Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware: Jetzt verschwunden?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.06.2015, 15:01   #1
HtHNightwolf
 
Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?



Hallo TB Team,

ich habe einen PC hier, der bei ESET und MBAM im ersten Durchlauf ordentlich was gefunden hat. Die LOGs und auch ein FRST Log lege ich bei.
Könnt iht mal schauen, bitte ob damit alles runter ist, oder da noch was eingegriffen werden muss?
Der verursachende Benutzer weiß auch schon, dass er dem Board hier spenden darf, sobald der Spuk vorbei ist. Die Info und den Link dazu schicke ich immer mit

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by serviceuser (administrator) on **** on 17-06-2015 15:44:33
Running from C:\Users\serviceuser\Desktop\AV
Loaded Profiles: serviceuser (Available Profiles: serviceuser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) C:\Users\serviceuser\Desktop\AV\FRST(x64).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-334166091-1000885523-3064945426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rosiplus.de/
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-11] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-11] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.238.40.45 195.238.50.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll No File
FF Plugin HKU\S-1-5-21-334166091-1000885523-3064945426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\serviceuser\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-19] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-23]

Chrome: 
=======
CHR Profile: C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Bookmark Manager) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Gmail) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-11-19] (Citrix Online, LLC)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-13] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-21] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 15:44 - 2015-06-17 15:44 - 00000000 ____D C:\FRST
2015-06-17 15:38 - 2015-06-17 15:38 - 00003288 ____N C:\bootsqm.dat
2015-06-17 15:24 - 2015-06-17 15:44 - 00000000 ____D C:\Users\serviceuser\Desktop\AV
2015-06-17 14:09 - 2015-06-17 15:43 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 14:09 - 2015-06-17 14:09 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-17 14:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-17 14:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-17 14:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-17 14:07 - 2015-06-17 14:07 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-10 14:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 14:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 14:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 14:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 14:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 14:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 14:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 14:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 14:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 14:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 14:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 14:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 14:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 14:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 14:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 14:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 14:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 14:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 14:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 14:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 14:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 14:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 14:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 14:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 14:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 14:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 14:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 14:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 14:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 14:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 14:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 14:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 14:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 14:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 14:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 14:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 14:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 14:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 14:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 14:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 14:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 14:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 14:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 14:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 14:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 14:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 14:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 14:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 08:18 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:18 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 08:18 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 08:18 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 08:18 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:18 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:18 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 08:18 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 08:18 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 08:18 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 08:18 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 08:18 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 08:18 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 08:18 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 08:17 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 08:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 08:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 08:16 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-05 09:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 09:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 09:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-02 14:12 - 2015-06-02 14:12 - 00000000 ____D C:\Users\serviceuser\AppData\Local\GWX
2015-05-22 11:41 - 2015-05-26 15:16 - 00264192 _____ C:\Users\serviceuser\Desktop\aktionsplan_pb_kw_23_24.xls
2015-05-18 11:12 - 2015-05-18 11:12 - 00000000 ____D C:\Users\serviceuser\AppData\Local\Skype
2015-05-18 11:11 - 2015-05-18 11:11 - 00110592 _____ C:\Users\serviceuser\Desktop\crossino_kalkulation.xls
2015-05-18 11:05 - 2015-05-18 11:05 - 00760320 _____ C:\Users\serviceuser\Desktop\Kopie von produktkalkulation.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 15:44 - 2014-04-22 09:25 - 01069221 _____ C:\windows\WindowsUpdate.log
2015-06-17 15:41 - 2014-10-09 15:30 - 00000000 ____D C:\Users\serviceuser\AppData\Roaming\TeamViewer
2015-06-17 15:41 - 2014-03-13 18:59 - 00000000 ____D C:\ProgramData\PDFC
2015-06-17 15:39 - 2014-04-23 12:28 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 15:39 - 2010-11-21 05:47 - 00262042 _____ C:\windows\PFRO.log
2015-06-17 15:39 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-17 15:39 - 2009-07-14 06:51 - 00043746 _____ C:\windows\setupact.log
2015-06-17 15:33 - 2014-03-13 18:17 - 00699092 _____ C:\windows\system32\perfh007.dat
2015-06-17 15:33 - 2014-03-13 18:17 - 00149232 _____ C:\windows\system32\perfc007.dat
2015-06-17 15:32 - 2009-07-14 07:13 - 01619284 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-17 15:29 - 2014-06-10 11:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 15:28 - 2015-01-16 07:16 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2015-06-17 15:28 - 2014-04-23 12:28 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-17 15:11 - 2014-12-10 11:09 - 00000000 ____D C:\Program Files (x86)\WinZipper
2015-06-17 15:11 - 2014-04-23 12:28 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 14:45 - 2014-04-22 14:57 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-06-17 14:45 - 2014-04-22 14:57 - 00001098 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-06-17 14:33 - 2015-01-16 07:16 - 00000000 ____D C:\Users\serviceuser\AppData\Roaming\Elex-tech
2015-06-17 10:47 - 2009-07-14 06:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 10:47 - 2009-07-14 06:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 15:38 - 2014-04-22 16:05 - 00563200 _____ C:\Users\serviceuser\Desktop\Aufgabenpl.2012 Holst.Ch..xls
2015-06-16 10:43 - 2014-05-14 13:02 - 00068608 _____ C:\Users\serviceuser\Desktop\Reinigungsplan.xls
2015-06-15 10:15 - 2014-04-22 16:05 - 00028672 _____ C:\Users\serviceuser\Desktop\Kopie von hsse-motto-blanko.xls
2015-06-15 09:04 - 2014-04-22 15:41 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0
2015-06-14 12:55 - 2014-04-22 15:48 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0
2015-06-11 13:27 - 2014-11-14 16:26 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieBrowserModeList
2015-06-11 13:27 - 2014-04-23 12:25 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieUserList
2015-06-11 13:27 - 2014-04-23 12:25 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieSiteList
2015-06-11 10:28 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 03:27 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 03:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-11 03:26 - 2009-07-14 06:45 - 00289320 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:07 - 2014-04-22 12:21 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:02 - 2014-06-10 11:59 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 03:02 - 2014-06-10 11:59 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 03:02 - 2014-06-10 11:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 03:02 - 2014-04-22 12:21 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-10 07:51 - 2014-04-23 12:28 - 00002373 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-06 03:16 - 2014-12-11 04:19 - 00000000 ____D C:\windows\system32\appraiser
2015-06-06 03:16 - 2014-04-23 08:54 - 00000000 ___SD C:\windows\system32\CompatTel
2015-05-26 15:12 - 2014-04-22 16:06 - 00027648 _____ C:\Users\serviceuser\Stundenzettel.xls
2015-05-26 15:12 - 2014-04-22 16:06 - 00027136 _____ C:\Users\serviceuser\Kassendifferenzen.xls
2015-05-26 12:40 - 2015-01-27 12:44 - 00156160 _____ C:\Users\serviceuser\Desktop\Stundenaufz.2015.xls
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\system32\GWX
2015-05-19 14:33 - 2014-08-07 16:50 - 00000000 ____D C:\Users\serviceuser\AppData\Roaming\Skype
2015-05-19 09:06 - 2014-04-23 12:28 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 09:06 - 2014-04-23 12:28 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 11:12 - 2015-04-16 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-18 11:12 - 2014-03-13 18:56 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-05-18 11:12 - 2014-03-13 18:56 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 11:38

==================== End of log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by serviceuser at 2015-06-17 15:45:16
Running from C:\Users\serviceuser\Desktop\AV
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-334166091-1000885523-3064945426-500 - Administrator - Disabled)
Gast (S-1-5-21-334166091-1000885523-3064945426-501 - Limited - Disabled)
serviceuser (S-1-5-21-334166091-1000885523-3064945426-1001 - Administrator - Enabled) => C:\Users\serviceuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IBW Secure Email V2 1.05 (HKLM-x32\...\{18D3DE67-AD02-4CBB-B610-1A08101089EF}) (Version: 1.05 - IBW)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{78AAC97A-E0D6-4296-85A4-B24FD6A4D4E6}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0  (HKLM-x32\...\{BA58F449-1AE5-4A94-ACFF-B8C9CA26D790}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.95 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

