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:53:12, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:53:23, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:53:23, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:53:28, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\apihandlr.dll, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [25ec3e591d6db581d89a4c8f83802bd5]
Detection, 24.05.2015 11:53:28, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\fiddlercore.dll, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [f21fa3f4a1e91d19caa85784f90a1de3]
Detection, 24.05.2015 11:53:28, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\newtonsoft.json.dll, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [15fc4e49d5b5a78f7ff3914afe05d22e]
Detection, 24.05.2015 11:53:33, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:53:33, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]
Detection, 24.05.2015 11:53:43, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe, Quarantine Failed, 5, Zugriff verweigert  , [868bb2e5b9d1c1757af807d4ba498080]
Detection, 24.05.2015 11:53:43, SYSTEM, GRISU-PC, Protection, Malwareschutz, Datei, PUP.Optional.Wajam.A, c:\program files (x86)\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [d04120777119fb3b8ce6bb20f112d12f]

(end)
         
Und auch die ADW logs
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 24/05/2015 um 12:02:52
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Grisu - GRISU-PC
# Gestarted von : C:\Users\Grisu\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49271;hxxps=127.0.0.1:49271
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [15007 Bytes] - [21/05/2015 11:25:49]
AdwCleaner[R1].txt - [1753 Bytes] - [24/05/2015 12:01:10]
AdwCleaner[S0].txt - [11454 Bytes] - [21/05/2015 11:28:29]
AdwCleaner[S1].txt - [1443 Bytes] - [24/05/2015 12:02:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1502  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 7 Home Premium x64
Ran by Grisu on 24.05.2015 at 12:06:28,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2015 at 12:08:40,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Grisu (administrator) on GRISU-PC on 24-05-2015 12:09:57
Running from C:\Users\Grisu\Downloads
Loaded Profiles: Grisu (Available profiles: Grisu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-19] (BillP Studios)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [f.lux] => C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\JUNE05~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-10-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2014-06-12]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
BootExecute: 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49271;https=127.0.0.1:49271
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2002501991-1074103417-190154067-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8A11670B-D557-4B1F-838C-213E1F33D76F}: [NameServer] 195.202.128.2,195.202.128.3

FireFox:
========
FF ProfilePath: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Extension: Adblock Plus - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-21]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-19]
CHR Extension: (Google Search) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-19]
CHR Extension: (Gmail) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-19]
StartMenuInternet: Google Chrome - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WajaWebEnhance Service; C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [32768 2014-03-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 12:08 - 2015-05-24 12:08 - 00000600 _____ () C:\Users\Grisu\Desktop\JRT.txt
2015-05-24 12:06 - 2015-05-24 12:06 - 02720636 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT(1).exe
2015-05-24 12:00 - 2015-05-24 12:00 - 02222592 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.205.exe
2015-05-24 11:55 - 2015-05-24 11:55 - 00001304 _____ () C:\Users\Grisu\Desktop\MBAM2.txt
2015-05-24 11:54 - 2015-05-24 11:54 - 00030372 _____ () C:\Users\Grisu\Desktop\Mbam.txt
2015-05-24 11:31 - 2015-05-24 11:32 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Grisu\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 13:11 - 2015-05-23 13:11 - 00022186 _____ () C:\ComboFix.txt
2015-05-23 12:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-23 12:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-23 12:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-23 12:17 - 2015-05-23 13:11 - 00000000 ____D () C:\Qoobox
2015-05-23 12:15 - 2015-05-23 12:16 - 05627500 ____R (Swearware) C:\Users\Grisu\Downloads\ComboFix.exe
2015-05-23 11:59 - 2015-05-23 11:59 - 00001264 _____ () C:\Users\Grisu\Desktop\Revo Uninstaller.lnk
2015-05-23 11:59 - 2015-05-23 11:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-23 11:57 - 2015-05-23 11:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Grisu\Downloads\revosetup95.exe
2015-05-22 12:06 - 2015-05-22 12:06 - 04737952 _____ () C:\Users\Grisu\Downloads\ausetup5.3.1.20.exe
2015-05-22 08:37 - 2015-05-22 08:38 - 00072519 _____ () C:\Users\Grisu\Downloads\Addition.txt
2015-05-22 08:36 - 2015-05-24 12:10 - 00000000 ____D () C:\FRST
2015-05-22 08:36 - 2015-05-24 12:09 - 00015923 _____ () C:\Users\Grisu\Downloads\FRST.txt
2015-05-22 08:35 - 2015-05-22 08:35 - 02108416 _____ (Farbar) C:\Users\Grisu\Downloads\FRST64.exe
2015-05-21 11:57 - 2015-05-21 11:57 - 02347384 _____ (ESET) C:\Users\Grisu\Downloads\esetsmartinstaller_deu(1).exe
2015-05-21 11:46 - 2015-05-21 11:46 - 02347384 _____ (ESET) C:\Users\Grisu\Downloads\esetsmartinstaller_deu.exe
2015-05-21 11:46 - 2015-05-21 11:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-21 11:45 - 2015-05-21 11:45 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Grisu\Downloads\sc-cleaner.exe
2015-05-21 11:45 - 2015-05-21 11:45 - 00001874 _____ () C:\Users\Grisu\Desktop\sc-cleaner.txt
2015-05-21 11:42 - 2015-05-21 11:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GRISU-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-21 11:42 - 2015-05-21 11:42 - 00000000 ____D () C:\RegBackup
2015-05-21 11:41 - 2015-05-21 11:42 - 02720009 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT.exe
2015-05-21 11:25 - 2015-05-24 12:02 - 00000000 ____D () C:\AdwCleaner
2015-05-21 11:25 - 2015-05-21 11:25 - 02209792 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.204.exe
2015-05-21 11:19 - 2015-05-21 11:19 - 00048170 _____ () C:\Users\Grisu\Desktop\Istart.txt
2015-05-21 10:59 - 2015-05-21 10:59 - 00000000 ____D () C:\Users\Grisu\Desktop\Alte Firefox-Daten
2015-05-21 10:52 - 2015-05-21 10:52 - 01196832 _____ () C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-05-21 10:48 - 2015-05-21 10:48 - 00000000 __SHD () C:\Users\Grisu\AppData\Local\EmieBrowserModeList
2015-05-21 10:02 - 2015-05-21 10:02 - 00000000 ____D () C:\Program Files (x86)\WajaWebEnhance
2015-05-21 10:01 - 2015-05-21 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2
2015-05-21 10:00 - 2015-05-21 10:00 - 03132924 _____ ( ) C:\Users\Grisu\Downloads\setup_Project64_2.2.exe
2015-05-21 09:54 - 2015-05-21 09:54 - 04825931 _____ () C:\Users\Grisu\Downloads\Snowboard Kids (USA).zip
2015-05-15 09:43 - 2015-05-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 19:13 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:13 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:37 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:37 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:37 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:37 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:37 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:37 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:37 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:37 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:37 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:37 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:37 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:37 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:37 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:37 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:37 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:37 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:37 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:37 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:37 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:37 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:37 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:37 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:37 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:36 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:36 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:36 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:36 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:36 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:36 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:36 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:36 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:36 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:36 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:36 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:36 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 19:08 - 2015-05-05 19:09 - 00000000 ____D () C:\Users\Grisu\Documents\BloodBowlLegendary

