Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Search Protect Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.07.2015, 16:11   #1
Surriya
 
Search Protect Problem - Frage

Search Protect Problem



Ich habe das Problem das ich warum auch immer Search Protect auf meinem PC habe und es nicht komplett runter bekomme...
Ich habe hier in einem ähnlichen Thread gelesen dass man das versuchen soll mit Revo Uninstaller zu löschen. Das habe ich getan. Bei Programme und Funktionen ist das nun nicht mehr auch nach Neustart nicht.
Allerdings wenn ich in meinem Browser Opera die erste Seite öffne, kommt meine Startseite google und ein zweiter Tab mit Search Protect...
Und unten in der Taskleiste bei Symbole ist es unter ausgeblendete Symbole einblenden, da ist dann das blaue Search Protect Zeichen...
Ich verzweifel noch weil ich es einfach nicht komplett weg bekomme :-(((
ich brauche dringend Hilfe!!!!

Alt 20.07.2015, 16:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect Problem - Standard

Search Protect Problem



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 20.07.2015, 16:26   #3
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



Ah und was noch ein Problem ist.... nach einer zeit werden automatisch andere Programme installiert, selbst abbrechen verhindert dies nicht -.-
Und zwar bisher folgende:
- Software Version Updater
- mystartsearch uninstal
- WordSurfer 1.10.0.19
- SmartWeb


ich kann die zwar problemlos deinstallieren aber spätestens morgen wenn ich PC neu anmache werden die im Laufe des Tages wieder neu drauf installiert :-(
__________________

Alt 20.07.2015, 16:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect Problem - Standard

Search Protect Problem



siehe meinen Post oben
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2015, 16:39   #5
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



FRST:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Lisa (administrator) on LISA-PC on 20-07-2015 17:32:51
Running from C:\Users\Lisa\Downloads
Loaded Profiles: Lisa (Available Profiles: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knso5B65.tmp
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\ProgramData\Ensefnag\1.0.4.1\euclemli.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp
() C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Ensefnag\1.0.4.1\euclemli.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Spotify Ltd) C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
() C:\Users\Lisa\AppData\Local\Temp\nsbFD65.tmp
(Word Surfer) C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe
(SoftBrain Technologies Ltd.) C:\Users\Lisa\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Lisa\AppData\Local\SmartWeb\SmartWebApp.exe
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
() C:\Users\Lisa\AppData\Local\gmsd_de_005010035\upgmsd_de_005010035.exe
() C:\Program Files (x86)\gmsd_de_005010035\gmsd_de_005010035.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
() C:\Users\Lisa\AppData\Local\Temp\nsn93CB.tmp
(XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-10-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [mbot_de_014010035] => [X]
HKLM-x32\...\Run: [gmsd_de_005010035] => C:\Program Files (x86)\gmsd_de_005010035\gmsd_de_005010035.exe [3976848 2015-07-19] ()
HKLM-x32\...\Run: [gmsd_de_002020035] => [X]
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Lisa\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\RunOnce: [upgmsd_de_005010035.exe] => C:\Users\Lisa\AppData\Local\gmsd_de_005010035\upgmsd_de_005010035.exe [3299984 2015-07-19] ()
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify Web Helper] => C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify] => C:\Users\Lisa\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [GoogleChromeAutoLaunch_B94B428F965CE44077607E28858C9F13] => "C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [DeskBar] => C:\Users\Lisa\AppData\Local\DeskBar\dblaunch.exe
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-08] (Microsoft Corporation)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-07-20]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-20]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Lisa\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjN-ExX_oW7kU0TRL9vv-8jCVwmaMKewVVzpaCqbg4d_kDscVJgQv9IR6UIKAJDcyiXfmG4g5CO7A9ZJptLMNm0LcYrze_K_x4lFyMSsPUWyuHtax16h8XvQq86s1SH4fpQRZrkdfNxFmjp5hk7CTGc3QXHw0DNxilY6Q,,&q={searchTerms}
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437405689&z=521146cb8ac537db55ddff2gaz8cem5z9e4w1q7q6e&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437405689&z=521146cb8ac537db55ddff2gaz8cem5z9e4w1q7q6e&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F7Jztutdk0003,c32dc734-64b2-4556-9424-a83e47569c74,&q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437405689&z=521146cb8ac537db55ddff2gaz8cem5z9e4w1q7q6e&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjN-ExX_oW7kU0TRL9vv-8jCVwmaMKewVVzpaCqbg4d_kDscVJgQv9IR6UIKAJDcyiXfmG4g5CO7A9ZJptLMNm0LcYrze_K_x4lFyMSsPUWyuHtax16h8XvQq86s1SH4fpQRZrkdfNxFmjp5hk81239qaKa6OFwxa4jig,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437405689&z=521146cb8ac537db55ddff2gaz8cem5z9e4w1q7q6e&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {2EA62971-5C70-487A-867A-0D313C859453} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {D18984B6-08AC-4A98-BD0F-DDF5FD800FA0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {DACEBEBD-0909-44C8-B62C-092184B010F9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375&ts=1437405752&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2015-05-07] (Perfect World Entertainment Inc)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\IT Viewer\ssie.dll [2015-07-19] (SecureSoft)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4A73E63-0074-49A9-ADD5-E0062660EF6D}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1437338019&z=c6ca6e5e4091e4720428107gdzfc9m0c0c0bcefg1b&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\NPSWF32.dll [2015-05-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-05-07] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls: "hxxp://www.google.de/"
OPR Extension: (iWebar) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-19]
OPR Extension: (Product Deals) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm [2015-07-20]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mystartsearch.com/?type=sc&ts=1437405689&z=521146cb8ac537db55ddff2gaz8cem5z9e4w1q7q6e&from=cmi&uid=SAMSUNGXHD252HJ_S17HJ1KS303375