16-12-2014 07:56:51 Windows Update
19-12-2014 04:00:19 Windows Update
23-12-2014 08:09:32 Windows Update
26-12-2014 10:31:42 Windows Update
30-12-2014 07:58:33 Windows Update
31-12-2014 12:59:46 avast! antivirus system restore point
02-01-2015 10:00:26 Windows Update
06-01-2015 10:12:56 Windows Update
11-01-2015 12:13:01 Windows Update
15-01-2015 04:00:25 Windows Update
17-01-2015 04:00:30 Windows Update
20-01-2015 08:00:03 Windows Update
23-01-2015 09:58:40 Windows Update
27-01-2015 11:01:12 Windows Update
28-01-2015 04:00:19 Windows Update
03-02-2015 09:57:24 Windows Update
06-02-2015 10:16:56 Windows Update
10-02-2015 09:54:35 Windows Update
12-02-2015 04:00:30 Windows Update
13-02-2015 04:01:11 Windows Update
17-02-2015 10:11:52 Windows Update
24-02-2015 10:29:56 Windows Update
26-02-2015 04:00:20 Windows Update
03-03-2015 08:41:13 Windows Update
10-03-2015 09:43:30 Windows Update
12-03-2015 04:00:40 Windows Update
17-03-2015 10:13:57 Windows Update
24-03-2015 08:49:54 Windows Update
26-03-2015 04:00:20 Windows Update
31-03-2015 09:09:34 Windows Update
03-04-2015 10:01:06 Windows Update
05-04-2015 03:00:19 Windows Update
11-04-2015 12:17:43 Windows Update
16-04-2015 03:00:30 Windows Update
22-04-2015 07:25:54 Windows Update
28-04-2015 09:27:57 Windows Update
01-05-2015 09:30:02 Windows Update
05-05-2015 09:37:59 Windows Update
11-05-2015 07:49:57 Windows Update
14-05-2015 03:00:34 Windows Update
19-05-2015 09:18:45 Windows Update
21-05-2015 03:00:18 Windows Update
26-05-2015 09:27:47 Windows Update
02-06-2015 10:28:22 Windows Update
06-06-2015 03:00:18 Windows Update
09-06-2015 09:11:40 Windows Update
11-06-2015 03:01:03 Windows Update
16-06-2015 08:20:53 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {056E05A5-33C5-4532-8331-2A1FD51B502A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation)
Task: {06CCF10E-BDBF-4B09-B9E0-AFDFDF543296} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {117E2C6B-5E7F-4087-8AD6-EB8A87EF00D3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3F0B1603-1140-4333-AB7D-224021584647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {44A96FFA-48A2-40C1-8D09-2958254A9A5E} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {618A7044-E223-42BC-A098-90C0E090D6F0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {6C1A798B-B376-4705-A6B0-1ABBC508B805} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {7057EC4B-A144-4202-911E-188F02DC2D6D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {782FB623-F721-4211-947B-03F8ACE516B3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {88372A26-60D8-4FCC-B8EC-4CB1F74E6EE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {A97780F0-DA36-4375-9E4B-BAA215908318} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {BBCB5BFF-F5BF-45C0-AD2D-1E2AC1CC24AB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {E1120F3F-467B-4E41-8023-3532C2AEB86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {F217CB0A-4555-4288-ADF7-7C4389C08EBA} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-17 14:33 - 2015-06-17 14:33 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061700\algo.dll
2014-03-13 18:56 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-14 13:23 - 2015-03-14 13:23 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-07 11:28 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-08-04 14:20 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll
2014-03-13 18:52 - 2013-08-08 23:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-334166091-1000885523-3064945426-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\serviceuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.238.40.45 - 195.238.50.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{07703C68-0ECC-487A-BDEE-EFA6BB33DBFB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{CC8A91FA-904D-42B5-8AE5-39C2204A0644}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{5DA5C345-5833-41DB-9E09-38769B7C1839}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{66BFAC92-BF7D-4ED1-8015-F51F695192ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1798E1B7-5D1C-46AB-B448-DFA704756612}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8430F1C3-ED4B-4EF5-9CE6-1EDE0D040B1A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{4C613AA7-3D81-438A-BF9D-0F40088EA3B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A08F809-392A-4E76-A11E-2500B272D5E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{435F9EB7-DF16-47F4-9A18-D91E9D005E05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DEC5176-4659-48D1-94DC-C7BA6CE263AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1BB9CA1-5D1A-4DC0-B94B-B2AFCFCF4C4A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4ABCB0E-FE9F-42FF-96BE-2A5527D37601}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{EDBA1696-F613-4DE6-986B-3D87EAC12CA0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BEC2DBEC-EC5D-40D8-8D13-B8955B0E60FE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{01BE11D4-3941-4A25-9A04-FB4666641635}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E1544400-3C0E-4CC9-8CA7-B04C28924541}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{38957DA4-E8EC-49DD-9F8C-AE81FC1E6A68}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{65D0C5C1-E7E2-4477-881A-A0627F3ED489}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{A6FF10D5-A207-455B-8208-5C535B2ECB52}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{E463A0AF-3691-4ED3-817C-8C1B22859B17}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{73631152-9B1E-4A8D-AE4B-1D114D4586C8}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{A89091CC-ADD7-4AF7-9E45-C0F914DCE6EF}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{D025FC44-3D2F-4DF1-96A0-2F4C446CD84A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 03:44:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 03:32:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Desktop.exe, Version: 9.0.41110.0, Zeitstempel: 0x55261a58
Name des fehlerhaften Moduls: TeamViewer_Desktop.exe, Version: 9.0.41110.0, Zeitstempel: 0x55261a58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001ea7a0
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Desktop.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Desktop.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Desktop.exe2
Berichtskennung: TeamViewer_Desktop.exe3

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2015 02:07:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 02:07:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 02:04:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/10/2015 08:06:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a8293
ID des fehlerhaften Prozesses: 0x1154
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/15/2015 06:48:20 AM) (Source: MsiInstaller) (EventID: 1024) (User: *****)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (06/17/2015 03:39:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP File Sanitizer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/17/2015 03:39:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎06.‎2015 um 15:34:11 unerwartet heruntergefahren.

Error: (06/17/2015 03:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 03:28:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "TeamViewer 9" wurde nicht richtig gestartet.

Error: (06/17/2015 03:26:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP File Sanitizer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/17/2015 03:25:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/17/2015 03:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/17/2015 03:12:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SERVIC~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/17/2015 03:12:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/17/2015 03:12:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SERVIC~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (06/17/2015 03:44:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/17/2015 03:32:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Desktop.exe9.0.41110.055261a58TeamViewer_Desktop.exe9.0.41110.055261a58c0000005001ea7a0f4c01d0a9020861ebefc:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exec:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe5dbfa909-14f5-11e5-81c5-a0481c9646ca

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2015 02:07:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\ESET Online Scanner.exe

Error: (06/17/2015 02:07:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\ESET Online Scanner.exe

Error: (06/17/2015 02:04:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\ESET Online Scanner.exe

Error: (06/10/2015 08:06:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec0000005001a8293115401d0a1c2e5b97850C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dlld975fd97-0f36-11e5-abf4-a0481c9646ca

Error: (05/15/2015 06:48:20 AM) (Source: MsiInstaller) (EventID: 1024) (User: *****)
Description: Adobe Reader XI (11.0.10) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 4024.2 MB
Available physical RAM: 2628.5 MB
Total Pagefile: 8046.6 MB
Available Pagefile: 6614.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:453.58 GB) (Free:189.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.07 GB) (Free:1.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E6214724)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

==================== End of log ============================
         
Code:
ATTFilter
C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\feedback.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iCommon.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll	Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\ipcproxy.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafeadfv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeAdless.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafebase.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafebs.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeCheckEngine.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafeclc.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafeclcv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafeclean.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeDisp.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeEngineBase.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeEngineDisp.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafehrv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMonCall.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafeLottery.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemadwc.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafembp.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemc.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemclv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemgc.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeMon64.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemoptv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemsmv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafemvsv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafenpf.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll	Variante von Win32/ELEX.CR evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafesmgr.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafesopt.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafesptv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafesv.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\isafeupbiz.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iStart.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSvc.dll	Variante von Win32/ELEX.CS evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iSvc2.dll	Variante von Win32/ELEX.BX evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPDesk.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPFeedback.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPFloaty.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPMsgCenter.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTpNodisturb.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPProtect.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPPush.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPStartupAssist.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPVirus.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\iTPWifi.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\libcurl.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\libeay32.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\libpng.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\sqlite3x64.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\ssleay32.dll	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\trz4A38.tmp	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe	Variante von Win32/ELEX.DB evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\YACcleaner.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\YacLuckySpin.exe	Win32/ELEX.CW evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\YacWifi.exe	Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung	
C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx	JS/Trackware.Agent.A evtl. unerwünschte Anwendung	
C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\inject.js	JS/Trackware.Agent.A evtl. unerwünschte Anwendung	
C:\Program Files (x86)\Elex-tech\YAC\data\fst.dat	Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung	gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert
C:\Program Files (x86)\WinZipper\eUninstall.exe	Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\WinZipper\TrayDownloader.exe	Win32/ELEX.BF evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\WinZipper\winzipersvc.exe	Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ONB6J2C\Spotify.exe	Variante von MSIL/Solimba.AH evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I19EDUI1\1[1].zip	Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB40HCEH\spotify_setup.exe	Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULLFSTWM\de[1].exe	Win32/ELEX.BF evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULLFSTWM\dl-up-wz_2015.1.15_2_out[1].exe	Variante von Win32/ELEX.BZ evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\eUpgrade\eupgrade.exe	Variante von Win32/ELEX.BU evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\OmigaZip_patch\eUninstall.exe	Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\OmigaZip_patch\TrayDownloader.exe	Variante von Win32/ELEX.BR evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\OmigaZip_patch\winzipersvc.exe	Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\eUpgrade\eupgrade.exe	Win32/ELEX.BF evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\OmigaZip_patch\winzipersvc.exe	Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\OmigaZip_patch\wz_ydl.exe	Variante von Win32/ELEX.BI evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.06.2015
Suchlauf-Zeit: 14:11:49
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.17.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: serviceuser

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350529
Verstrichene Zeit: 15 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 23
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeNetFilter, In Quarantäne, [e0e68e2da8e2cf67263661db768c03fd], 
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlKit, In Quarantäne, [6a5cb7048109f343b2aa8daf946ee31d], 
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlR3, In Quarantäne, [91355566f09a6bcb89d3023a7191ac54], 
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeService, In Quarantäne, [b511a3188703171f7ddfe7552fd37d83], 
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnl, In Quarantäne, [17af6f4c4545d75f8ad2003ca75bf20e], 
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlBoot, In Quarantäne, [8a3c7b40c6c473c3e17b98a4bc469e62], 
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlMon, In Quarantäne, [81457546147691a5dc804bf1f9097d83], 
PUP.Optional.SecurityProtection.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\noajmlkipclmeolfcnflkjhijkigpfjh, In Quarantäne, [6e5811aad6b481b5a37ae91e8c7832ce], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [b016cdeedfabd56183da829a828244bc], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [08be6c4f2268ad8947f7e2949471ce32], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [7a4c15a6701a85b1f8c0b463f50f837d], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [0db909b2c1c9c670f194df8cd03507f9], 
PUP.Optional.SecurityProtection.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\noajmlkipclmeolfcnflkjhijkigpfjh, In Quarantäne, [3a8c47740387ea4c2af3699ec63e9b65], 
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, In Quarantäne, [9531e0db6723d46282dd11763ec7bc44], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [f7cf6754a7e3df574f68ea2d31d3d12f], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [f5d19e1d4347d264f8d2fb1262a24cb4], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [4b7b279443470b2b983351bce91be719], 
PUP.Optional.InstallCore.C, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\InstallCore, In Quarantäne, [d7efb8036624ad89f55e197758adf907], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\SupHpUISoft, In Quarantäne, [ecda26956b1fd264e35a89901fe516ea], 
PUP.Optional.Delta.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [378fefcc7812f73ff6311fd74cb755ab], 
PUP.Optional.V9.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, In Quarantäne, [3096ead16f1beb4bd688fe893ec741bf], 
FraudTool.YAC, HKLM\SOFTWARE\CLASSES\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}, In Quarantäne, [edd96d4ef199989e67399b50798aec14], 
FraudTool.YAC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iSafe, In Quarantäne, [edd96d4ef199989e67399b50798aec14], 

Registrierungswerte: 8
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, hxxp://www.v9.com/web?type=ds&ts=1421835451&from=zbd1&uid=st500dm002-1bd142_z6e1z770&q={searchTerms}, In Quarantäne, [9531e0db6723d46282dd11763ec7bc44]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, hxxp://www.v9.com/favicon.ico?t=1, In Quarantäne, [4482803b157561d576e9ee996e9733cd]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [f7cf6754a7e3df574f68ea2d31d3d12f]
PUP.Optional.Delta.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [378fefcc7812f73ff6311fd74cb755ab]
PUP.Optional.Delta.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, In Quarantäne, [646264570f7b37ff42e5768046bd08f8]
PUP.Optional.V9.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, hxxp://www.v9.com/web?type=ds&ts=1421835451&from=zbd1&uid=st500dm002-1bd142_z6e1z770&q={searchTerms}, In Quarantäne, [3096ead16f1beb4bd688fe893ec741bf]
PUP.Optional.V9.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, hxxp://www.v9.com/favicon.ico?t=1, In Quarantäne, [9c2ac5f69befcb6b7be3592ea362738d]
FraudTool.YAC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{5411D116-5A37-47D4-B154-5F7FCD9062F0}, iSafeRKScan Shell Extension, In Quarantäne, [edd96d4ef199989e67399b50798aec14]