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 12:06 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 12:06 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 12:04 - 2014-08-25 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 12:04 - 2013-03-21 16:38 - 00214375 _____ () C:\Windows\setupact.log
2015-05-24 12:04 - 2012-01-14 16:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 12:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 12:03 - 2013-03-21 16:37 - 00294400 _____ () C:\Windows\PFRO.log
2015-05-24 12:03 - 2012-01-14 23:14 - 01763171 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 11:56 - 2012-08-15 11:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 11:32 - 2014-08-25 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-24 11:32 - 2014-08-25 08:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 11:32 - 2012-08-30 16:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-24 11:31 - 2013-12-24 03:33 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Battle.net
2015-05-24 11:30 - 2012-09-15 14:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 11:25 - 2013-10-20 10:50 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA.job
2015-05-24 11:21 - 2014-08-25 08:47 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Adobe
2015-05-24 00:25 - 2013-10-20 10:50 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core.job
2015-05-23 14:42 - 2012-01-16 05:55 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\Skype
2015-05-23 13:08 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-23 12:30 - 2013-10-10 16:03 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 12:27 - 2013-09-21 23:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-21 13:35 - 2012-04-19 01:15 - 00002356 _____ () C:\Users\Grisu\Desktop\Google Chrome.lnk
2015-05-21 11:01 - 2013-06-25 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Duel of Champions Launcher.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-01-14 16:24 - 00001421 _____ () C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 17:37 - 2012-05-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 23:43 - 2014-12-20 00:07 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-17 15:25 - 2012-01-14 16:36 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:25 - 2012-01-14 16:36 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 15:19 - 2015-04-20 17:27 - 00000000 ____D () C:\Windows\rescache
2015-05-16 09:29 - 2012-07-19 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 00:20 - 2013-10-20 10:50 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA
2015-05-16 00:20 - 2013-10-20 10:50 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core
2015-05-15 16:30 - 2013-03-21 10:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 20:01 - 2013-12-24 03:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-14 00:41 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 00:41 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 00:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 00:35 - 2009-07-14 06:45 - 00440096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:32 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 00:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:22 - 2012-08-25 11:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:22 - 2012-08-25 11:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 19:21 - 2012-11-18 23:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 19:20 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:16 - 2012-01-24 01:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:13 - 2012-05-17 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 13:07 - 2013-12-24 03:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-05 19:06 - 2013-06-11 20:49 - 00054459 _____ () C:\Windows\DirectX.log
2015-05-03 17:11 - 2012-01-16 05:55 - 00000000 ____D () C:\ProgramData\Skype
2015-04-27 00:26 - 2012-01-15 15:44 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\TS3Client
2015-04-24 09:28 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-04-08 19:09 - 2015-04-20 22:33 - 0421066 _____ () C:\Users\Grisu\AppData\Roaming\lx.zip
2015-04-08 19:09 - 2015-04-20 22:33 - 0000006 _____ () C:\Users\Grisu\AppData\Roaming\version.txt
2015-03-22 20:51 - 2015-03-22 20:51 - 0001461 _____ () C:\Users\Grisu\AppData\Local\recently-used.xbel
2013-04-06 23:40 - 2013-04-07 19:51 - 0007602 _____ () C:\Users\Grisu\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Grisu\AppData\Local\Temp\Quarantine.exe
C:\Users\Grisu\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 14:46