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2014-10-01] (Andrea Electronics Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88584 2015-05-07] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 gylypihy; C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knso5B65.tmp [296960 2015-07-20] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-04] (Electronic Arts)
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-07-19] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 vicoqudu; C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp [165376 2015-07-19] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-19] (DTools LIMITED) <==== ATTENTION
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
R2 zejytose; C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp [199168 2015-07-19] () [File not signed]
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service [X]
S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2015-04-20] () [File not signed]
R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2015-04-20] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-09-06] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2014-09-06] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] () [File not signed]
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [61312 2015-06-16] (Word Surfer)
R1 {b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64; C:\Windows\System32\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys [48784 2015-07-19] (StdLib)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
S1 wsfd_1_10_0_19; system32\drivers\wsfd_1_10_0_19.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 17:32 - 2015-07-20 17:33 - 00025466 _____ C:\Users\Lisa\Downloads\FRST.txt
2015-07-20 17:32 - 2015-07-20 17:33 - 00000000 ____D C:\FRST
2015-07-20 17:32 - 2015-07-20 17:32 - 02134528 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2015-07-20 17:30 - 2015-07-20 17:31 - 01637888 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2015-07-20 17:23 - 2015-07-20 17:23 - 00000000 ____D C:\Program Files (x86)\gmsd_de_005010035
2015-07-20 17:22 - 2015-07-20 17:22 - 00003392 _____ C:\Windows\System32\Tasks\AmiUpdXp
2015-07-20 17:22 - 2015-07-20 17:22 - 00000358 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-07-20 17:22 - 2015-07-20 17:22 - 00000000 ____D C:\Users\Lisa\AppData\Local\11849
2015-07-20 17:21 - 2015-07-20 17:21 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\mystartsearch
2015-07-20 17:21 - 2015-07-20 17:21 - 00000000 ____D C:\Users\Lisa\AppData\Local\SmartWeb
2015-07-20 17:20 - 2015-07-20 17:20 - 00004176 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-07-20 17:20 - 2015-07-20 17:20 - 00004170 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-07-20 17:20 - 2015-07-20 17:20 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-07-20 16:49 - 2015-07-20 16:49 - 00368880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00104056 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00000056 _____ C:\Windows\setupact.log
2015-07-20 16:49 - 2015-07-20 16:49 - 00000000 _____ C:\Windows\setuperr.log
2015-07-20 16:48 - 2015-07-20 16:48 - 00000386 _____ C:\Windows\PFRO.log
2015-07-20 15:52 - 2015-07-20 17:26 - 00000000 ____D C:\Users\Lisa\AppData\Local\gmsd_de_005010035
2015-07-20 15:45 - 2015-07-20 15:45 - 00001228 _____ C:\Users\Lisa\Desktop\Revo Uninstaller.lnk
2015-07-20 15:45 - 2015-07-20 15:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-20 15:43 - 2015-07-20 15:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lisa\Downloads\revosetup95.exe
2015-07-20 15:42 - 2015-07-20 15:42 - 00610320 _____ C:\Users\Lisa\Downloads\Setup.exe
2015-07-20 15:19 - 2015-07-20 16:50 - 00000000 ____D C:\Users\Lisa\AppData\Local\Spotify
2015-07-20 15:19 - 2015-07-20 15:19 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-07-20 12:34 - 2015-07-20 12:34 - 00000000 ____D C:\ProgramData\40313aa4000070ef
2015-07-20 12:32 - 2015-07-20 16:51 - 00000000 ___RD C:\Users\Lisa\Dropbox
2015-07-20 12:32 - 2015-07-20 12:32 - 00001121 _____ C:\Users\Lisa\Desktop\Dropbox.lnk
2015-07-20 12:31 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-20 12:29 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2015-07-20 12:28 - 2015-07-20 16:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
2015-07-20 12:28 - 2015-07-20 12:39 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
2015-07-20 12:28 - 2015-07-20 12:34 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA
2015-07-20 12:28 - 2015-07-20 12:34 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core
2015-07-20 12:26 - 2015-07-20 16:51 - 00000000 ____D C:\Users\Lisa\AppData\Local\Dropbox
2015-07-20 12:26 - 2015-07-20 12:26 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-20 12:25 - 2015-07-20 12:25 - 00660960 _____ (Dropbox, Inc.) C:\Users\Lisa\Downloads\DropboxInstaller.exe
2015-07-20 12:20 - 2015-07-20 12:20 - 00000000 ____D C:\Users\Lisa\Documents\Optimizer Pro
2015-07-20 12:08 - 2015-07-20 12:13 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-07-20 10:08 - 2015-07-20 10:08 - 00003088 _____ C:\Windows\System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9}
2015-07-20 10:04 - 2015-07-20 10:04 - 00000000 ____D C:\ProgramData\Browser
2015-07-20 00:55 - 2015-07-20 15:19 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-20 00:55 - 2015-07-20 15:19 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-20 00:55 - 2015-07-20 12:23 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-20 00:55 - 2015-07-20 12:03 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-07-20 00:55 - 2015-07-20 12:03 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-07-20 00:55 - 2015-07-20 12:03 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-07-20 00:54 - 2015-07-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Flash
2015-07-20 00:33 - 2015-07-20 10:04 - 00003450 _____ C:\Windows\System32\Tasks\Ensefnag
2015-07-20 00:33 - 2015-07-20 00:33 - 00000000 ____D C:\ProgramData\Ensefnag
2015-07-20 00:29 - 2015-07-20 15:51 - 00000000 ____D C:\ProgramData\SearchModule
2015-07-20 00:29 - 2015-07-20 00:29 - 00004234 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3830393437393934312d3437415a556c2a3223346c41
2015-07-20 00:29 - 2015-07-20 00:29 - 00003836 _____ C:\Windows\System32\Tasks\Smp
2015-07-20 00:28 - 2015-07-20 16:02 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-07-20 00:28 - 2015-07-20 00:28 - 00003850 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-20 00:28 - 2015-07-20 00:28 - 00000000 _____ C:\places.sqlite
2015-07-20 00:24 - 2015-07-20 16:49 - 00000984 _____ C:\Windows\Tasks\M9aMN659.job
2015-07-20 00:24 - 2015-07-20 00:24 - 00004006 _____ C:\Windows\System32\Tasks\M9aMN659
2015-07-20 00:23 - 2015-07-20 10:09 - 00000000 ____D C:\Program Files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-20 00:21 - 2015-07-20 16:49 - 00001054 _____ C:\Windows\Tasks\Crossbrowse.job
2015-07-20 00:21 - 2015-07-20 00:21 - 00004076 _____ C:\Windows\System32\Tasks\Crossbrowse
2015-07-20 00:21 - 2015-07-20 00:21 - 00000000 ____D C:\Users\Lisa\AppData\Local\Crossbrowse
2015-07-20 00:18 - 2015-07-20 17:21 - 00004028 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-07-20 00:17 - 2015-07-20 00:17 - 00104056 _____ C:\Users\Surriya\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 00:17 - 2015-07-20 00:17 - 00001425 _____ C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 00:17 - 2015-07-20 00:17 - 00000020 ___SH C:\Users\Surriya\ntuser.ini
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Vorlagen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Startmenü
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Netzwerkumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Lokale Einstellungen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Eigene Dateien
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Druckumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Musik
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Bilder
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Verlauf
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Roaming\Adobe
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\VirtualStore
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\NVIDIA
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya
2015-07-20 00:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 00:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-19 23:25 - 2015-07-19 23:25 - 00000000 __SHD C:\Users\Lisa\AppData\Roaming\AnyProtectEx
2015-07-19 23:00 - 2015-07-19 08:03 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys
2015-07-19 22:57 - 2015-07-19 22:57 - 00003140 _____ C:\Windows\System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD}
2015-07-19 22:46 - 2015-07-19 22:46 - 00005478 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6
2015-07-19 22:46 - 2015-07-19 22:46 - 00003026 _____ C:\Windows\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-1-6.job
2015-07-19 22:46 - 2015-07-19 22:46 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2015-07-19 22:45 - 2015-07-19 22:45 - 00003346 _____ C:\Windows\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6.job
2015-07-19 22:43 - 2015-07-19 22:43 - 00007522 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007202 _____ C:\Windows\System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6
2015-07-19 22:40 - 2015-07-19 22:40 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-07-19 22:39 - 2015-07-20 16:49 - 00001006 _____ C:\Windows\Tasks\WwwoOyvTqB299LzHrWs.job
2015-07-19 22:39 - 2015-07-19 22:39 - 00004028 _____ C:\Windows\System32\Tasks\WwwoOyvTqB299LzHrWs
2015-07-19 22:39 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-19 22:38 - 2015-07-20 13:59 - 00000000 ____D C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 22:37 - 2015-07-20 12:41 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-19 22:37 - 2015-07-20 09:58 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 22:37 - 2015-07-19 22:42 - 00000000 ____D C:\Program Files (x86)\Coupon Time
2015-07-19 22:37 - 2015-07-19 22:39 - 00000000 ____D C:\ProgramData\AppMgr4.27.1676029
2015-07-19 22:36 - 2015-07-19 22:36 - 00004048 _____ C:\Windows\System32\Tasks\PostPoneInstall
2015-07-19 22:35 - 2015-07-19 22:35 - 00003146 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser
2015-07-19 22:34 - 2015-07-20 17:22 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-07-19 22:34 - 2015-07-19 22:36 - 00007632 _____ C:\claraInstaller.txt
2015-07-19 22:34 - 2015-07-19 22:34 - 00003254 _____ C:\Windows\System32\Tasks\IT Viewer Job
2015-07-19 22:34 - 2015-07-19 22:34 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Updater
2015-07-19 22:34 - 2015-07-19 22:34 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-19 22:33 - 2015-07-19 22:34 - 00000000 ____D C:\Program Files (x86)\IT Viewer
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\prleth.sys
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-19 22:20 - 2015-07-19 22:20 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-19 22:13 - 2015-07-20 16:05 - 00000002 _____ C:\END
2015-07-19 22:13 - 2015-07-19 22:13 - 00003086 _____ C:\Windows\System32\Tasks\sab3009
2015-07-19 22:13 - 2015-07-19 22:13 - 00000000 ____D C:\Program Files (x86)\app_setup
2015-07-19 21:02 - 2015-07-19 21:03 - 00000000 ____D C:\Users\Lisa\Documents\Ps1 Emulator
2015-07-19 20:19 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Nico Mak Computing
2015-07-19 20:18 - 2015-07-20 16:49 - 00000364 _____ C:\Windows\Tasks\HGBSRMD1.job
2015-07-19 20:18 - 2015-07-19 22:19 - 00000000 ____D C:\Program Files (x86)\WinZip Registry Optimizer
2015-07-19 20:18 - 2015-07-19 20:18 - 00069634 _____ C:\Users\Lisa\AppData\Roaming\ICSW_0C1F1F1I0R0O0MtJ1V0C1F1H1B1R1F1C1P.txt
2015-07-19 20:18 - 2015-07-19 20:18 - 00002886 _____ C:\Windows\System32\Tasks\HGBSRMD1
2015-07-19 20:17 - 2015-07-19 20:17 - 00000000 ____D C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-07-16 08:21 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 08:21 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 11:41 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 11:41 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:41 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:41 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:41 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:41 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 11:40 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:40 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:40 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:40 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:40 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:40 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:40 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:40 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:40 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:40 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:40 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:40 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:40 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:40 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:40 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:40 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:40 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:40 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:40 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:39 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:39 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 11:39 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 11:39 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 11:38 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:38 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:38 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:38 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:38 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:36 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 11:36 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 11:36 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 11:36 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:36 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:36 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:36 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 11:35 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 11:35 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 11:35 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 11:35 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 11:35 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 11:35 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 11:35 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 11:35 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 11:35 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 11:35 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 11:35 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-28 11:44 - 2015-07-20 16:53 - 01364989 _____ C:\Windows\WindowsUpdate.log
2015-06-26 16:33 - 2015-06-27 19:35 - 00000000 ____D C:\Users\Lisa\Documents\DAModder
2015-06-23 22:29 - 2015-06-23 22:30 - 00000000 ____D C:\3d46e15a7895a31b0ef8e1951832