Registrierungsdaten: 11
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}),Ersetzt,[4c7adddeef9be94ddab9d1746e9827d9]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770),Ersetzt,[6363b7045b2fd660df360f378680bf41]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770),Ersetzt,[7650fac1bfcb70c602131135d036936d]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}),Ersetzt,[1fa700bb55351c1a6132eb5a6d99b44c]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}),Ersetzt,[c8fe704be3a77db99bf882c346c0817f]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770),Ersetzt,[08bea714eaa090a657bef353ab5b05fb]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770),Ersetzt,[0fb711aa7713b68013021e2855b1659b]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}),Ersetzt,[21a55962137716206d2664e156b0c33d]
PUP.Optional.Delta.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770),Ersetzt,[6f57d6e51a70290d839347ff9175fd03]
PUP.Optional.Delta.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}),Ersetzt,[92344e6d692123138b8bb78f9d696f91]
PUP.Optional.Delta.A, HKU\S-1-5-21-334166091-1000885523-3064945426-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}),Ersetzt,[75514d6ed1b9cf67b75f0442ed198e72]

Ordner: 217
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [7155e4d70e7c5cda685807c835ce46ba], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [7155e4d70e7c5cda685807c835ce46ba], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [5e68c2f913777abc2a62aa274bb804fc], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [5e68c2f913777abc2a62aa274bb804fc], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [5e68c2f913777abc2a62aa274bb804fc], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\_metadata, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC, Löschen bei Neustart, [edd96d4ef199989e67399b50798aec14], 

[...]

---*GANZ VIEL ELEX-TECH-ORDNER *---

[...]
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\user, Löschen bei Neustart, [edd96d4ef199989e67399b50798aec14], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\iDesk, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 

Dateien: 1517
FraudTool.YAC, C:\Windows\System32\drivers\iSafeNetFilter.sys, In Quarantäne, [e0e68e2da8e2cf67263661db768c03fd], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys, Löschen bei Neustart, [6a5cb7048109f343b2aa8daf946ee31d], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys, Löschen bei Neustart, [91355566f09a6bcb89d3023a7191ac54], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe, Löschen bei Neustart, [b511a3188703171f7ddfe7552fd37d83], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys, Löschen bei Neustart, [17af6f4c4545d75f8ad2003ca75bf20e], 
FraudTool.YAC, C:\Windows\System32\drivers\iSafeKrnlBoot.sys, In Quarantäne, [8a3c7b40c6c473c3e17b98a4bc469e62], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys, Löschen bei Neustart, [81457546147691a5dc804bf1f9097d83], 
PUP.Optional.Adload, C:\Users\serviceuser\AppData\Roaming\WinZipper\update\zip_update_v1.5.83.exe, In Quarantäne, [e9dde1da5a30fd39cf7d3cf1ef13e61a], 
PUP.Optional.APNToolBar.A, C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\OmigaZip_patch\4z_ask.exe, In Quarantäne, [36905f5c7218fb3bb70b70f57f833cc4], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx, In Quarantäne, [b80e407b5d2de1558e8e7394b84cdf21], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [7155e4d70e7c5cda685807c835ce46ba], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-04[12-24-43-099].log, In Quarantäne, [5e68c2f913777abc2a62aa274bb804fc], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [5e68c2f913777abc2a62aa274bb804fc], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\background.html, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\icon128.png, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\manifest.json, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\background.js, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\det.js, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\inject.js, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\jquery-1.11.1.min.js, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\urllist.js, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\_metadata\computed_hashes.json, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
PUP.Optional.SecurityProtection.A, C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\_metadata\verified_contents.json, In Quarantäne, [d9ed9b20e6a459ddd3bde8fa31d2e51b], 
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafemadwc.dll, Löschen bei Neustart, [edd96d4ef199989e67399b50798aec14], 


[...]

---*GANZ VIEL ELEX-TECH-ORDNER *---

[...]

FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\user\svc2_com.dat, Löschen bei Neustart, [edd96d4ef199989e67399b50798aec14], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\preference.ini, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\proxyUpdate.ini, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log\install.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log\iSafeStarts.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log\upgrade.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\bugreport.ini, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\bugreport.zip, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\ipcdl.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\ipcproxy.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeBS.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeKrnlCall.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeKrnlMonCall.log, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeSvc.LOG, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeSvc2.LOG, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeTaskHelper.LOG, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 
FraudTool.YAC, C:\Users\serviceuser\AppData\Roaming\Elex-tech\YAC\log_bak\iSafeTHlp64.LOG, In Quarantäne, [5274893254367bbbc9d8d91238cbd030], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

Alt 17.06.2015, 15:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION

    WinZipper


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 18.06.2015, 11:04   #3
HtHNightwolf
 
Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?



Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 16:58:48
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : serviceuser - *****
# Gestarted von : C:\Users\serviceuser\Desktop\AV\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124

[C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1409826251&from=cor&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}
[C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}
[C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770&q={searchTerms}
[C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1421835451&from=zbd1&uid=st500dm002-1bd142_z6e1z770&q={searchTerms}&ref=YmFzZVVSTH1zZWFyY2g=
[C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1421835451&from=zbd1&uid=st500dm002-1bd142_z6e1z770&q={searchTerms}&ref=YmFzZVVSTH1zZWFyY2g=
[C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.delta-homes.com/?type=hp&ts=1418202517&from=wpm12103&uid=ST500DM002-1BD142_Z6E1Z770

*************************

AdwCleaner[R0].txt - [4178 Bytes] - [17/06/2015 16:48:52]
AdwCleaner[R1].txt - [2278 Bytes] - [17/06/2015 16:57:50]
AdwCleaner[S0].txt - [4158 Bytes] - [17/06/2015 16:51:18]
AdwCleaner[S1].txt - [2198 Bytes] - [17/06/2015 16:58:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2257  Bytes] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 7 Professional x64
Ran by serviceuser on 17.06.2015 at 16:53:31,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\serviceuser\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\serviceuser\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\serviceuser\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\serviceuser\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2015 at 16:55:47,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by serviceuser (administrator) on ***** on 18-06-2015 12:01:15
Running from C:\Users\serviceuser\Desktop\AV
Loaded Profiles: serviceuser (Available Profiles: serviceuser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Secure_Email\sec_mail.exe
() C:\Program Files (x86)\Secure_Email\lib\stunnel\stunnel.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Farbar) C:\Users\serviceuser\Desktop\AV\FRST(x64).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-334166091-1000885523-3064945426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rosiplus.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-11] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-11] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.238.40.45 195.238.50.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll No File
FF Plugin HKU\S-1-5-21-334166091-1000885523-3064945426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\serviceuser\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-19] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-23]

Chrome: 
=======
CHR Profile: C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Avast Online Security) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Gmail) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-11-19] (Citrix Online, LLC)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-13] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-21] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 16:53 - 2015-06-17 16:53 - 00000207 _____ C:\windows\tweaking.com-regbackup-*****-Windows-7-Professional-(64-bit).dat
2015-06-17 16:53 - 2015-06-17 16:53 - 00000000 ____D C:\RegBackup
2015-06-17 16:52 - 2015-06-17 16:53 - 02949914 _____ (Thisisu) C:\Users\serviceuser\Downloads\JRT.exe
2015-06-17 16:50 - 2015-06-17 16:50 - 02949914 _____ (Thisisu) C:\Users\serviceuser\Downloads\Nicht bestätigt 870157.crdownload
2015-06-17 16:48 - 2015-06-17 16:58 - 00000000 ____D C:\AdwCleaner
2015-06-17 16:48 - 2015-06-17 16:48 - 02231296 _____ C:\Users\serviceuser\Downloads\AdwCleaner_4.206.exe
2015-06-17 16:42 - 2015-06-17 16:42 - 00001272 _____ C:\Users\serviceuser\Desktop\Revo Uninstaller.lnk
2015-06-17 16:42 - 2015-06-17 16:42 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-17 16:41 - 2015-06-17 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\serviceuser\Downloads\revosetup95.exe
2015-06-17 15:44 - 2015-06-18 12:01 - 00000000 ____D C:\FRST
2015-06-17 15:24 - 2015-06-18 12:01 - 00000000 ____D C:\Users\serviceuser\Desktop\AV
2015-06-17 14:09 - 2015-06-17 15:43 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 14:09 - 2015-06-17 14:09 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-17 14:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-17 14:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-17 14:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-17 14:07 - 2015-06-17 14:07 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-10 14:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 14:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 14:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 14:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 14:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 14:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 14:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 14:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 14:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 14:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 14:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 14:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 14:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 14:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 14:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 14:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 14:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 14:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 14:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 14:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 14:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 14:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 14:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 14:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 14:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 14:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 14:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 14:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 14:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 14:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 14:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 14:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 14:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 14:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 14:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 14:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 14:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 14:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 14:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 14:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 14:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 14:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 14:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 14:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 14:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 14:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 14:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 14:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 08:18 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:18 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 08:18 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 08:18 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 08:18 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:18 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:18 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 08:18 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 08:18 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 08:18 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 08:18 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 08:18 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 08:18 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 08:18 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 08:17 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 08:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 08:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 08:16 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-05 09:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 09:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 09:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-02 14:12 - 2015-06-02 14:12 - 00000000 ____D C:\Users\serviceuser\AppData\Local\GWX
2015-05-22 11:41 - 2015-05-26 15:16 - 00264192 _____ C:\Users\serviceuser\Desktop\aktionsplan_pb_kw_23_24.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 11:54 - 2014-06-10 11:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 11:54 - 2014-04-23 12:28 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-18 09:44 - 2014-04-23 12:28 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-18 08:22 - 2014-04-22 09:25 - 01098438 _____ C:\windows\WindowsUpdate.log
2015-06-18 08:21 - 2009-07-14 06:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-18 08:21 - 2009-07-14 06:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 06:52 - 2014-04-22 15:48 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0
2015-06-17 17:05 - 2014-03-13 18:17 - 00699092 _____ C:\windows\system32\perfh007.dat
2015-06-17 17:05 - 2014-03-13 18:17 - 00149232 _____ C:\windows\system32\perfc007.dat
2015-06-17 17:05 - 2009-07-14 07:13 - 01619284 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-17 17:01 - 2014-03-13 18:59 - 00000000 ____D C:\ProgramData\PDFC
2015-06-17 16:59 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-17 16:59 - 2009-07-14 06:51 - 00043802 _____ C:\windows\setupact.log
2015-06-17 16:51 - 2015-01-16 07:16 - 00000000 ____D C:\windows\system32\log
2015-06-17 16:51 - 2014-04-23 12:28 - 00001286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-17 16:51 - 2014-04-23 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-17 16:51 - 2014-04-22 09:29 - 00000975 _____ C:\Users\serviceuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 15:41 - 2014-10-09 15:30 - 00000000 ____D C:\Users\serviceuser\AppData\Roaming\TeamViewer
2015-06-17 15:39 - 2010-11-21 05:47 - 00262042 _____ C:\windows\PFRO.log
2015-06-17 15:28 - 2014-04-23 12:28 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-17 14:45 - 2014-04-22 14:57 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-06-17 14:45 - 2014-04-22 14:57 - 00001098 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-06-16 15:38 - 2014-04-22 16:05 - 00563200 _____ C:\Users\serviceuser\Desktop\Aufgabenpl.2012 Holst.Ch..xls
2015-06-16 10:43 - 2014-05-14 13:02 - 00068608 _____ C:\Users\serviceuser\Desktop\Reinigungsplan.xls
2015-06-15 10:15 - 2014-04-22 16:05 - 00028672 _____ C:\Users\serviceuser\Desktop\Kopie von hsse-motto-blanko.xls
2015-06-15 09:04 - 2014-04-22 15:41 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0
2015-06-11 13:27 - 2014-11-14 16:26 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieBrowserModeList
2015-06-11 13:27 - 2014-04-23 12:25 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieUserList
2015-06-11 13:27 - 2014-04-23 12:25 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieSiteList
2015-06-11 10:28 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 03:27 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 03:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-11 03:26 - 2009-07-14 06:45 - 00289320 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:07 - 2014-04-22 12:21 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:02 - 2014-06-10 11:59 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 03:02 - 2014-06-10 11:59 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 03:02 - 2014-06-10 11:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 03:02 - 2014-04-22 12:21 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-06 03:16 - 2014-12-11 04:19 - 00000000 ____D C:\windows\system32\appraiser
2015-06-06 03:16 - 2014-04-23 08:54 - 00000000 ___SD C:\windows\system32\CompatTel
2015-05-26 15:12 - 2014-04-22 16:06 - 00027648 _____ C:\Users\serviceuser\Stundenzettel.xls
2015-05-26 15:12 - 2014-04-22 16:06 - 00027136 _____ C:\Users\serviceuser\Kassendifferenzen.xls
2015-05-26 12:40 - 2015-01-27 12:44 - 00156160 _____ C:\Users\serviceuser\Desktop\Stundenaufz.2015.xls
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\system32\GWX
2015-05-19 14:33 - 2014-08-07 16:50 - 00000000 ____D C:\Users\serviceuser\AppData\Roaming\Skype
2015-05-19 09:06 - 2014-04-23 12:28 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 09:06 - 2014-04-23 12:28 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some files in TEMP:
====================
C:\Users\serviceuser\AppData\Local\Temp\Quarantine.exe
C:\Users\serviceuser\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 11:38