==================== End of log ============================
         

Alt 25.05.2015, 11:16   #9
schrauber
/// the machine
/// TB-Ausbilder
 

IStartSurf! - Standard

IStartSurf!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.05.2015, 16:41   #10
Atalon
 
IStartSurf! - Standard

IStartSurf!



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=caa9913dc6b7884eb2ff61c06865d99c
# engine=23951
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-21 01:46:40
# local_time=2015-05-21 03:46:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 678288 103509622 0 0
# scanned=323952
# found=20
# cleaned=0
# scan_time=13563
sh=8E720E543A16953A6844FEB1C3E3CBCB16367535 ft=1 fh=f9881c90f64f0011 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5E6AC14D054C325DB197478E3569B63DC6F78682 ft=1 fh=8a3e5b0496b3f158 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=D3532371E9F7E7AA5518B0F8C1316F5EAB577E08 ft=1 fh=13f6bd8db0b76a89 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=B23DC3D8BEE774046E51931AFD543975535B6333 ft=1 fh=b92cf0168a784b9e vn="Variante von Win32/ELEX.DK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=06242BC0F3ED6492589E8ADCEA4C00557181416B ft=1 fh=e5d6e0cf867f7b0e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=1F9488A51C4E1837B3E6B56D95118337D709FADF ft=1 fh=5ca6b9fb33d3f0c8 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=B38D8F831B8C2D25A90C496AF15E58B5CC89EDEE ft=1 fh=154b9602b78d9bfb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=7A897A264B828877F8678C6A59996AA92CF5EF33 ft=1 fh=90db179ea4af01ad vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir"
sh=5B95315844B22672C2E867D8E3D45D9F05ED2016 ft=1 fh=6e4c94e41237e20f vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\AppData\Local\Temp\ioPK2uGf.exe.part"
sh=56862EA54B19496515C788B5F4A4D4619178DAEF ft=1 fh=dd9c00c63b535a0f vn="Variante von Win32/ELEX.CL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\AppData\Local\Temp\smt_istartsurf.exe"
sh=1F93F5FE420B28E0C9E9161E81DDEB4F9C9DE449 ft=1 fh=c138ae358509f971 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\AppData\Local\Temp\DMR\dmr_72.exe"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Desktop\Alte Firefox-Daten\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js"
sh=0BB6983D64FD98D32757A816FB1C8472E6EA2D14 ft=1 fh=6cada5455cce898d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\Firefox - CHIP-Installer.exe"
sh=6A9A91381E6833F873CC1F04B729FC8A2983B5F3 ft=1 fh=93a21c5761c34cdc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=5B95315844B22672C2E867D8E3D45D9F05ED2016 ft=1 fh=6e4c94e41237e20f vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\setup_Project64_2.2.exe"
sh=D96FBDD1E11BCF4282C7300B72C2269D01952621 ft=1 fh=46703fcbc27cf521 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\speedupmypc5.3.12.0.exe"
sh=B1A68C4BD7D8782CEE180580311081F423E8638B ft=1 fh=b0d19998d0be5414 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=caa9913dc6b7884eb2ff61c06865d99c
# engine=24029
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-26 02:10:15
# local_time=2015-05-26 04:10:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1111703 103943037 0 0
# scanned=357952
# found=16
# cleaned=0
# scan_time=9518
sh=8E720E543A16953A6844FEB1C3E3CBCB16367535 ft=1 fh=f9881c90f64f0011 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5E6AC14D054C325DB197478E3569B63DC6F78682 ft=1 fh=8a3e5b0496b3f158 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=D3532371E9F7E7AA5518B0F8C1316F5EAB577E08 ft=1 fh=13f6bd8db0b76a89 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=B23DC3D8BEE774046E51931AFD543975535B6333 ft=1 fh=b92cf0168a784b9e vn="Variante von Win32/ELEX.DK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=06242BC0F3ED6492589E8ADCEA4C00557181416B ft=1 fh=e5d6e0cf867f7b0e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=1F9488A51C4E1837B3E6B56D95118337D709FADF ft=1 fh=5ca6b9fb33d3f0c8 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=B38D8F831B8C2D25A90C496AF15E58B5CC89EDEE ft=1 fh=154b9602b78d9bfb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=7A897A264B828877F8678C6A59996AA92CF5EF33 ft=1 fh=90db179ea4af01ad vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\e9dof2pq.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Desktop\Alte Firefox-Daten\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js"
sh=6A9A91381E6833F873CC1F04B729FC8A2983B5F3 ft=1 fh=93a21c5761c34cdc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=5B95315844B22672C2E867D8E3D45D9F05ED2016 ft=1 fh=6e4c94e41237e20f vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\setup_Project64_2.2.exe"
sh=D96FBDD1E11BCF4282C7300B72C2269D01952621 ft=1 fh=46703fcbc27cf521 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Grisu\Downloads\speedupmypc5.3.12.0.exe"
sh=B1A68C4BD7D8782CEE180580311081F423E8638B ft=1 fh=b0d19998d0be5414 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.8013)   
 JavaFX 2.1.1    
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Was passiert jetzt genau mit den 16 gefundenen Dateien?
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Grisu (administrator) on GRISU-PC on 26-05-2015 16:39:48
Running from C:\Users\Grisu\Downloads
Loaded Profiles: Grisu (Available Profiles: Grisu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Flux Software LLC) C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4056\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5765\Battle.net.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-19] (BillP Studios)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [f.lux] => C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\JUNE05~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-10-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2014-06-12]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
BootExecute: 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49271;https=127.0.0.1:49271
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2002501991-1074103417-190154067-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8A11670B-D557-4B1F-838C-213E1F33D76F}: [NameServer] 195.202.128.2,195.202.128.3