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 17:31 - 2014-09-06 13:58 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89F12786-F91C-4F8D-9328-AC820C7336A4}
2015-07-20 17:21 - 2014-09-06 13:13 - 00001707 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 16:57 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 16:57 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 16:55 - 2014-09-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 16:51 - 2014-09-16 11:18 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Spotify
2015-07-20 16:51 - 2014-09-06 15:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2015-07-20 16:49 - 2014-09-06 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-20 16:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 16:19 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
2015-07-20 12:45 - 2014-11-30 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 12:32 - 2014-09-06 13:11 - 00000000 ____D C:\Users\Lisa
2015-07-20 10:17 - 2014-11-24 14:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-20 10:16 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-20 10:00 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 00:13 - 2014-09-06 14:24 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\TS3Client
2015-07-20 00:12 - 2015-04-20 10:45 - 00000000 ____D C:\Windows\Minidump
2015-07-19 23:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-19 23:38 - 2014-09-15 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-19 22:37 - 2014-09-06 17:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Mozilla
2015-07-19 22:34 - 2014-09-06 13:45 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-19 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 22:17 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 23:03 - 2014-09-06 14:32 - 00000000 ____D C:\Steam
2015-07-16 22:57 - 2014-09-06 14:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 22:57 - 2014-09-06 14:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 22:57 - 2014-09-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 07:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:01 - 2014-12-12 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:01 - 2014-09-06 15:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 06:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 23:51 - 2014-09-06 15:04 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 11:51 - 2014-09-06 14:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410005444
2015-07-15 11:51 - 2014-09-06 14:10 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-15 11:08 - 2014-09-15 14:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:03 - 2014-12-27 12:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-13 19:42 - 2014-09-06 16:11 - 00000000 ____D C:\Users\Lisa\AppData\Local\FirestormOS_x64
2015-07-08 21:14 - 2014-11-19 22:34 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieBrowserModeList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieUserList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieSiteList
2015-07-05 12:08 - 2014-09-06 13:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 13:28 - 2014-09-17 16:52 - 00000000 ____D C:\ProgramData\Origin
2015-07-04 09:57 - 2014-09-06 15:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 09:56 - 2014-11-28 23:34 - 00000000 ____D C:\Users\Lisa\Documents\Electronic Arts
2015-07-04 09:40 - 2014-09-17 16:52 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 16:30 - 2014-09-06 14:19 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\.minecraft
2015-07-03 08:43 - 2014-09-06 15:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-21 15:31 - 2014-09-17 17:24 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-06-20 21:52 - 2014-10-30 22:42 - 00000000 ____D C:\Users\Lisa\Documents\My Games