==================== End of log ============================
         
--- --- ---




[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by serviceuser at 2015-06-18 12:01:46
Running from C:\Users\serviceuser\Desktop\AV
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-334166091-1000885523-3064945426-500 - Administrator - Disabled)
Gast (S-1-5-21-334166091-1000885523-3064945426-501 - Limited - Disabled)
serviceuser (S-1-5-21-334166091-1000885523-3064945426-1001 - Administrator - Enabled) => C:\Users\serviceuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IBW Secure Email V2 1.05 (HKLM-x32\...\{18D3DE67-AD02-4CBB-B610-1A08101089EF}) (Version: 1.05 - IBW)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{78AAC97A-E0D6-4296-85A4-B24FD6A4D4E6}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0  (HKLM-x32\...\{BA58F449-1AE5-4A94-ACFF-B8C9CA26D790}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-12-2014 04:00:19 Windows Update
23-12-2014 08:09:32 Windows Update
26-12-2014 10:31:42 Windows Update
30-12-2014 07:58:33 Windows Update
31-12-2014 12:59:46 avast! antivirus system restore point
02-01-2015 10:00:26 Windows Update
06-01-2015 10:12:56 Windows Update
11-01-2015 12:13:01 Windows Update
15-01-2015 04:00:25 Windows Update
17-01-2015 04:00:30 Windows Update
20-01-2015 08:00:03 Windows Update
23-01-2015 09:58:40 Windows Update
27-01-2015 11:01:12 Windows Update
28-01-2015 04:00:19 Windows Update
03-02-2015 09:57:24 Windows Update
06-02-2015 10:16:56 Windows Update
10-02-2015 09:54:35 Windows Update
12-02-2015 04:00:30 Windows Update
13-02-2015 04:01:11 Windows Update
17-02-2015 10:11:52 Windows Update
24-02-2015 10:29:56 Windows Update
26-02-2015 04:00:20 Windows Update
03-03-2015 08:41:13 Windows Update
10-03-2015 09:43:30 Windows Update
12-03-2015 04:00:40 Windows Update
17-03-2015 10:13:57 Windows Update
24-03-2015 08:49:54 Windows Update
26-03-2015 04:00:20 Windows Update
31-03-2015 09:09:34 Windows Update
03-04-2015 10:01:06 Windows Update
05-04-2015 03:00:19 Windows Update
11-04-2015 12:17:43 Windows Update
16-04-2015 03:00:30 Windows Update
22-04-2015 07:25:54 Windows Update
28-04-2015 09:27:57 Windows Update
01-05-2015 09:30:02 Windows Update
05-05-2015 09:37:59 Windows Update
11-05-2015 07:49:57 Windows Update
14-05-2015 03:00:34 Windows Update
19-05-2015 09:18:45 Windows Update
21-05-2015 03:00:18 Windows Update
26-05-2015 09:27:47 Windows Update
02-06-2015 10:28:22 Windows Update
06-06-2015 03:00:18 Windows Update
09-06-2015 09:11:40 Windows Update
11-06-2015 03:01:03 Windows Update
16-06-2015 08:20:53 Windows Update
17-06-2015 16:43:48 Revo Uninstaller's restore point - WindowsMangerProtect20.0.0.722
17-06-2015 16:46:09 Revo Uninstaller's restore point - WinZipper

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {056E05A5-33C5-4532-8331-2A1FD51B502A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation)
Task: {117E2C6B-5E7F-4087-8AD6-EB8A87EF00D3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2B399B81-77F1-43A1-BD28-ECFC91E629EF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3F0B1603-1140-4333-AB7D-224021584647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {44A96FFA-48A2-40C1-8D09-2958254A9A5E} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {618A7044-E223-42BC-A098-90C0E090D6F0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {6C1A798B-B376-4705-A6B0-1ABBC508B805} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {782FB623-F721-4211-947B-03F8ACE516B3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {88372A26-60D8-4FCC-B8EC-4CB1F74E6EE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BBCB5BFF-F5BF-45C0-AD2D-1E2AC1CC24AB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {C8FF6D0E-ABD6-4A0C-B164-D1790DD619BA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D94A5518-39D0-446C-8A17-4E0AE6422EFD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E1120F3F-467B-4E41-8023-3532C2AEB86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {F217CB0A-4555-4288-ADF7-7C4389C08EBA} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2005-02-10 14:24 - 2005-02-10 14:24 - 01720385 _____ () C:\Program Files (x86)\Secure_Email\sec_mail.exe
2004-03-19 14:59 - 2004-03-19 14:59 - 00066048 _____ () C:\Program Files (x86)\Secure_Email\lib\stunnel\stunnel.exe
2015-06-17 14:33 - 2015-06-17 14:33 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061700\algo.dll
2015-06-18 06:50 - 2015-06-18 06:50 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061702\algo.dll
2014-03-13 18:56 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-14 13:23 - 2015-03-14 13:23 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-04 14:20 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll
2014-03-13 18:52 - 2013-08-08 23:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00028761 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\cee32c6d5ab6f3b6d650de77ac58a019.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00155752 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\5e9e2e4123d3551eb996e59309fa72be.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00077925 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\c90822ad6dd37b9e2abcbd53e66d86df.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00028771 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\2e5a00f9dfa5669114c8b2487150f455.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00032879 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\ad76515ff4d1de346e3888790190a3c0.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00024647 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\d07294610b5173a78e2c7609b703eadc.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00028745 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\056721307e354d83addd03bdfc5c4d54.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00077895 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\8b285eff21bc702f99df7d987f097691.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00024641 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\1a657931d78ddcfa584e65d2115500be.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00049238 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\10f7b6c1d4e5218787adeef208a0c5a2.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00487501 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\2740b431a6e7a8340e36b79c8753dfac.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00061526 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\ede8ea26ef0a047f2048683a2961afd9.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00024650 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\d6238b26db974c1e3bd964fb70243060.dll
2015-06-18 10:04 - 2015-06-18 10:04 - 00122968 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-740\fd16aee8c5aec68a7406f8bc29950542.dll
2004-03-19 14:59 - 2004-03-19 14:59 - 01528135 _____ () C:\Program Files (x86)\Secure_Email\lib\stunnel\libeay32.dll
2004-03-19 14:59 - 2004-03-19 14:59 - 00611705 _____ () C:\Program Files (x86)\Secure_Email\lib\stunnel\libssl32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-334166091-1000885523-3064945426-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\serviceuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.238.40.45 - 195.238.50.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{07703C68-0ECC-487A-BDEE-EFA6BB33DBFB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{CC8A91FA-904D-42B5-8AE5-39C2204A0644}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{5DA5C345-5833-41DB-9E09-38769B7C1839}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{66BFAC92-BF7D-4ED1-8015-F51F695192ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1798E1B7-5D1C-46AB-B448-DFA704756612}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8430F1C3-ED4B-4EF5-9CE6-1EDE0D040B1A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{4C613AA7-3D81-438A-BF9D-0F40088EA3B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A08F809-392A-4E76-A11E-2500B272D5E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{435F9EB7-DF16-47F4-9A18-D91E9D005E05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DEC5176-4659-48D1-94DC-C7BA6CE263AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1BB9CA1-5D1A-4DC0-B94B-B2AFCFCF4C4A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4ABCB0E-FE9F-42FF-96BE-2A5527D37601}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{EDBA1696-F613-4DE6-986B-3D87EAC12CA0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BEC2DBEC-EC5D-40D8-8D13-B8955B0E60FE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{01BE11D4-3941-4A25-9A04-FB4666641635}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E1544400-3C0E-4CC9-8CA7-B04C28924541}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{38957DA4-E8EC-49DD-9F8C-AE81FC1E6A68}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{65D0C5C1-E7E2-4477-881A-A0627F3ED489}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{A6FF10D5-A207-455B-8208-5C535B2ECB52}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{E463A0AF-3691-4ED3-817C-8C1B22859B17}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{73631152-9B1E-4A8D-AE4B-1D114D4586C8}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{A89091CC-ADD7-4AF7-9E45-C0F914DCE6EF}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{D025FC44-3D2F-4DF1-96A0-2F4C446CD84A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 03:44:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 03:32:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Desktop.exe, Version: 9.0.41110.0, Zeitstempel: 0x55261a58
Name des fehlerhaften Moduls: TeamViewer_Desktop.exe, Version: 9.0.41110.0, Zeitstempel: 0x55261a58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001ea7a0
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Desktop.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Desktop.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Desktop.exe2
Berichtskennung: TeamViewer_Desktop.exe3

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2015 02:07:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 02:07:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 02:04:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/10/2015 08:06:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a8293
ID des fehlerhaften Prozesses: 0x1154
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/15/2015 06:48:20 AM) (Source: MsiInstaller) (EventID: 1024) (User: *****)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (06/18/2015 10:47:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (06/18/2015 10:24:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (06/18/2015 08:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (06/18/2015 07:43:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/18/2015 07:10:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (06/17/2015 05:19:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 05:00:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.