FireFox:
========
FF ProfilePath: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Extension: Adblock Plus - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-21]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-19]
CHR Extension: (Google Search) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-19]
CHR Extension: (Gmail) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-19]
StartMenuInternet: Google Chrome - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WajaWebEnhance Service; C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [32768 2014-03-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 16:39 - 2015-05-26 16:39 - 00000000 ____D () C:\Users\Grisu\Downloads\FRST-OlderVersion
2015-05-26 16:36 - 2015-05-26 16:36 - 00852630 _____ () C:\Users\Grisu\Downloads\SecurityCheck.exe
2015-05-24 12:08 - 2015-05-24 12:08 - 00000600 _____ () C:\Users\Grisu\Desktop\JRT.txt
2015-05-24 12:06 - 2015-05-24 12:06 - 02720636 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT(1).exe
2015-05-24 12:00 - 2015-05-24 12:00 - 02222592 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.205.exe
2015-05-24 11:55 - 2015-05-24 11:55 - 00001304 _____ () C:\Users\Grisu\Desktop\MBAM2.txt
2015-05-24 11:54 - 2015-05-24 11:54 - 00030372 _____ () C:\Users\Grisu\Desktop\Mbam.txt
2015-05-24 11:31 - 2015-05-24 11:32 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Grisu\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 13:11 - 2015-05-23 13:11 - 00022186 _____ () C:\ComboFix.txt
2015-05-23 12:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-23 12:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-23 12:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-23 12:17 - 2015-05-23 13:11 - 00000000 ____D () C:\Qoobox
2015-05-23 12:15 - 2015-05-23 12:16 - 05627500 ____R (Swearware) C:\Users\Grisu\Downloads\ComboFix.exe
2015-05-23 11:59 - 2015-05-23 11:59 - 00001264 _____ () C:\Users\Grisu\Desktop\Revo Uninstaller.lnk
2015-05-23 11:59 - 2015-05-23 11:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-23 11:57 - 2015-05-23 11:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Grisu\Downloads\revosetup95.exe
2015-05-22 12:06 - 2015-05-22 12:06 - 04737952 _____ () C:\Users\Grisu\Downloads\ausetup5.3.1.20.exe
2015-05-22 08:37 - 2015-05-22 08:38 - 00072519 _____ () C:\Users\Grisu\Downloads\Addition.txt
2015-05-22 08:36 - 2015-05-26 16:39 - 00018076 _____ () C:\Users\Grisu\Downloads\FRST.txt
2015-05-22 08:36 - 2015-05-26 16:39 - 00000000 ____D () C:\FRST
2015-05-22 08:35 - 2015-05-26 16:39 - 02108928 _____ (Farbar) C:\Users\Grisu\Downloads\FRST64.exe
2015-05-21 11:45 - 2015-05-21 11:45 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Grisu\Downloads\sc-cleaner.exe
2015-05-21 11:45 - 2015-05-21 11:45 - 00001874 _____ () C:\Users\Grisu\Desktop\sc-cleaner.txt
2015-05-21 11:42 - 2015-05-21 11:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GRISU-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-21 11:42 - 2015-05-21 11:42 - 00000000 ____D () C:\RegBackup
2015-05-21 11:41 - 2015-05-21 11:42 - 02720009 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT.exe
2015-05-21 11:25 - 2015-05-24 12:02 - 00000000 ____D () C:\AdwCleaner
2015-05-21 11:25 - 2015-05-21 11:25 - 02209792 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.204.exe
2015-05-21 11:19 - 2015-05-21 11:19 - 00048170 _____ () C:\Users\Grisu\Desktop\Istart.txt
2015-05-21 10:59 - 2015-05-21 10:59 - 00000000 ____D () C:\Users\Grisu\Desktop\Alte Firefox-Daten
2015-05-21 10:52 - 2015-05-21 10:52 - 01196832 _____ () C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-05-21 10:48 - 2015-05-21 10:48 - 00000000 __SHD () C:\Users\Grisu\AppData\Local\EmieBrowserModeList
2015-05-21 10:02 - 2015-05-21 10:02 - 00000000 ____D () C:\Program Files (x86)\WajaWebEnhance
2015-05-21 10:01 - 2015-05-21 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2
2015-05-21 10:00 - 2015-05-21 10:00 - 03132924 _____ ( ) C:\Users\Grisu\Downloads\setup_Project64_2.2.exe
2015-05-21 09:54 - 2015-05-21 09:54 - 04825931 _____ () C:\Users\Grisu\Downloads\Snowboard Kids (USA).zip
2015-05-15 09:43 - 2015-05-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 19:13 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:13 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:37 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:37 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:37 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:37 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:37 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:37 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:37 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:37 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:37 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:37 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:37 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:37 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:37 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:37 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:37 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:37 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:37 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:37 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:37 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:37 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:37 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:37 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:37 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:36 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:36 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:36 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:36 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:36 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:36 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:36 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:36 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:36 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:36 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:36 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:36 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 19:08 - 2015-05-05 19:09 - 00000000 ____D () C:\Users\Grisu\Documents\BloodBowlLegendary