==================== Files in the root of some directories =======

2015-02-07 02:01 - 2015-04-27 13:57 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin
2015-07-19 20:18 - 2015-07-19 20:18 - 0069634 _____ () C:\Users\Lisa\AppData\Roaming\ICSW_0C1F1F1I0R0O0MtJ1V0C1F1H1B1R1F1C1P.txt
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Lisa\AppData\Roaming\M9aMN659
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Lisa\AppData\Roaming\M9aMN659.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.exe

Some files in TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\1432.exe
C:\Users\Lisa\AppData\Local\Temp\2036.exe
C:\Users\Lisa\AppData\Local\Temp\7862.exe
C:\Users\Lisa\AppData\Local\Temp\886.exe
C:\Users\Lisa\AppData\Local\Temp\9112.exe
C:\Users\Lisa\AppData\Local\Temp\9498.exe
C:\Users\Lisa\AppData\Local\Temp\bedhddjhca.exe
C:\Users\Lisa\AppData\Local\Temp\bedhdhcbca.exe
C:\Users\Lisa\AppData\Local\Temp\bitool.dll
C:\Users\Lisa\AppData\Local\Temp\Breath Of Fire 3 German Iso Downloader__3687_i1561116025_il1416413.exe
C:\Users\Lisa\AppData\Local\Temp\Breath Of Fire 3 German Iso Downloader__3687_i1561136890_il1422358.exe
C:\Users\Lisa\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgsooqi.dll
C:\Users\Lisa\AppData\Local\Temp\fsd9434.exe
C:\Users\Lisa\AppData\Local\Temp\fsdB866.exe
C:\Users\Lisa\AppData\Local\Temp\fsdE926.exe
C:\Users\Lisa\AppData\Local\Temp\fsdFE3C.exe
C:\Users\Lisa\AppData\Local\Temp\Launcher__13202.exe
C:\Users\Lisa\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Lisa\AppData\Local\Temp\optprosetup.exe
C:\Users\Lisa\AppData\Local\Temp\pcspeedup.exe
C:\Users\Lisa\AppData\Local\Temp\sdf6E8A.exe
C:\Users\Lisa\AppData\Local\Temp\tu17p84.exe
C:\Users\Lisa\AppData\Local\Temp\Uninstall.exe
C:\Users\Lisa\AppData\Local\Temp\ytdieamodc_amodc_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 15:46

==================== End of log ============================
         
--- --- ---

--- --- ---



Addition:FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Lisa at 2015-07-20 17:35:09
Running from C:\Users\Lisa\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3081106795-2452553169-1351690023-500 - Administrator - Disabled)
Gast (S-1-5-21-3081106795-2452553169-1351690023-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081106795-2452553169-1351690023-1002 - Limited - Enabled)
Lisa (S-1-5-21-3081106795-2452553169-1351690023-1001 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
dealpeak (HKLM-x32\...\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}) (Version:  - "") <==== ATTENTION
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.8.61.1020 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
GamesDesktop 014.005010035 (HKLM-x32\...\gmsd_de_005010035_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
GoldenCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - GoldenCoupon) <==== ATTENTION
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTION
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SaverAddon (HKLM-x32\...\{10A0E600-D246-BD63-F465-4C849C688998}) (Version:  - SaverAddon) <==== ATTENTION
savernet (HKLM-x32\...\{614925F9-841A-53FE-A28F-DC30FA07239B}) (Version:  - "") <==== ATTENTION
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Spotify (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-07-2015 11:36:12 Windows Update
15-07-2015 23:44:48 Windows Update
16-07-2015 23:05:22 Windows Update
20-07-2015 15:33:11 Windows Update
20-07-2015 15:46:25 Revo Uninstaller's restore point - Search module
20-07-2015 15:52:15 Revo Uninstaller's restore point - SmartWeb
20-07-2015 16:06:49 Revo Uninstaller's restore point - Drakensang
20-07-2015 16:09:01 Revo Uninstaller's restore point - Akamai NetSession Interface
20-07-2015 16:09:45 Revo Uninstaller's restore point - Granado Espada Europe (23.07.18)
20-07-2015 16:11:34 Revo Uninstaller's restore point - FastSearch
20-07-2015 16:13:21 Revo Uninstaller's restore point - GamesDesktop 014.005010035
20-07-2015 16:15:12 Revo Uninstaller's restore point - Friendly Error
20-07-2015 17:28:28 Revo Uninstaller's restore point - Friendly Error