Error: (06/17/2015 05:00:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP File Sanitizer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/17/2015 04:58:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/17/2015 04:58:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


Microsoft Office:
=========================
Error: (06/17/2015 03:44:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/17/2015 03:32:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Desktop.exe9.0.41110.055261a58TeamViewer_Desktop.exe9.0.41110.055261a58c0000005001ea7a0f4c01d0a9020861ebefc:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exec:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe5dbfa909-14f5-11e5-81c5-a0481c9646ca

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/17/2015 03:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2015 02:07:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\ESET Online Scanner.exe

Error: (06/17/2015 02:07:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\ESET Online Scanner.exe

Error: (06/17/2015 02:04:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\ESET Online Scanner.exe

Error: (06/10/2015 08:06:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec0000005001a8293115401d0a1c2e5b97850C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dlld975fd97-0f36-11e5-abf4-a0481c9646ca

Error: (05/15/2015 06:48:20 AM) (Source: MsiInstaller) (EventID: 1024) (User: *****)
Description: Adobe Reader XI (11.0.10) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 4024.2 MB
Available physical RAM: 2879.15 MB
Total Pagefile: 8046.6 MB
Available Pagefile: 6355.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:453.58 GB) (Free:186.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.07 GB) (Free:1.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E6214724)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

==================== End of log ============================
         
--- --- ---
__________________

Alt 18.06.2015, 18:38   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2015, 07:21   #5
HtHNightwolf
 
Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?



so, endlich dazu gekommen:

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 windows defender MpCmdRun.exe   
 StarMoney Business 6.0 ouservice StarMoneyOnlineUpdate.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# end=init
# utc_time=2015-06-17 12:07:49
# local_time=2015-06-17 02:07:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24371
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# end=updated
# utc_time=2015-06-17 12:13:49
# local_time=2015-06-17 02:13:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# engine=24371
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-17 01:12:00
# local_time=2015-06-17 03:12:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 5799663 36297866 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15033 186176570 0 0
# scanned=168979
# found=103
# cleaned=16
# scan_time=3491
sh=BA121E2559029F0F74F7CDF618E7CF2DFEC21313 ft=1 fh=1e5f76130adbab91 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe"
sh=A1B3C3DD354E6E9C6C7A4072E231A71EF703A3ED ft=1 fh=98c0f9c6042b4ba9 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll"
sh=CFAF042C866A9232C4C0AF547BC80A03AC8BD80B ft=1 fh=3afd2d6b3b4b0a62 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\feedback.exe"
sh=363755DDD35EA0D2A547CFA5D6EA1F1142A3FFDF ft=1 fh=a342cd1a5273cc8d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iCommon.dll"
sh=06BEEFA79D5A208F1C9C206A3E9E4264D2B916D1 ft=1 fh=7dbd4b9fd17f968f vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll"
sh=1868F56629DECD72EA7CE52893E05900FF17FE62 ft=1 fh=36bf6226e39b6b1e vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll"
sh=4483279E21D4EBF64AA90BFC5566C095EDBA0D3C ft=1 fh=8a69e3ad815c72c4 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe"
sh=52FC2E379F4E80729D20198C56FBD90499B8DF40 ft=1 fh=bb86dbb1803470f0 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch.dll"
sh=0CD55CBC2B45073AEB51360093179DD43F9676CF ft=1 fh=fd92fca537414fe0 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll"
sh=C7BC0B60AE7ED884415A70CC217223BF66C982EF ft=1 fh=4bd0950f65c1d195 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll"
sh=74FCB2EC5D24AD817DB1B20D946812C0ED929F3D ft=1 fh=da2cf87b9d9b8014 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe"
sh=24F5FD7C5A5046DBE3CAE044F640A28120C59C46 ft=1 fh=6c7d85d2c8d7e8fa vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\ipcproxy.dll"
sh=A91A24E73E3C12C66506022E6B99155B3C0211C4 ft=1 fh=c19370fbe245fd5a vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe"
sh=E6E4EA67666843D28509D63E80A482E9B290950D ft=1 fh=31b8b8e2945ea18e vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafeadfv.dll"
sh=F435F1865ECACFA172F9021F4890503DE9C91451 ft=1 fh=277ff004aa277818 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeAdless.dll"
sh=DFA3B1B8E92448288937C1BF18718FA6FF8E5F17 ft=1 fh=07aef854e2247575 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafebase.dll"
sh=D08182E31002089E748B5691378B96362DE0A3EE ft=1 fh=a961a31df42338f2 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafebs.dll"
sh=09DD33900EA5E2931E5CCF8CC4995E78A75A8B49 ft=1 fh=9a4c4c75a2e89bcf vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe"
sh=6505D83407143CFB08DE433855532BFC37C6C76E ft=1 fh=66849d75b0677963 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeCheckEngine.dll"
sh=DB82F255B99C8281A4324518560ECC35DD624365 ft=1 fh=f12d5effc3a504a7 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll"
sh=2F646913FEFE761AAF3E3E866771E816002E2D14 ft=1 fh=4c1e2ef57a232dae vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafeclc.dll"
sh=6C31B1B4953D34CE1174F6B218F3598A6B91402E ft=1 fh=a9ea32535b7e9add vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafeclcv.dll"
sh=B82D6447BF8D903339FC1B5ACA71C926946FC584 ft=1 fh=0acf789d25ed123b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafeclean.dll"
sh=E74F1F0E84905A29738B1B79F3F683BBB6C23FB2 ft=1 fh=935248f540d85e95 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeDisp.dll"
sh=B216FCF4C91EFEA1296CBF6C51ED58507BDB3472 ft=1 fh=510f6cf177bdd561 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeEngineBase.dll"
sh=BFFE04F24C1F36F359B53F7F36E72607D610FC38 ft=1 fh=58de914c8cb2979d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeEngineDisp.dll"
sh=9866EFFDC9551F42EA9446AEAC771C095EEF927C ft=1 fh=9b0b4a70f93b48f5 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafehrv.dll"
sh=B4AE14AD8FEE8EBEF3D1CFA83DEA1D5C89AC2E7F ft=1 fh=7cd72dd973075b65 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys"
sh=90647E501069BD43BD885170011605A27FAAE09C ft=1 fh=6839351b80ed6926 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys"
sh=CF17891A89587224ACFDB2A990D24F7D752707B6 ft=1 fh=01738a06a1b1b0d8 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall.dll"
sh=BFC712282D22A4DC02D4594EC5AF71C790347E36 ft=1 fh=91d61e330d1da7f8 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll"
sh=E65EC78AD0832B7B867E03733C410F386F6B546B ft=1 fh=dcada9d1c55c5233 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys"
sh=3B0E5B8AD7025C2DE6331313D0E0CC6B9203758C ft=1 fh=7093c422903666f1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys"
sh=942EAE0DA42D0B59841C362C7A030BD2BE5A9E41 ft=1 fh=58d55914e7afcf83 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMonCall.dll"
sh=D1F0649640F31178C5D91EFF8E6AE77C51293DEB ft=1 fh=650b884fe9d21341 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys"
sh=7BD0DF67C6FCF8C5050293251CFA08C64509C32B ft=1 fh=6b7d23f28df26718 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafeLottery.exe"
sh=892D521C6C4575FAD091FB294E3FD76B90B75568 ft=1 fh=8b29302a025a91f4 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemadwc.dll"
sh=D7BF2167F1A834AA33A4280306B5B9B88AA1305D ft=1 fh=26df8e0e542fc7b4 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafembp.dll"
sh=55DC194946E5F9FCF2019A0984312985103F5E97 ft=1 fh=bd86bfdac15a420f vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemc.dll"
sh=163F47A0B6835DD3C4709EB0D091E275B6FECE48 ft=1 fh=c6752504b4421be0 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemclv.dll"
sh=8D21B941C5AA2971C48A7C1EF1AC16675A0B1689 ft=1 fh=513773330f28adc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemgc.dll"
sh=532DFA176A932A40B5821F62C9257A1F3687233F ft=1 fh=7db54c541db61dc2 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll"
sh=0FC20C6CD19AE916B990FF1834EF8F6825AD7BB8 ft=1 fh=eb8a9f3b2625a03c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeMon64.dll"
sh=FEECF2B78EA197B29E1CC684C8BB51692270AD0D ft=1 fh=e2e0ac074d1b18d1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemoptv.dll"
sh=1B54A2A85B65FE3E9E39BF792F70318E3F1AC8DE ft=1 fh=37667f8cf88e431e vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemsmv.dll"
sh=0E8AC4CF49D28AFF3470D1D285CEF22FE315FF6E ft=1 fh=ddc8863e08f1a207 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafemvsv.dll"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys"
sh=338F4496C67803B400786E747FCEE81C2EAD0FD0 ft=1 fh=2f58a6944cdde34c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafenpf.dll"
sh=9E1563939E45D9859D48F5FCFF2F8CC059B46458 ft=1 fh=5b058feac095d35b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll"
sh=76589E44F3C1B1B7EEC59D3AD10C85B4B5B0194E ft=1 fh=44ba51c84436cf13 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll"
sh=34F92CAE4EAD835809E6A1B7B17EA22C459387B3 ft=1 fh=cb4b39f46f9f9fc8 vn="Variante von Win32/ELEX.CR evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll"
sh=9B361D10FAE9CBE92991B1381702CCE857F5E1BB ft=1 fh=2feef998d98d7015 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafesmgr.dll"
sh=1A2B6B3E6F90F62760303E7BD6F672ACC41400FB ft=1 fh=bc09a9d3730e5221 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafesopt.dll"
sh=B89885D6C86F5B0C8CF7D754EF333EFBDAE22BB9 ft=1 fh=285d24b640c22f6a vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafesptv.dll"
sh=9398166B8D9BC30B6B82879E6853534F719CF151 ft=1 fh=57e42ea9174274b7 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll"
sh=D53A0FBDE77AB8DD418D8319A4920DF4C8BC06A6 ft=1 fh=c478873ec7e53104 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafesv.dll"
sh=0C73DDC30496DCACC8921ABC13348B641DAB91B6 ft=1 fh=b9a8d564fd5fac3c vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp.exe"
sh=933027F4A2E648955264A7D1732619B8A4A82B45 ft=1 fh=8909dc49137789e9 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe"
sh=D237FB0A442575BDB56B84DFC15F55228213B515 ft=1 fh=4beda0c06c1dc54e vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\isafeupbiz.dll"
sh=AD9A37CE6E21B37B4424E113C8DC693B6BEA0DA6 ft=1 fh=37f9c9aa0257a764 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe"
sh=C98C7C2D21C44B69DFBB9E6C649A4CC98B9CD077 ft=1 fh=7feb7802a1d4709f vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iStart.exe"
sh=76A7B530749306CBA6EE108E56962A422310445E ft=1 fh=10dd9103b9aa1827 vn="Variante von Win32/ELEX.CS evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc.dll"
sh=9CCD6EBDCBE10E304F4DDF2C08A94F18309B8D74 ft=1 fh=a58b602a8884d749 vn="Variante von Win32/ELEX.BX evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc2.dll"
sh=5E44C346AF144BABAB97B98576ACD419C755EF53 ft=1 fh=92901d34826cf657 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPDesk.dll"
sh=7E0D92F30FBBB6A354AAAB16947B0D53186810F4 ft=1 fh=cde0d290616a1988 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPFeedback.dll"
sh=D96F2C441AA4F293DE24E00555D17272BEC405A8 ft=1 fh=3ff4dab3b83c1d2b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPFloaty.dll"
sh=5CC49BA4739381FEBF0D1A7C0A08E9CC6C1B5738 ft=1 fh=78e51a96da9861d0 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPMsgCenter.dll"
sh=F89B179257E8792DDA80BF33FE845E04BD5E54B7 ft=1 fh=9710b556a88ed402 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTpNodisturb.dll"
sh=CA797CB9F9C829C4E9955B13AFE4F1228D015BA7 ft=1 fh=c6a456e72def8e27 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPProtect.dll"
sh=B29A1F1B9F2969DC89286CC4ECFBD6DE3C072FA8 ft=1 fh=44c1be60fc4c28a6 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPPush.dll"
sh=B81170A2E80572CFBC6E964A200D73E22A46FE4B ft=1 fh=e5949413a4e7c333 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPStartupAssist.dll"
sh=F711389B1A4E8FFF041BF55791425CBBCE04B3D8 ft=1 fh=73c2b77bd11a0ed4 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPVirus.dll"
sh=BA4040CE1214DDCC6BDDA1BEA3BA4B4280573F5F ft=1 fh=082bf21aa5cd06cf vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\iTPWifi.dll"
sh=BB51A0DC79D30DA761CDD3CF2722593383AED83A ft=1 fh=44b41abadadbb99f vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\libcurl.dll"
sh=C5A8E93FAE4206F359C4F90E8D906B0D1E651803 ft=1 fh=139f273bdf073a4b vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\libeay32.dll"
sh=62426430142DA765FFB9934CEC57702A31FCC48C ft=1 fh=8e11e1c3976fb451 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\libpng.dll"
sh=D35247F16F8B384A48C903FC482B550A68C05081 ft=1 fh=456a153a4ea2b644 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll"
sh=E09D1687CB75FB0598E1C049A29EB695F4D7A015 ft=1 fh=fcb1b03b79154068 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll"
sh=57B55843F345B18B94B1645EC51DB719869EA138 ft=1 fh=4c2511f039a61cc5 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\sqlite3x64.dll"
sh=64DD0DAD3913748A45C52B27883A00BBC1F7B812 ft=1 fh=4963272827b4a097 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\ssleay32.dll"
sh=20AE7C87DBD0F24C5EE1700CE54456882C9D2D7D ft=1 fh=4515134bd546367d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\trz4A38.tmp"
sh=B0B3AA0817C8A5BCBE15C1B6053288EF66FA6D92 ft=1 fh=b5f02dc2b27fae9d vn="Variante von Win32/ELEX.DB evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
sh=2CF0667A519A47FEDDB04C56C8A86892AEC1DF62 ft=1 fh=b207d47c4b4e2340 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\YACcleaner.exe"
sh=1E327740B7A952737D3E7CF0BA3A4E65FBFA4ADB ft=1 fh=3f7be19e39705f9b vn="Win32/ELEX.CW evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\YacLuckySpin.exe"
sh=7063FF444B32F8C6C645D4A4B0DB5393A61BAD0D ft=1 fh=ea9218ecf1c4a42d vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\YacWifi.exe"
sh=F36E9D3FE69765421904EBB56199001CD78082B6 ft=0 fh=0000000000000000 vn="JS/Trackware.Agent.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx"
sh=9AA34B5DB8BFF363372D60F962E503DCB3F93EB5 ft=0 fh=0000000000000000 vn="JS/Trackware.Agent.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.5_0\js\inject.js"
sh=D62E826B13E242DC0BABCAD05E3A4613795A024F ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\data\fst.dat"
sh=60B5EB2B43DD57F7FCA5BCB2FA1848F129E8E001 ft=1 fh=ae6dcb3caea0167c vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZipper\eUninstall.exe"
sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZipper\TrayDownloader.exe"
sh=0FED6A8D58C6D90533DAB72B200BD198568781AC ft=1 fh=e69782aa317200f9 vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\WinZipper\winzipersvc.exe"
sh=D7735DD6EEAA7998EA6F51CB19A7308501DFE22A ft=1 fh=5589dac1d8b5aae1 vn="Variante von MSIL/Solimba.AH evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ONB6J2C\Spotify.exe"
sh=560236C88A6A57FE17074484673ECE25EA3BDE39 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I19EDUI1\1[1].zip"
sh=7D708CBE8C0AAFC51F5BF7A045250C064894EFB9 ft=1 fh=cba2b8dcf5a01fe3 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB40HCEH\spotify_setup.exe"
sh=AE59E97621DBE5DAE3F16AE0D4E998E288C3EAC8 ft=1 fh=484541b5fd593e9b vn="Win32/ELEX.BF evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULLFSTWM\de[1].exe"
sh=297DD41B636EA17397673C3A66B841CA4794AEAE ft=1 fh=d9e835675ee0917a vn="Variante von Win32/ELEX.BZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULLFSTWM\dl-up-wz_2015.1.15_2_out[1].exe"
sh=DDFFD5DE2329087778C065BD7982413DC5522222 ft=1 fh=b20656cb7b4ccd96 vn="Variante von Win32/ELEX.BU evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\eUpgrade\eupgrade.exe"
sh=133AD7F29355A770C2E927837712E7F0B997A04B ft=1 fh=c0c9a0dc6047faad vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\OmigaZip_patch\eUninstall.exe"
sh=E200E0E1187F484EEBD1B630EF93D99CDB8EF5E1 ft=1 fh=01cca6eac81f1998 vn="Variante von Win32/ELEX.BR evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\OmigaZip_patch\TrayDownloader.exe"
sh=0FED6A8D58C6D90533DAB72B200BD198568781AC ft=1 fh=e69782aa317200f9 vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp\st2F88.tmp\OmigaZip_patch\winzipersvc.exe"
sh=5A10808918F9353926F9369B35371F78BA79FCA8 ft=1 fh=1ddd8e40be133363 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\eUpgrade\eupgrade.exe"
sh=0147937D9077F226E60DF191DA2175A4AC9EE45E ft=1 fh=88de78e712e5bb20 vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\OmigaZip_patch\winzipersvc.exe"
sh=69C56C9B1DB8EBBBD594A2863218063AF1B6DA53 ft=1 fh=5e7d95f270db1829 vn="Variante von Win32/ELEX.BI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\serviceuser\AppData\Local\Temp{C9FE9CE5-638B-4D66-ADF9-D4313646D5F9}\OmigaZip_patch\wz_ydl.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# end=init
# utc_time=2015-06-19 12:26:58
# local_time=2015-06-19 02:26:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24371
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# end=updated
# utc_time=2015-06-19 12:30:45
# local_time=2015-06-19 02:30:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 0
Old modules - delete modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 0
'Can not update to actual engine, exiting
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-19 12:45:59
# local_time=2015-06-19 02:45:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 92722 36469105 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15511 186347809 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=913
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# end=init
# utc_time=2015-06-19 12:47:02
# local_time=2015-06-19 02:47:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# end=updated
# utc_time=2015-06-19 12:47:22
# local_time=2015-06-19 02:47:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 0
Old modules - delete modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 0
'Can not update to actual engine, exiting
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9bf12457be70594e81f080a3ec4d5de0
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-20 10:42:24
# local_time=2015-06-20 12:42:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 171707 36548090 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 94496 186426794 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=78901
         


Alt 22.06.2015, 07:30   #6
HtHNightwolf
 
Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by serviceuser (administrator) on ***** on 22-06-2015 08:14:50
Running from C:\Users\serviceuser\Desktop\AV
Loaded Profiles: serviceuser (Available Profiles: serviceuser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Secure_Email\sec_mail.exe
() C:\Program Files (x86)\Secure_Email\lib\stunnel\stunnel.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Farbar) C:\Users\serviceuser\Desktop\AV\FRST(x64).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-334166091-1000885523-3064945426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rosiplus.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-11] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-11] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.238.40.45 195.238.50.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll No File
FF Plugin HKU\S-1-5-21-334166091-1000885523-3064945426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\serviceuser\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-19] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-23]