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 16:35 - 2013-12-24 03:33 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Battle.net
2015-05-26 16:33 - 2014-08-25 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 16:30 - 2012-09-15 14:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 16:25 - 2013-10-20 10:50 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA.job
2015-05-26 15:56 - 2012-08-15 11:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 15:30 - 2012-01-14 16:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 15:01 - 2012-01-14 23:14 - 01922736 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 13:33 - 2014-08-25 08:47 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Adobe
2015-05-26 13:32 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-05-26 13:32 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-05-26 13:32 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 13:31 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 13:31 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 13:23 - 2013-03-21 16:38 - 00214879 _____ () C:\Windows\setupact.log
2015-05-26 13:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 01:45 - 2012-01-16 05:55 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\Skype
2015-05-26 00:25 - 2013-10-20 10:50 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core.job
2015-05-25 21:37 - 2012-04-19 01:15 - 00002356 _____ () C:\Users\Grisu\Desktop\Google Chrome.lnk
2015-05-24 12:03 - 2013-03-21 16:37 - 00294400 _____ () C:\Windows\PFRO.log
2015-05-24 11:32 - 2014-08-25 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-24 11:32 - 2014-08-25 08:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 11:32 - 2012-08-30 16:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 13:08 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-23 12:30 - 2013-10-10 16:03 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 12:27 - 2013-09-21 23:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-21 11:01 - 2013-06-25 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Duel of Champions Launcher.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-01-14 16:24 - 00001421 _____ () C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 17:37 - 2012-05-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 23:43 - 2014-12-20 00:07 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-17 15:25 - 2012-01-14 16:36 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:25 - 2012-01-14 16:36 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 15:19 - 2015-04-20 17:27 - 00000000 ____D () C:\Windows\rescache
2015-05-16 09:29 - 2012-07-19 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 00:20 - 2013-10-20 10:50 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA
2015-05-16 00:20 - 2013-10-20 10:50 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core
2015-05-15 16:30 - 2013-03-21 10:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 20:01 - 2013-12-24 03:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-14 00:35 - 2009-07-14 06:45 - 00440096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:32 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 00:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:22 - 2012-08-25 11:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:22 - 2012-08-25 11:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 19:21 - 2012-11-18 23:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 19:20 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:16 - 2012-01-24 01:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:13 - 2012-05-17 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 13:07 - 2013-12-24 03:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-05 19:06 - 2013-06-11 20:49 - 00054459 _____ () C:\Windows\DirectX.log
2015-05-03 17:11 - 2012-01-16 05:55 - 00000000 ____D () C:\ProgramData\Skype
2015-04-27 00:26 - 2012-01-15 15:44 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\TS3Client

==================== Files in the root of some directories =======

2015-04-08 19:09 - 2015-04-20 22:33 - 0421066 _____ () C:\Users\Grisu\AppData\Roaming\lx.zip
2015-04-08 19:09 - 2015-04-20 22:33 - 0000006 _____ () C:\Users\Grisu\AppData\Roaming\version.txt
2015-03-22 20:51 - 2015-03-22 20:51 - 0001461 _____ () C:\Users\Grisu\AppData\Local\recently-used.xbel
2013-04-06 23:40 - 2013-04-07 19:51 - 0007602 _____ () C:\Users\Grisu\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Grisu\AppData\Local\Temp\Quarantine.exe
C:\Users\Grisu\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 19:58

==================== End of log ============================
         

Alt 27.05.2015, 07:58   #11
schrauber
/// the machine
/// TB-Ausbilder
 

IStartSurf! - Standard

IStartSurf!



Löschen wir jetzt. Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Grisu\AppData\Local\Temp\ioPK2uGf.exe.part

C:\Users\Grisu\AppData\Local\Temp\smt_istartsurf.exe

C:\Users\Grisu\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Grisu\Desktop\Alte Firefox-Daten\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js

C:\Users\Grisu\Downloads\Firefox - CHIP-Installer.exe

C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

C:\Users\Grisu\Downloads\setup_Project64_2.2.exe

C:\Users\Grisu\Downloads\speedupmypc5.3.12.0.exe

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
S2 WajaWebEnhance Service; C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [X]
C:\Program Files (x86)\WajaWebEnhance
RemoveProxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




frisches FRST log bitte. Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 15:35   #12
Atalon
 
IStartSurf! - Standard

IStartSurf!