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D328C8-BEE3-4023-A318-26E1BBF0FC20} - System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6 => C:\Program Files (x86)\Object Browser\b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6.exe <==== ATTENTION
Task: {0E4D537E-6AEC-48CF-AC06-DF097340F477} - System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9} => pcalua.exe -a "C:\Program Files (x86)\FriendlyError\tmpA2E.bat"
Task: {0FE1C2D4-6C14-4972-B3A3-FBB4744EB96B} - System32\Tasks\{52E89830-3959-4D71-A55C-FAD2010555E9} => pcalua.exe -a C:\Users\Lisa\Downloads\win64_153330.exe -d C:\Users\Lisa\Downloads
Task: {12BDA3D5-9B5A-405F-B270-753007E3CD5A} - System32\Tasks\IT Viewer Job => C:\Program Files (x86)\IT Viewer\astask.exe [2015-07-19] (SecureSoft)
Task: {1349AD7B-7228-4B36-9279-F5B958D517A5} - System32\Tasks\AmiUpdXp => C:\Users\Lisa\AppData\Local\11849\Updater.exe [2015-07-20] () <==== ATTENTION
Task: {162894B4-4754-4AA8-BFE0-BBC8A18C6540} - System32\Tasks\Run_Bobby_Browser => C:\Users\Lisa\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {1AB4098A-2484-45E0-90BA-04216460EA73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {21021748-3E8C-445F-A703-46D299CA75DC} - System32\Tasks\Opera scheduled Autoupdate 1410005444 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {262FB643-37A8-4B67-8C16-2E4340A3F018} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {277FA174-15C7-44AA-96F3-B10CB91F3671} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {2E05D614-459D-4E01-B210-C4388FB1407B} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {2F85E6EF-0603-4A40-B943-E4A8E671143E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {3FD112B8-7BBA-4CA0-9955-3782BE8AA577} - System32\Tasks\{12BE6692-9709-45F9-A274-B1CA13D11B36} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {4753466E-B6E0-4446-AFAF-A4846C91D53C} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-16] (Word Surfer)
Task: {48E2964E-A5B6-408F-B42B-A9195B7560B9} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {4C5AE44B-0E8E-44F2-8513-307423FD9731} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {56EF6C85-87B9-41CE-A8CE-A733A5D4BEEA} - System32\Tasks\PostPoneInstall => C:\Users\Lisa\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-07-19] (C.L.A.R.A) <==== ATTENTION
Task: {650D351C-5382-4C82-ADA0-16BF40552166} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6F585571-6702-4D8D-9EC6-B7D9D7107B83} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7260FB6B-BC4D-4229-BD6C-CD95B1572FCC} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-6.exe <==== ATTENTION
Task: {7878BF35-935A-403C-A30D-B5BFF221DDAC} - System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=fsf
Task: {7B336E91-A84A-4CF8-A34A-6CC95FC5C674} - System32\Tasks\M9aMN659 => C:\Users\Lisa\AppData\Roaming\M9aMN659.exe [2015-04-20] () <==== ATTENTION
Task: {82138DBD-B283-4C6B-B290-0EB1939D10B5} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-1-6.exe <==== ATTENTION
Task: {8318F8CD-9758-4EAC-B92D-C60DD8BF6680} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-16] (Word Surfer)
Task: {83BE98C6-A01B-49C8-BED2-8BAA20611802} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {86D1984E-837E-42E2-BFF5-40E1C98902DB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {87DB57AF-6B1E-464D-ABD5-1BD215308E04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {95B0DBAF-6ADB-420E-957A-3A5744159E38} - System32\Tasks\WwwoOyvTqB299LzHrWs => C:\Users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.exe [2015-04-20] () <==== ATTENTION
Task: {A36A2071-390E-4B71-AB89-7A17D1AE471B} - System32\Tasks\sab3009 => C:\PROGRA~2\FASTSE~1\sab3009.exe
Task: {A76A0464-034E-4020-8DB6-4B37EB65CBE2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {AA78FD50-2326-47FF-9048-C226F0BE7151} - System32\Tasks\Ensefnag => C:\ProgramData\Ensefnag\1.0.4.1\euclemli.exe [2015-07-20] ()
Task: {AF134532-6A01-4823-ACEB-DEF1887B7DD4} - System32\Tasks\{232614BD-67BD-4EBF-90C1-41D88EA2BE28} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {B39D0EFA-9583-47E8-92D3-D775C55F794C} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {BD7210F2-04A7-4FAB-B98D-4FA018A04BB1} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Lisa\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {D13618AC-BFA7-4A9E-A5A6-CB25A73FC924} - System32\Tasks\{852D5EB1-DEB2-419A-B434-FF965F832EE3} => pcalua.exe -a C:\Users\Lisa\AppData\Local\Temp\Temp1_Monopoly-Pro.zip\Mono245.exe
Task: {D2E9E6E2-9571-47A3-B8B2-3DA25D3F4CBB} - System32\Tasks\HGBSRMD1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Task: {D303EB84-BB65-4346-AD76-3722CFDA688D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E538F603-01B0-473D-B1C4-842B1F04F7AB} - System32\Tasks\{399FE967-C224-4524-BC64-12429ED5EB3D} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {E7186FEB-88F9-44EF-8621-BFC8361ECAD5} - System32\Tasks\SMW_UpdateTask_Time_3830393437393934312d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {E94A1CFE-2233-4F83-9BD7-39ED376F21F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F7BBF985-D1CA-4031-A2B9-33B408101983} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Lisa\AppData\Local\11849\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HGBSRMD1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Task: C:\Windows\Tasks\M9aMN659.job => C:\Users\Lisa\AppData\Roaming\M9aMN659.exe <==== ATTENTION
Task: C:\Windows\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-1-6.job => C:\Program Files (x86)\Object Browser\b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6.job => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\WwwoOyvTqB299LzHrWs.job => C:\Users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-09-06 13:31 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-20 13:22 - 2015-07-20 13:22 - 00296960 _____ () C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knso5B65.tmp
2015-07-20 00:33 - 2015-07-20 00:33 - 00155136 _____ () C:\ProgramData\Ensefnag\1.0.4.1\euclemli.exe
2015-07-19 22:39 - 2015-07-19 22:39 - 00165376 _____ () C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp
2015-07-19 22:39 - 2015-07-19 22:39 - 00199168 _____ () C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-20 13:28 - 2015-07-20 13:28 - 00230614 _____ () C:\Users\Lisa\AppData\Local\Temp\nsbFD65.tmp
2015-07-20 15:53 - 2015-07-19 11:52 - 03299984 _____ () C:\Users\Lisa\AppData\Local\gmsd_de_005010035\upgmsd_de_005010035.exe
2015-07-20 17:23 - 2015-07-19 11:52 - 03976848 _____ () C:\Program Files (x86)\gmsd_de_005010035\gmsd_de_005010035.exe
2015-07-20 17:24 - 2015-07-20 17:24 - 00229097 _____ () C:\Users\Lisa\AppData\Local\Temp\nsn93CB.tmp
2015-07-19 22:33 - 2015-07-19 22:33 - 00086528 _____ () C:\Program Files (x86)\IT Viewer\mgwz.dll
2015-07-20 16:50 - 2015-07-20 16:50 - 00043008 _____ () c:\users\lisa\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgsooqi.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-15 11:40 - 2015-07-15 11:32 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libglesv2.dll
2015-07-15 11:40 - 2015-07-15 11:32 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libegl.dll