Chrome: 
=======
CHR Profile: C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Avast Online Security) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (No Name) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-06-18]
CHR Extension: (Gmail) - C:\Users\serviceuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-11-19] (Citrix Online, LLC)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-13] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-21] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\System32\drivers\arc.sys ==> MD5 is legit
C:\Windows\System32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC
C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C
C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095
C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D
C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30
C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6
C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782
C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CLVirtualDrive.sys 7E34B0BC915D7260F0A2D50D7B2FD717
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorA.sys 7775AEAF5FA32274FAF07FAF2E5E4B87
C:\Windows\System32\drivers\iaStorF.sys 5111A200402C56E57A12D22C41F7B630
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 13AD8E01E974926E09D053DB370F2E41
C:\Windows\System32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E9740A3BC0AE6EA035FF7ECE3A1B27B6
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\drivers\iusb3hcs.sys 78D369F8A81A341109FBA1DB64B4C512
C:\Windows\system32\drivers\iusb3hub.sys 5B632ABA038CE2E2D5D2D1115C6B26D1
C:\Windows\system32\drivers\iusb3xhc.sys EA841584EF59528D11F20355770E427E
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys BF69D973523D539A35807946C6DA7E16
C:\Windows\System32\Drivers\ksecpkg.sys 272C27711C8AA6E7815EE33F8ACA9C66
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\drivers\mbam.sys 1E9E32AEC3E1EB1B31B8169F33168B56
C:\windows\system32\drivers\mwac.sys F49FB3C88E263AE9A246593B0BB29294
C:\Windows\System32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\TeeDriverx64.sys 18B9AD128EC84E8D16A83F70CF36594F
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\System32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 5FE87322B5940BE0E367C4D54343A3F4
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\System32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\System32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\system32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 14:49 - 2015-06-19 14:49 - 00000163 _____ C:\Users\serviceuser\Desktop\Gerne dem Trojaner-Board Spenden.url
2015-06-19 14:28 - 2015-06-19 14:28 - 00852639 _____ C:\Users\serviceuser\Downloads\SecurityCheck.exe
2015-06-17 16:53 - 2015-06-17 16:53 - 00000207 _____ C:\windows\tweaking.com-regbackup-*****-Windows-7-Professional-(64-bit).dat
2015-06-17 16:53 - 2015-06-17 16:53 - 00000000 ____D C:\RegBackup
2015-06-17 16:52 - 2015-06-17 16:53 - 02949914 _____ (Thisisu) C:\Users\serviceuser\Downloads\JRT.exe
2015-06-17 16:50 - 2015-06-17 16:50 - 02949914 _____ (Thisisu) C:\Users\serviceuser\Downloads\Nicht bestätigt 870157.crdownload
2015-06-17 16:48 - 2015-06-17 16:58 - 00000000 ____D C:\AdwCleaner
2015-06-17 16:48 - 2015-06-17 16:48 - 02231296 _____ C:\Users\serviceuser\Downloads\AdwCleaner_4.206.exe
2015-06-17 16:42 - 2015-06-17 16:42 - 00001272 _____ C:\Users\serviceuser\Desktop\Revo Uninstaller.lnk
2015-06-17 16:42 - 2015-06-17 16:42 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-17 16:41 - 2015-06-17 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\serviceuser\Downloads\revosetup95.exe
2015-06-17 15:44 - 2015-06-22 08:14 - 00000000 ____D C:\FRST
2015-06-17 15:24 - 2015-06-22 08:14 - 00000000 ____D C:\Users\serviceuser\Desktop\AV
2015-06-17 14:09 - 2015-06-17 15:43 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 14:09 - 2015-06-17 14:09 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 14:09 - 2015-06-17 14:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-17 14:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-17 14:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-17 14:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-17 14:07 - 2015-06-17 14:07 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-10 14:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 14:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 14:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 14:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 14:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 14:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 14:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 14:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 14:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 14:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 14:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 14:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 14:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 14:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 14:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 14:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 14:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 14:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 14:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 14:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 14:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 14:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 14:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 14:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 14:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 14:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 14:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 14:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 14:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 14:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 14:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 14:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 14:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 14:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 14:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 14:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 14:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 14:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 14:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 14:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 14:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 14:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 14:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 14:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 14:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 14:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 14:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 14:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 14:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 14:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 08:18 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:18 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 08:18 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 08:18 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 08:18 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 08:18 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 08:18 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 08:18 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:18 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:18 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 08:18 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 08:18 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 08:18 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 08:18 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 08:18 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 08:18 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 08:18 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 08:18 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 08:18 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 08:18 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:18 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 08:17 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 08:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 08:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 08:16 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-05 09:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 09:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 09:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 09:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-02 14:12 - 2015-06-02 14:12 - 00000000 ____D C:\Users\serviceuser\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 08:13 - 2014-04-23 12:28 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 08:12 - 2014-06-10 11:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-22 08:12 - 2014-04-23 12:28 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-22 08:12 - 2014-04-23 12:28 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 08:12 - 2014-04-22 09:25 - 01168009 _____ C:\windows\WindowsUpdate.log
2015-06-22 08:12 - 2014-03-13 18:59 - 00000000 ____D C:\ProgramData\PDFC
2015-06-20 14:05 - 2009-07-14 06:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-20 14:05 - 2009-07-14 06:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 13:07 - 2014-08-16 12:20 - 00000000 ____D C:\Users\serviceuser\AppData\Local\Adobe
2015-06-19 12:32 - 2014-06-10 11:59 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 12:32 - 2014-06-10 11:59 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 12:32 - 2014-06-10 11:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-18 06:52 - 2014-04-22 15:48 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0
2015-06-17 17:05 - 2014-03-13 18:17 - 00699092 _____ C:\windows\system32\perfh007.dat
2015-06-17 17:05 - 2014-03-13 18:17 - 00149232 _____ C:\windows\system32\perfc007.dat
2015-06-17 17:05 - 2009-07-14 07:13 - 01619284 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-17 16:59 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-17 16:59 - 2009-07-14 06:51 - 00043802 _____ C:\windows\setupact.log
2015-06-17 16:51 - 2015-01-16 07:16 - 00000000 ____D C:\windows\system32\log
2015-06-17 16:51 - 2014-04-23 12:28 - 00001286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-17 16:51 - 2014-04-23 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-17 16:51 - 2014-04-22 09:29 - 00000975 _____ C:\Users\serviceuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 15:41 - 2014-10-09 15:30 - 00000000 ____D C:\Users\serviceuser\AppData\Roaming\TeamViewer
2015-06-17 15:39 - 2010-11-21 05:47 - 00262042 _____ C:\windows\PFRO.log
2015-06-17 14:45 - 2014-04-22 14:57 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-06-17 14:45 - 2014-04-22 14:57 - 00001098 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-06-16 15:38 - 2014-04-22 16:05 - 00563200 _____ C:\Users\serviceuser\Desktop\Aufgabenpl.2012 Holst.Ch..xls
2015-06-16 10:43 - 2014-05-14 13:02 - 00068608 _____ C:\Users\serviceuser\Desktop\Reinigungsplan.xls
2015-06-15 10:15 - 2014-04-22 16:05 - 00028672 _____ C:\Users\serviceuser\Desktop\Kopie von hsse-motto-blanko.xls
2015-06-15 09:04 - 2014-04-22 15:41 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0
2015-06-11 13:27 - 2014-11-14 16:26 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieBrowserModeList
2015-06-11 13:27 - 2014-04-23 12:25 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieUserList
2015-06-11 13:27 - 2014-04-23 12:25 - 00000000 __SHD C:\Users\serviceuser\AppData\Local\EmieSiteList
2015-06-11 10:28 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 03:27 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 03:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-11 03:26 - 2009-07-14 06:45 - 00289320 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:07 - 2014-04-22 12:21 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:02 - 2014-04-22 12:21 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-06 03:16 - 2014-12-11 04:19 - 00000000 ____D C:\windows\system32\appraiser
2015-06-06 03:16 - 2014-04-23 08:54 - 00000000 ___SD C:\windows\system32\CompatTel
2015-05-26 15:16 - 2015-05-22 11:41 - 00264192 _____ C:\Users\serviceuser\Desktop\aktionsplan_pb_kw_23_24.xls
2015-05-26 15:12 - 2014-04-22 16:06 - 00027648 _____ C:\Users\serviceuser\Stundenzettel.xls
2015-05-26 15:12 - 2014-04-22 16:06 - 00027136 _____ C:\Users\serviceuser\Kassendifferenzen.xls
2015-05-26 12:40 - 2015-01-27 12:44 - 00156160 _____ C:\Users\serviceuser\Desktop\Stundenaufz.2015.xls

Some files in TEMP:
====================
C:\Users\serviceuser\AppData\Local\Temp\Quarantine.exe
C:\Users\serviceuser\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 11:38

==================== End of log ============================
         
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by serviceuser at 2015-06-22 08:15:27
Running from C:\Users\serviceuser\Desktop\AV
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-334166091-1000885523-3064945426-500 - Administrator - Disabled)
Gast (S-1-5-21-334166091-1000885523-3064945426-501 - Limited - Disabled)
serviceuser (S-1-5-21-334166091-1000885523-3064945426-1001 - Administrator - Enabled) => C:\Users\serviceuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IBW Secure Email V2 1.05 (HKLM-x32\...\{18D3DE67-AD02-4CBB-B610-1A08101089EF}) (Version: 1.05 - IBW)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{78AAC97A-E0D6-4296-85A4-B24FD6A4D4E6}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0  (HKLM-x32\...\{BA58F449-1AE5-4A94-ACFF-B8C9CA26D790}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