Chip.de war bis dato für mich eine seriöse Seite, aber dass die zu solchen Mitteln greifen müssen ist traurig und schadet eigentlich nur dem Ruf.
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Grisu at 2015-05-27 15:16:42 Run:1
Running from C:\Users\Grisu\Desktop
Loaded Profiles: Grisu (Available Profiles: Grisu)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Grisu\AppData\Local\Temp\ioPK2uGf.exe.part

C:\Users\Grisu\AppData\Local\Temp\smt_istartsurf.exe

C:\Users\Grisu\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Grisu\Desktop\Alte Firefox-Daten\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js

C:\Users\Grisu\Downloads\Firefox - CHIP-Installer.exe

C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

C:\Users\Grisu\Downloads\setup_Project64_2.2.exe

C:\Users\Grisu\Downloads\speedupmypc5.3.12.0.exe

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
S2 WajaWebEnhance Service; C:\Program Files (x86)\WajaWebEnhance\WajaWebEnhance Internet Enhancer\InternetEnhancerService.exe [X]
C:\Program Files (x86)\WajaWebEnhance
RemoveProxy:
Emptytemp:
         
*****************

"C:\Users\Grisu\AppData\Local\Temp\ioPK2uGf.exe.part" => File/Folder not found.
"C:\Users\Grisu\AppData\Local\Temp\smt_istartsurf.exe" => File/Folder not found.
"C:\Users\Grisu\AppData\Local\Temp\DMR\dmr_72.exe" => File/Folder not found.
C:\Users\Grisu\Desktop\Alte Firefox-Daten\e9dof2pq.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js => Moved successfully.
"C:\Users\Grisu\Downloads\Firefox - CHIP-Installer.exe" => File/Folder not found.
C:\Users\Grisu\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.
C:\Users\Grisu\Downloads\setup_Project64_2.2.exe => Moved successfully.
C:\Users\Grisu\Downloads\speedupmypc5.3.12.0.exe => Moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully.
WajaWebEnhance Service => Service Removed successfully
C:\Program Files (x86)\WajaWebEnhance => Moved successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => Removed 476 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:18:13 ====
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Grisu (administrator) on GRISU-PC on 27-05-2015 15:31:34
Running from C:\Users\Grisu\Desktop
Loaded Profiles: Grisu (Available Profiles: Grisu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Flux Software LLC) C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-19] (BillP Studios)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\...\Run: [f.lux] => C:\Users\Grisu\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2002501991-1074103417-190154067-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\JUNE05~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-10-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2014-06-12]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
BootExecute: 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2002501991-1074103417-190154067-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8A11670B-D557-4B1F-838C-213E1F33D76F}: [NameServer] 195.202.128.2,195.202.128.3