2015-07-16 22:56 - 2015-07-16 22:56 - 16307888 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_210.dll
2015-07-20 17:24 - 2015-07-20 17:24 - 00011264 _____ () C:\Users\Lisa\AppData\Local\Temp\nsnC996.tmp\System.dll
2015-07-20 17:24 - 2015-07-20 17:24 - 00009728 _____ () C:\Users\Lisa\AppData\Local\Temp\nsnC996.tmp\nsDialogs.dll
2015-07-20 17:24 - 2015-07-20 17:24 - 00025088 _____ () C:\Users\Lisa\AppData\Local\Temp\nsnC996.tmp\registry.dll
2015-07-20 17:24 - 2015-07-20 17:24 - 00067584 _____ () C:\Users\Lisa\AppData\Local\Temp\nsnC996.tmp\Math.dll
2015-07-20 17:24 - 2015-07-20 17:24 - 00058368 _____ () C:\Users\Lisa\AppData\Local\Temp\nsnC996.tmp\nsCBHTML5.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B7427D0-65AF-4D6F-9C77-C9D3EAE8FAF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{05ADF46F-8AB7-47DC-B9F8-D69D2B6F9D2E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{43159BD3-25FA-4538-A56A-C3D62E6528B8}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{B11CEE67-C061-49E3-8BA5-D23BC2C5C688}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [TCP Query User{FC2540D5-6498-4814-92E9-4A7156FE873D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D5FF768B-EE92-4D05-A900-C87C68ED6EFA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F503F871-89ED-45DA-AC9C-3ABF4EA83152}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0363B4B7-70BB-4BAD-AB2A-B524E0278440}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{EA966F21-1E20-443D-B06F-199254E1FA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{00BC51D6-ED26-4B12-B2E8-D53A215859C6}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{02E9B33A-32E0-4CB0-B60C-443570E86382}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{83C41322-F52A-4447-B597-ABF58308B002}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D79E8567-1070-4DED-BF76-FA01B34BBB85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DE1FFE0B-7DF9-4EBD-8377-F8954E6A4B4A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7897420E-63CD-4CF0-9F73-7A0CCE9E614E}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75B29466-8908-44F0-A1DE-212A9B21F416}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{380FA9E8-A97A-4A4D-AD7D-183D9ED7F72C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4CE32472-B340-462F-8D90-03718A220F27}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{BA571566-1F0C-46F3-84B0-D9E64C0A1A9B}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C370CA67-FEC0-4E57-9577-9E9868E246ED}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E7C5C006-9310-40F9-824C-CC3100A04E46}] => (Allow) LPort=29900
FirewallRules: [{6717E152-FE41-4220-A3FD-911A4FAB29A3}] => (Allow) LPort=29900
FirewallRules: [TCP Query User{C909A75E-64E2-4323-A992-90D040C600A3}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{524D4E30-6753-40FE-9DCD-98490E1F7765}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{C3EA58CB-A810-48F8-B107-4504843CA73F}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1D5F5FB8-258B-4264-8B71-FC42316CB3A9}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{59D453EB-6027-41E9-913C-4912CDEC4074}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2E84E161-3287-4924-898E-1E1BB6EAD984}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F729251E-FE68-48C1-990C-68FC8CD2311B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1D0C6686-94DB-4DCA-B451-9E2FC61FA581}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8CA9BB09-2B22-4352-9B64-8BE803B0D081}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{7A6E2E0C-27F0-442F-B42F-86D429554D96}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{02093452-7A7B-4416-AD72-F842696FFAB5}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{E8D4FFF3-9D42-4DFF-8E87-4F6CDA4FD7B6}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [TCP Query User{7B7B029E-EC1B-4849-9773-980EEFFE8479}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{6ACD7323-35C2-47F9-829C-B4812F5B321B}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{4F703679-09CC-4FF6-A5E5-AD207B7911C5}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{186CFC37-D185-440A-B891-FE09B1F9B6CB}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{25C2745B-B011-439D-B034-521189260053}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9AA9719C-A0B6-42AF-B986-3B787289C955}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{72026A06-5CE7-4F1F-8B82-D46C025E04FE}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [UDP Query User{57CF344A-DEF8-4AA5-ABD4-BEBB398802B0}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [{086E3A07-F0BA-441A-B2A5-628C114C4944}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{AD22CA5F-6D73-4247-ABEE-2F311AED725D}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{E9D7C29F-9470-4E08-A983-DCD561CE1B83}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{D0344BA6-9AEA-4501-B781-550F31D19124}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{21CFAD21-A6FB-4ED6-8FC0-F1D047FEE3A9}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{A956318E-D938-4ED8-95F6-16E84EDB1976}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{E61A2207-EAAB-450D-8893-7CB93BB44071}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{85AED897-47D4-4251-ADBD-21E77A68AB6B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{D0867C0B-3672-4F57-B17E-E5A5C44983D5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4C091E2D-FA49-4B23-906E-7EE72D5B8451}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{B8217195-5D73-4DAC-AEB3-99ECE7D9059B}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{DBCFF8A6-DD4E-4873-8DA0-5AD931D1D0A8}] => (Allow) C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: wsafd_1_10_0_19
Description: wsafd_1_10_0_19
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wsafd_1_10_0_19
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: wsfd_1_10_0_19
Description: wsfd_1_10_0_19
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wsfd_1_10_0_19
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 04:03:04 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3656) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/20/2015 03:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0xccc
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0xdec
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:36:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0x1378
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0x1270
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0xef0
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:26:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0xcf8
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:25:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Name des fehlerhaften Moduls: SMUninstall.exe, Version: 1.5.0.0, Zeitstempel: 0x55ac1278
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002451d
ID des fehlerhaften Prozesses: 0x1700
Startzeit der fehlerhaften Anwendung: 0xSMUninstall.exe0
Pfad der fehlerhaften Anwendung: SMUninstall.exe1
Pfad des fehlerhaften Moduls: SMUninstall.exe2
Berichtskennung: SMUninstall.exe3