26-12-2014 10:31:42 Windows Update
30-12-2014 07:58:33 Windows Update
31-12-2014 12:59:46 avast! antivirus system restore point
02-01-2015 10:00:26 Windows Update
06-01-2015 10:12:56 Windows Update
11-01-2015 12:13:01 Windows Update
15-01-2015 04:00:25 Windows Update
17-01-2015 04:00:30 Windows Update
20-01-2015 08:00:03 Windows Update
23-01-2015 09:58:40 Windows Update
27-01-2015 11:01:12 Windows Update
28-01-2015 04:00:19 Windows Update
03-02-2015 09:57:24 Windows Update
06-02-2015 10:16:56 Windows Update
10-02-2015 09:54:35 Windows Update
12-02-2015 04:00:30 Windows Update
13-02-2015 04:01:11 Windows Update
17-02-2015 10:11:52 Windows Update
24-02-2015 10:29:56 Windows Update
26-02-2015 04:00:20 Windows Update
03-03-2015 08:41:13 Windows Update
10-03-2015 09:43:30 Windows Update
12-03-2015 04:00:40 Windows Update
17-03-2015 10:13:57 Windows Update
24-03-2015 08:49:54 Windows Update
26-03-2015 04:00:20 Windows Update
31-03-2015 09:09:34 Windows Update
03-04-2015 10:01:06 Windows Update
05-04-2015 03:00:19 Windows Update
11-04-2015 12:17:43 Windows Update
16-04-2015 03:00:30 Windows Update
22-04-2015 07:25:54 Windows Update
28-04-2015 09:27:57 Windows Update
01-05-2015 09:30:02 Windows Update
05-05-2015 09:37:59 Windows Update
11-05-2015 07:49:57 Windows Update
14-05-2015 03:00:34 Windows Update
19-05-2015 09:18:45 Windows Update
21-05-2015 03:00:18 Windows Update
26-05-2015 09:27:47 Windows Update
02-06-2015 10:28:22 Windows Update
06-06-2015 03:00:18 Windows Update
09-06-2015 09:11:40 Windows Update
11-06-2015 03:01:03 Windows Update
16-06-2015 08:20:53 Windows Update
17-06-2015 16:43:48 Revo Uninstaller's restore point - WindowsMangerProtect20.0.0.722
17-06-2015 16:46:09 Revo Uninstaller's restore point - WinZipper
19-06-2015 09:10:36 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E865A2-27B6-4CBA-8889-B6371DAD7BA2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {056E05A5-33C5-4532-8331-2A1FD51B502A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation)
Task: {117E2C6B-5E7F-4087-8AD6-EB8A87EF00D3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {250727C0-01F8-44A5-B2AA-FB815D09CF8B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3F0B1603-1140-4333-AB7D-224021584647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {3F81F363-B50D-4914-837E-045B4E78FE64} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {44A96FFA-48A2-40C1-8D09-2958254A9A5E} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {56FD664C-50E8-4FAC-8281-89E3ABD2F613} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {59D3D510-6C08-4404-B20A-6A9492322CD2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {618A7044-E223-42BC-A098-90C0E090D6F0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {66351866-E946-4B4A-A73A-EA5DD57D480F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6C1A798B-B376-4705-A6B0-1ABBC508B805} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {782FB623-F721-4211-947B-03F8ACE516B3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {88372A26-60D8-4FCC-B8EC-4CB1F74E6EE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BBCB5BFF-F5BF-45C0-AD2D-1E2AC1CC24AB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-19] (Adobe Systems Incorporated)
Task: {E1120F3F-467B-4E41-8023-3532C2AEB86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {F217CB0A-4555-4288-ADF7-7C4389C08EBA} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2005-02-10 14:24 - 2005-02-10 14:24 - 01720385 _____ () C:\Program Files (x86)\Secure_Email\sec_mail.exe
2004-03-19 14:59 - 2004-03-19 14:59 - 00066048 _____ () C:\Program Files (x86)\Secure_Email\lib\stunnel\stunnel.exe
2015-06-19 12:31 - 2015-06-19 12:31 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061901\algo.dll
2015-06-20 12:41 - 2015-06-20 12:41 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062000\algo.dll
2015-06-22 08:13 - 2015-06-22 08:13 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062101\algo.dll
2014-08-04 14:20 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll
2014-03-13 18:52 - 2013-08-08 23:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-13 18:56 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-14 13:23 - 2015-03-14 13:23 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00028761 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\cee32c6d5ab6f3b6d650de77ac58a019.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00155752 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\5e9e2e4123d3551eb996e59309fa72be.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00077925 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\c90822ad6dd37b9e2abcbd53e66d86df.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00028771 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\2e5a00f9dfa5669114c8b2487150f455.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00032879 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\ad76515ff4d1de346e3888790190a3c0.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00024647 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\d07294610b5173a78e2c7609b703eadc.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00028745 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\056721307e354d83addd03bdfc5c4d54.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00077895 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\8b285eff21bc702f99df7d987f097691.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00024641 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\1a657931d78ddcfa584e65d2115500be.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00049238 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\10f7b6c1d4e5218787adeef208a0c5a2.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00487501 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\2740b431a6e7a8340e36b79c8753dfac.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00061526 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\ede8ea26ef0a047f2048683a2961afd9.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00024650 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\d6238b26db974c1e3bd964fb70243060.dll
2015-06-19 13:09 - 2015-06-19 13:09 - 00122968 ____R () C:\Users\serviceuser\AppData\Local\Temp\pdk-serviceuser-6004\fd16aee8c5aec68a7406f8bc29950542.dll
2004-03-19 14:59 - 2004-03-19 14:59 - 01528135 _____ () C:\Program Files (x86)\Secure_Email\lib\stunnel\libeay32.dll
2004-03-19 14:59 - 2004-03-19 14:59 - 00611705 _____ () C:\Program Files (x86)\Secure_Email\lib\stunnel\libssl32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-334166091-1000885523-3064945426-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\serviceuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.238.40.45 - 195.238.50.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{07703C68-0ECC-487A-BDEE-EFA6BB33DBFB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{CC8A91FA-904D-42B5-8AE5-39C2204A0644}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{5DA5C345-5833-41DB-9E09-38769B7C1839}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{66BFAC92-BF7D-4ED1-8015-F51F695192ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1798E1B7-5D1C-46AB-B448-DFA704756612}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8430F1C3-ED4B-4EF5-9CE6-1EDE0D040B1A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{4C613AA7-3D81-438A-BF9D-0F40088EA3B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A08F809-392A-4E76-A11E-2500B272D5E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{435F9EB7-DF16-47F4-9A18-D91E9D005E05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DEC5176-4659-48D1-94DC-C7BA6CE263AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1BB9CA1-5D1A-4DC0-B94B-B2AFCFCF4C4A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4ABCB0E-FE9F-42FF-96BE-2A5527D37601}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{EDBA1696-F613-4DE6-986B-3D87EAC12CA0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BEC2DBEC-EC5D-40D8-8D13-B8955B0E60FE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{01BE11D4-3941-4A25-9A04-FB4666641635}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E1544400-3C0E-4CC9-8CA7-B04C28924541}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{38957DA4-E8EC-49DD-9F8C-AE81FC1E6A68}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{65D0C5C1-E7E2-4477-881A-A0627F3ED489}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{A6FF10D5-A207-455B-8208-5C535B2ECB52}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{E463A0AF-3691-4ED3-817C-8C1B22859B17}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{73631152-9B1E-4A8D-AE4B-1D114D4586C8}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{A89091CC-ADD7-4AF7-9E45-C0F914DCE6EF}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{D025FC44-3D2F-4DF1-96A0-2F4C446CD84A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 08:15:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/20/2015 01:18:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/19/2015 02:46:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/19/2015 02:46:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/19/2015 02:26:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/19/2015 02:26:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/19/2015 09:43:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17840, Zeitstempel: 0x555fe1bb
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.9600.17840, Zeitstempel: 0x555fefa8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e12f
ID des fehlerhaften Prozesses: 0xc78
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/18/2015 03:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17840 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1024

Startzeit: 01d0a9bf525015db

Endzeit: 27

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (06/17/2015 03:44:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/17/2015 03:32:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Desktop.exe, Version: 9.0.41110.0, Zeitstempel: 0x55261a58
Name des fehlerhaften Moduls: TeamViewer_Desktop.exe, Version: 9.0.41110.0, Zeitstempel: 0x55261a58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001ea7a0
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Desktop.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Desktop.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Desktop.exe2
Berichtskennung: TeamViewer_Desktop.exe3


System errors:
=============
Error: (06/20/2015 02:41:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 16 Mal passiert.

Error: (06/20/2015 01:22:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 15 Mal passiert.

Error: (06/20/2015 00:42:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/20/2015 00:42:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SERVIC~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/20/2015 00:42:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/20/2015 00:42:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SERVIC~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/20/2015 00:42:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/20/2015 00:42:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SERVIC~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/20/2015 00:42:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/20/2015 00:42:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SERVIC~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (06/22/2015 08:15:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/20/2015 01:18:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/19/2015 02:46:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/19/2015 02:46:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/19/2015 02:26:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/19/2015 02:26:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/19/2015 09:43:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbiertutil.dll11.0.9600.17840555fefa8c00000050014e12fc7801d0aa5f3cb68e9bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\syswow64\iertutil.dlleedeea7c-1656-11e5-b1f4-a0481c9646ca

Error: (06/18/2015 03:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840102401d0a9bf525015db27C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (06/17/2015 03:44:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\serviceuser\Desktop\AV\ESET Online Scanner.exe

Error: (06/17/2015 03:32:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Desktop.exe9.0.41110.055261a58TeamViewer_Desktop.exe9.0.41110.055261a58c0000005001ea7a0f4c01d0a9020861ebefc:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exec:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe5dbfa909-14f5-11e5-81c5-a0481c9646ca


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 4024.2 MB
Available physical RAM: 2877.92 MB
Total Pagefile: 8046.6 MB
Available Pagefile: 6011.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:453.58 GB) (Free:189.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.07 GB) (Free:1.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E6214724)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

==================== End of log ============================
         
--- --- ---

Geändert von HtHNightwolf (22.06.2015 um 07:44 Uhr)

Alt 22.06.2015, 16:33   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?



Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Elex-tech
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2015, 10:23   #8
HtHNightwolf
 
Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by serviceuser at 2015-06-23 11:11:09 Run:1
Running from C:\Users\serviceuser\Desktop\AV
Loaded Profiles: serviceuser (Available Profiles: serviceuser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\Elex-tech
Emptytemp:
*****************

"C:\Program Files (x86)\Elex-tech" => File/Folder not found.
EmptyTemp: => 973.2 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 11:12:05 ====
         
Keine Probleme mehr ^.^
Spendenbutton habe ich dem betroffenen User direkt auf den Desktop gelegt und es klang auch, als wolle er ihn nutzen

Alt 24.06.2015, 05:57   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Malware: Jetzt verschwunden? - Standard

Malware: Jetzt verschwunden?




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malware: Jetzt verschwunden?
adware, antivirus, bonjour, browser, desktop, email, failed, fehler, flash player, helper, iexplore.exe, installation, malware, popup, realtek, registry, scan, schutz, security, services.exe, software, starmoney, svchost.exe, system, usb, win32/elex.bp, win32/elex.cc, win32/elex.cr, win32/elex.db, windows



Ähnliche Themen: Malware: Jetzt verschwunden?


  1. Mining-Malware jetzt auch bei Google Play
    Nachrichten - 25.04.2014 (0)
  2. Avira erst verschwunden und jetzt durch Gruppenrichtlinien blockier. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (3)
  3. Windows 7: Desktopicons sporadisch verschwunden. Malware Verdacht
    Log-Analyse und Auswertung - 31.08.2013 (11)
  4. Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah!
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (26)
  5. malware gefunden und gelöscht, system jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (8)
  6. BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?
    Log-Analyse und Auswertung - 26.07.2012 (1)
  7. SMART HDD Malware war da, ist nun aber verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (1)
  8. Google Re-Direct Virus scheinbar verschwunden, aber ist der Rechner jetzt sauber...?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (22)
  9. GEMA-Trojaner, jetzt Desktop verschwunden!
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (1)
  10. Malware BOO/TDss.D -> Festplatteninhalt verschwunden...
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (2)
  11. Malwarebytes Anti-Malware Runtime error 372 + Taskleiste verschwunden
    Log-Analyse und Auswertung - 28.04.2011 (15)
  12. System mit Vist neu installiert. Jetzt ohne malware ?
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (16)
  13. Malware gefunden! Was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (13)
  14. DR/FakePic.gen Malware, Bilder verschwunden
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (29)
  15. einige Malware gelöscht, jetzt Rundll ismsti.dll
    Log-Analyse und Auswertung - 26.09.2010 (30)
  16. Malware gefunden und eliminiert: ist jetzt alles wieder in Ordnung?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (5)
  17. Virus Meldung erhalten-jetzt verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2008 (4)

Zum Thema Malware: Jetzt verschwunden? - Hallo TB Team, ich habe einen PC hier, der bei ESET und MBAM im ersten Durchlauf ordentlich was gefunden hat. Die LOGs und auch ein FRST Log lege ich bei. - Malware: Jetzt verschwunden?...
Archiv
Du betrachtest: Malware: Jetzt verschwunden? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.