FireFox:
========
FF ProfilePath: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Grisu\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2002501991-1074103417-190154067-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-14] (Pando Networks)
FF Extension: Adblock Plus - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\4dipnuz0.default-1432198737870\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-21]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-19]
CHR Extension: (Google Search) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-19]
CHR Extension: (Gmail) - C:\Users\Grisu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-19]
StartMenuInternet: Google Chrome - C:\Users\Grisu\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [32768 2014-03-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 15:31 - 2015-05-27 15:33 - 00017219 _____ () C:\Users\Grisu\Desktop\FRST.txt
2015-05-26 16:39 - 2015-05-26 16:39 - 00000000 ____D () C:\Users\Grisu\Downloads\FRST-OlderVersion
2015-05-26 16:36 - 2015-05-26 16:36 - 00852630 _____ () C:\Users\Grisu\Downloads\SecurityCheck.exe
2015-05-24 12:08 - 2015-05-24 12:08 - 00000600 _____ () C:\Users\Grisu\Desktop\JRT.txt
2015-05-24 12:06 - 2015-05-24 12:06 - 02720636 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT(1).exe
2015-05-24 12:00 - 2015-05-24 12:00 - 02222592 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.205.exe
2015-05-24 11:55 - 2015-05-24 11:55 - 00001304 _____ () C:\Users\Grisu\Desktop\MBAM2.txt
2015-05-24 11:54 - 2015-05-24 11:54 - 00030372 _____ () C:\Users\Grisu\Desktop\Mbam.txt
2015-05-24 11:31 - 2015-05-24 11:32 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Grisu\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 13:11 - 2015-05-23 13:11 - 00022186 _____ () C:\ComboFix.txt
2015-05-23 12:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-23 12:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-23 12:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-23 12:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-23 12:17 - 2015-05-23 13:11 - 00000000 ____D () C:\Qoobox
2015-05-23 12:15 - 2015-05-23 12:16 - 05627500 ____R (Swearware) C:\Users\Grisu\Downloads\ComboFix.exe
2015-05-23 11:59 - 2015-05-23 11:59 - 00001264 _____ () C:\Users\Grisu\Desktop\Revo Uninstaller.lnk
2015-05-23 11:59 - 2015-05-23 11:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-23 11:57 - 2015-05-23 11:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Grisu\Downloads\revosetup95.exe
2015-05-22 12:06 - 2015-05-22 12:06 - 04737952 _____ () C:\Users\Grisu\Downloads\ausetup5.3.1.20.exe
2015-05-22 08:37 - 2015-05-22 08:38 - 00072519 _____ () C:\Users\Grisu\Downloads\Addition.txt
2015-05-22 08:36 - 2015-05-27 15:31 - 00000000 ____D () C:\FRST
2015-05-22 08:36 - 2015-05-26 16:40 - 00055635 _____ () C:\Users\Grisu\Downloads\FRST.txt
2015-05-22 08:35 - 2015-05-26 16:39 - 02108928 _____ (Farbar) C:\Users\Grisu\Desktop\FRST64.exe
2015-05-21 11:45 - 2015-05-21 11:45 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Grisu\Downloads\sc-cleaner.exe
2015-05-21 11:45 - 2015-05-21 11:45 - 00001874 _____ () C:\Users\Grisu\Desktop\sc-cleaner.txt
2015-05-21 11:42 - 2015-05-21 11:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GRISU-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-21 11:42 - 2015-05-21 11:42 - 00000000 ____D () C:\RegBackup
2015-05-21 11:41 - 2015-05-21 11:42 - 02720009 _____ (Thisisu) C:\Users\Grisu\Downloads\JRT.exe
2015-05-21 11:25 - 2015-05-24 12:02 - 00000000 ____D () C:\AdwCleaner
2015-05-21 11:25 - 2015-05-21 11:25 - 02209792 _____ () C:\Users\Grisu\Downloads\AdwCleaner_4.204.exe
2015-05-21 11:19 - 2015-05-21 11:19 - 00048170 _____ () C:\Users\Grisu\Desktop\Istart.txt
2015-05-21 10:59 - 2015-05-21 10:59 - 00000000 ____D () C:\Users\Grisu\Desktop\Alte Firefox-Daten
2015-05-21 10:48 - 2015-05-21 10:48 - 00000000 __SHD () C:\Users\Grisu\AppData\Local\EmieBrowserModeList
2015-05-21 10:01 - 2015-05-21 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2
2015-05-21 09:54 - 2015-05-21 09:54 - 04825931 _____ () C:\Users\Grisu\Downloads\Snowboard Kids (USA).zip
2015-05-15 09:43 - 2015-05-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 19:13 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:13 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:37 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:37 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:37 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:37 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:37 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:37 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:37 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:37 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:37 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:37 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:37 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:37 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:37 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:37 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:37 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:37 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:37 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:37 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:37 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:37 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:37 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:37 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:37 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:37 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:37 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:37 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:37 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:37 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:37 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:37 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:37 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:37 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:37 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:37 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:37 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:37 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:37 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:37 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:37 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:37 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:37 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:37 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:37 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:36 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:36 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:36 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:36 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:36 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:36 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:36 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:36 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:36 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:36 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:36 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:36 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:36 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:36 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 19:08 - 2015-05-05 19:09 - 00000000 ____D () C:\Users\Grisu\Documents\BloodBowlLegendary

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 15:32 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 15:32 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 15:30 - 2012-09-15 14:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 15:30 - 2012-01-14 23:14 - 02021788 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 15:30 - 2012-01-14 16:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 15:28 - 2014-08-25 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 15:26 - 2013-03-21 16:38 - 00215383 _____ () C:\Windows\setupact.log
2015-05-27 15:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 15:25 - 2013-10-20 10:50 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA.job
2015-05-27 15:25 - 2012-01-16 05:55 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\Skype
2015-05-27 15:19 - 2013-12-24 03:33 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Battle.net
2015-05-27 14:56 - 2012-08-15 11:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 09:09 - 2014-08-25 08:47 - 00000000 ____D () C:\Users\Grisu\AppData\Local\Adobe
2015-05-27 00:25 - 2013-10-20 10:50 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core.job
2015-05-26 23:30 - 2013-03-21 16:37 - 00295234 _____ () C:\Windows\PFRO.log
2015-05-26 13:32 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-05-26 13:32 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-05-26 13:32 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 21:37 - 2012-04-19 01:15 - 00002356 _____ () C:\Users\Grisu\Desktop\Google Chrome.lnk
2015-05-24 11:32 - 2014-08-25 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-24 11:32 - 2014-08-25 08:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 11:32 - 2012-08-30 16:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 13:08 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-23 12:30 - 2013-10-10 16:03 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 12:27 - 2013-09-21 23:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-21 11:01 - 2013-06-25 20:31 - 00001106 _____ () C:\Users\Public\Desktop\Duel of Champions Launcher.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-06-20 14:34 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-21 11:01 - 2012-01-14 16:24 - 00001421 _____ () C:\Users\Grisu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 17:37 - 2012-05-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 08:14 - 2015-04-04 23:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 23:43 - 2014-12-20 00:07 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-17 15:25 - 2012-01-14 16:36 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:25 - 2012-01-14 16:36 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 15:19 - 2015-04-20 17:27 - 00000000 ____D () C:\Windows\rescache
2015-05-16 09:29 - 2012-07-19 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 00:20 - 2013-10-20 10:50 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000UA
2015-05-16 00:20 - 2013-10-20 10:50 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2002501991-1074103417-190154067-1000Core
2015-05-15 16:30 - 2013-03-21 10:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 20:01 - 2013-12-24 03:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-14 00:35 - 2009-07-14 06:45 - 00440096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:32 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 00:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:22 - 2012-08-25 11:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:22 - 2012-08-25 11:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 19:21 - 2012-11-18 23:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 19:21 - 2012-08-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 19:20 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:16 - 2012-01-24 01:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:13 - 2012-05-17 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:12 - 2012-05-17 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 13:07 - 2013-12-24 03:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-05 19:06 - 2013-06-11 20:49 - 00054459 _____ () C:\Windows\DirectX.log
2015-05-03 17:11 - 2012-01-16 05:55 - 00000000 ____D () C:\ProgramData\Skype
2015-04-27 00:26 - 2012-01-15 15:44 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\TS3Client