Error: (07/20/2015 03:20:30 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/20/2015 04:49:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07
wsafd_1_10_0_19
wsfd_1_10_0_19

Error: (07/20/2015 04:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ClearThink" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/20/2015 04:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Module Update" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/20/2015 04:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/20/2015 04:21:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update Product Deals" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 04:21:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Util Product Deals" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 04:18:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07
wsafd_1_10_0_19
wsfd_1_10_0_19

Error: (07/20/2015 04:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ClearThink" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/20/2015 04:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Module Update" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/20/2015 04:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (07/20/2015 04:03:04 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3656WindowsMail0:

Error: (07/20/2015 03:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451dccc01d0c2f292697cfaC:\Users\Lisa\AppData\Local\Temp\nsl3719.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsl3719.tmp\SMUninstall.exed1240907-2ee5-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451dcb801d0c2f16c229f59C:\Users\Lisa\AppData\Local\Temp\nshE59F.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nshE59F.tmp\SMUninstall.exea9d5c9aa-2ee4-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451ddec01d0c2f12b49149dC:\Users\Lisa\AppData\Local\Temp\nsm752.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsm752.tmp\SMUninstall.exe69253b03-2ee4-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:36:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451d137801d0c2f118a93059C:\Users\Lisa\AppData\Local\Temp\nsw8CC6.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsw8CC6.tmp\SMUninstall.exe585a45d4-2ee4-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451d127001d0c2efd052db3dC:\Users\Lisa\AppData\Local\Temp\nsn1B7D.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsn1B7D.tmp\SMUninstall.exe0e08eb9e-2ee3-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451def001d0c2efc3886fb7C:\Users\Lisa\AppData\Local\Temp\nsnCFED.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsnCFED.tmp\SMUninstall.exe01375bf8-2ee3-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:26:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451dcf801d0c2efa91780deC:\Users\Lisa\AppData\Local\Temp\nsi2222.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsi2222.tmp\SMUninstall.exee6c66d1f-2ee2-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:25:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SMUninstall.exe1.5.0.055ac1278SMUninstall.exe1.5.0.055ac1278400000150002451d170001d0c2ef92cdbe6dC:\Users\Lisa\AppData\Local\Temp\nsn9223.tmp\SMUninstall.exeC:\Users\Lisa\AppData\Local\Temp\nsn9223.tmp\SMUninstall.exed104591d-2ee2-11e5-b2d1-001bfc1b1466

Error: (07/20/2015 03:20:30 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


CodeIntegrity Errors:
===================================
  Date: 2015-07-20 16:48:53.117
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 16:48:53.054
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 16:17:57.753
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 16:17:57.675
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 16:02:21.708
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 16:02:21.630
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 15:18:50.547
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 15:18:50.469
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 09:57:49.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 09:57:49.410
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 80%
Total physical RAM: 2047.18 MB
Available physical RAM: 395.21 MB
Total Virtual: 4094.36 MB
Available Virtual: 1568.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:108.73 GB) NTFS
Drive d: (ESO Install) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 36C9E45B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

--- --- ---


Alt 21.07.2015, 06:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect Problem - Standard

Search Protect Problem



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    dealpeak

    GamesDesktop 014.005010035

    GoldenCoupon

    mystartsearch uninstall

    SaverAddon

    savernet

    SmartWeb

    Software Version Updater


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Search Protect Problem

Alt 21.07.2015, 14:35   #7
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



Ich bekomme gleich einen Nervenzusammenbruch :x
So bald ich bestimmte Dinge deinstalliiert hab, installiert der Dinge wieder neu -.-
Wie Youtubeadblocker usw.... Arrrr :-/

Ah und wie setze ich das gleich in Code-Tags?