==================== Files in the root of some directories =======

2015-04-08 19:09 - 2015-04-20 22:33 - 0421066 _____ () C:\Users\Grisu\AppData\Roaming\lx.zip
2015-04-08 19:09 - 2015-04-20 22:33 - 0000006 _____ () C:\Users\Grisu\AppData\Roaming\version.txt
2015-03-22 20:51 - 2015-03-22 20:51 - 0001461 _____ () C:\Users\Grisu\AppData\Local\recently-used.xbel
2013-04-06 23:40 - 2013-04-07 19:51 - 0007602 _____ () C:\Users\Grisu\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 19:58

==================== End of log ============================
         

Alt 28.05.2015, 10:08   #13
schrauber
/// the machine
/// TB-Ausbilder
 

IStartSurf! - Standard

IStartSurf!




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu IStartSurf!
install.exe, installmanager.exe, pup.optional.appshat.a, pup.optional.browserwatch, pup.optional.fastsearch.a, pup.optional.ffpluginhp.a, pup.optional.giner, pup.optional.hometab.a, pup.optional.httpbreaker.a, pup.optional.ihprotect.a, pup.optional.iminent.a, pup.optional.istartsurf.a, pup.optional.linkey.a, pup.optional.qone8, pup.optional.searchprotect, pup.optional.searchprotect.a, pup.optional.spigot.a, pup.optional.suptab.a, pup.optional.sweetsearch.a, pup.optional.tnt.a, pup.optional.vosteran, pup.optional.vosteran.a, pup.optional.wajam.a, pup.optional.wajawebenhance.a, pup.optional.windowsmangerprotect.a, pup.optional.wpm.a, pup.optional.xtab.a



Ähnliche Themen: IStartSurf!


  1. istartsurf öffnet sich immer als 2. Tab
    Plagegeister aller Art und deren Bekämpfung - 06.01.2016 (21)
  2. Probleme mit Istartsurf
    Plagegeister aller Art und deren Bekämpfung - 26.10.2015 (9)
  3. Webssearches und istartsurf lassen sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2015 (5)
  4. Win 7: istartsurf eingefangen/updates gehen nirgends mehr
    Log-Analyse und Auswertung - 07.06.2015 (10)
  5. Windows 8.1: iStartSurf Befall
    Log-Analyse und Auswertung - 15.05.2015 (27)
  6. PC langsam nach Installation über Chip.de und istartsurf Startseite
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (12)
  7. OurSurfing.com Istartsurf und andere Infektionen eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2015 (35)
  8. istartsurf
    Log-Analyse und Auswertung - 01.05.2015 (2)
  9. adsdelivery + iStartSurf
    Log-Analyse und Auswertung - 13.04.2015 (18)
  10. Webseiten werden umgeleitet - iStartSurf und mehr
    Log-Analyse und Auswertung - 07.04.2015 (20)
  11. istartsurf und Search Protect entfernen?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (11)
  12. Windows XP: Istartsurf und lahmer Rechner
    Plagegeister aller Art und deren Bekämpfung - 24.10.2014 (11)
  13. iStartSurf deinstallieren
    Log-Analyse und Auswertung - 22.10.2014 (38)
  14. iStartSurf / Goobzo eingefangen...
    Log-Analyse und Auswertung - 02.10.2014 (27)
  15. Spy Hunter 4 & iStartSurf
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (14)
  16. Spyhunter 4 + istartsurf.com
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (7)
  17. iStartSurf.com (iStartSurf) entfernen
    Anleitungen, FAQs & Links - 23.07.2014 (2)

Zum Thema IStartSurf! - Sehr geehrtes Team vom Trojaner Board! Habe Malwarebytes drüberlaufen lassen und andschließend adw cleaner. Hier die Logs. Vorab. ich würde mich über weitere Tips freuen. Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: - IStartSurf!...
Archiv
Du betrachtest: IStartSurf! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.