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-07-20.01 - Lisa 21.07.2015  11:17:55.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2047.841 [GMT 2:00]
ausgeführt von:: c:\users\Lisa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\6471365703505097367
c:\programdata\6471365703505097367\586a6f6a6dbebd7af266bcc72039a1e9.ini
c:\programdata\6471365703505097367\b768923d4bae80f2f266bcc72039a1e9.ini
c:\programdata\6471365703505097367\b914fc66cb251846f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL
c:\programdata\6471365703505097367UL\1bb7f0e90631ad50f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\5f2014ba7c14068ff266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\6c691faf49e7ea54f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\70c836b690445aecf266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\72fd14ba52a386cff266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\7d7758bb23aa1503f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\b9a553ecd277599ef266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\f8ef2aa6bc56bc0af266bcc72039a1e9.ini
c:\users\Lisa\AppData\Local\Installer\Installshopperpro_17110
c:\users\Lisa\AppData\Local\nsyAFD7.tmp
c:\users\Lisa\AppData\Roaming\AnyProtectEx
c:\users\Lisa\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\Lisa\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\Lisa\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\Lisa\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\Lisa\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\Lisa\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\Lisa\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\Lisa\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-21 bis 2015-07-21  ))))))))))))))))))))))))))))))
.
.
2015-07-21 09:42 . 2015-07-21 09:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-21 08:52 . 2015-07-21 08:52	--------	d-----w-	c:\programdata\c040fc4600001c00
2015-07-21 08:45 . 2015-07-21 08:45	--------	d-----w-	c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}
2015-07-21 08:40 . 2015-07-21 08:40	--------	d-----w-	c:\program files (x86)\savernet
2015-07-21 08:38 . 2015-07-21 08:38	--------	d-----w-	c:\program files (x86)\SaverAddon
2015-07-21 08:14 . 2015-07-21 08:14	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D07A70-E0F0-4E94-BB51-D78D8FF1F0F1}\offreg.868.dll
2015-07-20 15:32 . 2015-07-20 15:36	--------	d-----w-	C:\FRST
2015-07-20 15:20 . 2015-07-21 08:45	--------	d-----w-	c:\program files (x86)\WordSurfer_1.10.0.19
2015-07-20 14:50 . 2015-07-20 14:51	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D07A70-E0F0-4E94-BB51-D78D8FF1F0F1}\offreg.852.dll
2015-07-20 13:45 . 2015-07-20 13:45	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-07-20 13:34 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D07A70-E0F0-4E94-BB51-D78D8FF1F0F1}\mpengine.dll
2015-07-20 13:19 . 2015-07-21 08:15	--------	d-----w-	c:\users\Lisa\AppData\Local\Spotify
2015-07-20 10:34 . 2015-07-20 10:34	--------	d-----w-	c:\programdata\40313aa4000070ef
2015-07-20 10:32 . 2015-07-21 08:15	--------	d-----r-	c:\users\Lisa\Dropbox
2015-07-20 10:29 . 2015-07-20 10:31	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Dropbox
2015-07-20 10:26 . 2015-07-21 08:15	--------	d-----w-	c:\users\Lisa\AppData\Local\Dropbox
2015-07-20 10:26 . 2015-07-20 10:26	--------	d-----w-	c:\programdata\Dropbox
2015-07-20 10:08 . 2015-07-20 10:13	--------	d-----w-	c:\program files (x86)\GUPlayer
2015-07-20 08:04 . 2015-07-20 08:04	--------	d-----w-	c:\programdata\Browser
2015-07-19 22:54 . 2015-07-19 22:54	--------	d-----w-	c:\windows\SysWow64\Flash
2015-07-19 22:33 . 2015-07-19 22:33	--------	d-----w-	c:\programdata\Ensefnag
2015-07-19 22:29 . 2015-07-20 13:51	--------	d-----w-	c:\programdata\SearchModule
2015-07-19 22:28 . 2015-07-20 14:02	--------	d-----w-	c:\program files\Common Files\Goobzo
2015-07-19 22:23 . 2015-07-20 08:09	--------	d-----w-	c:\program files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-19 22:21 . 2015-07-19 22:21	--------	d-----w-	c:\users\Lisa\AppData\Local\Crossbrowse
2015-07-19 22:17 . 2015-07-19 22:17	--------	d-----w-	c:\users\Surriya
2015-07-19 21:00 . 2015-07-19 06:03	48784	----a-w-	c:\windows\system32\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys
2015-07-19 20:46 . 2015-07-19 20:46	--------	d-----w-	c:\program files (x86)\YTDownloader
2015-07-19 20:39 . 2015-07-21 09:42	--------	d-----w-	c:\users\Lisa\AppData\Local\Installer
2015-07-19 20:38 . 2015-07-20 20:50	--------	d-----w-	c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 20:37 . 2015-07-19 20:39	--------	d-----w-	c:\programdata\AppMgr4.27.1676029
2015-07-19 20:37 . 2015-07-20 10:41	--------	d-----w-	c:\program files (x86)\globalUpdate
2015-07-19 20:37 . 2015-07-19 20:42	--------	d-----w-	c:\program files (x86)\Coupon Time
2015-07-19 20:34 . 2015-07-19 20:34	--------	d-----w-	c:\programdata\IHProtectUpDate
2015-07-19 20:34 . 2015-07-20 15:22	--------	d-----w-	c:\program files (x86)\MiuiTab
2015-07-19 20:34 . 2015-07-19 20:34	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Updater
2015-07-19 20:33 . 2015-07-19 20:33	0	----a-w-	c:\windows\prleth.sys
2015-07-19 20:33 . 2015-07-19 20:33	0	----a-w-	c:\windows\hgfs.sys
2015-07-19 20:33 . 2015-07-19 20:34	--------	d-----w-	c:\program files (x86)\IT Viewer
2015-07-19 20:20 . 2015-07-19 20:20	--------	d-----w-	c:\program files (x86)\predm
2015-07-19 20:13 . 2015-07-19 20:13	--------	d-----w-	c:\program files (x86)\app_setup
2015-07-19 18:19 . 2015-07-19 20:19	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Nico Mak Computing
2015-07-19 18:18 . 2015-07-19 20:19	--------	d-----w-	c:\program files (x86)\WinZip Registry Optimizer
2015-07-19 18:17 . 2015-07-19 18:17	--------	d-----w-	c:\programdata\7b24ec7cc000461ebe26d116b88142c8
2015-07-19 09:48 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-17 09:44 . 2015-07-01 09:12	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A45C7070-8EE7-41D1-B407-6584E09E708D}\gapaengine.dll
2015-07-16 06:21 . 2015-06-02 00:07	254976	----a-w-	c:\windows\system32\cewmdm.dll
2015-07-16 06:21 . 2015-06-01 23:47	210432	----a-w-	c:\windows\SysWow64\cewmdm.dll
2015-07-15 09:39 . 2015-06-11 13:15	429568	----a-w-	c:\windows\system32\wksprt.exe
2015-07-15 09:38 . 2015-07-01 20:49	1216512	----a-w-	c:\windows\system32\rpcrt4.dll
2015-07-15 09:36 . 2015-06-15 21:45	3242496	----a-w-	c:\windows\system32\msi.dll
2015-07-15 09:35 . 2015-07-09 17:58	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-07-15 09:35 . 2015-07-03 18:05	41984	----a-w-	c:\windows\system32\lpk.dll
2015-07-15 09:35 . 2015-07-03 18:05	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-07-15 09:35 . 2015-07-03 18:05	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-07-15 09:35 . 2015-07-03 18:05	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-07-15 09:35 . 2015-07-03 17:56	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-07-15 09:35 . 2015-07-03 17:56	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-07-15 09:35 . 2015-07-03 17:56	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-07-15 09:35 . 2015-07-03 16:52	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-07-15 09:35 . 2015-07-03 16:42	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-07-15 09:35 . 2015-07-03 17:55	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-06-23 20:29 . 2015-06-23 20:30	--------	d-----w-	C:\3d46e15a7895a31b0ef8e1951832
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 20:57 . 2014-09-06 12:16	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 20:57 . 2014-09-06 12:16	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 10:08 . 2014-09-06 11:26	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-07-03 06:43 . 2014-09-06 13:04	130333168	----a-w-	c:\windows\system32\MRT.exe
2015-07-01 09:12 . 2014-09-17 10:27	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-21 13:31 . 2014-09-17 15:24	447752	----a-w-	c:\windows\SysWow64\vp6vfw.dll
2015-05-25 18:24 . 2015-06-10 08:17	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 08:17	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 08:17	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 08:17	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 08:17	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 08:17	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 08:17	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 08:17	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 08:17	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 08:17	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 08:17	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 08:17	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 08:17	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 08:17	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 08:17	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 08:17	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 08:17	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 08:17	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 08:17	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 08:17	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 08:17	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 08:17	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 08:17	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 08:17	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 08:17	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 08:17	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 08:17	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 08:17	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 08:17	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 08:17	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 08:17	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 08:17	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 08:17	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 08:17	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 08:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 08:17	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 08:17	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 08:17	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 08:17	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 08:17	82944	----a-w-	c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 08:17	17408	----a-w-	c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 08:17	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 08:17	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 08:17	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-14 2008632]
"Akamai NetSession Interface"="c:\users\Lisa\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"Spotify"="c:\users\Lisa\AppData\Roaming\Spotify\Spotify.exe" [2015-07-14 7334968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-05-14 28917376]
"Dropbox Update"="c:\users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-07-20 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2014-10-01 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 335232]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-7-20 44236896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 wsfd_1_10_0_19;wsfd_1_10_0_19;c:\windows\system32\drivers\wsfd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsfd_1_10_0_19.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 qejytezo;Mathematical Calculation Intuitive;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knsy49CB.tmp;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knsy49CB.tmp [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [x]
R2 Update ClearThink;Update ClearThink;c:\program files (x86)\ClearThink\updateClearThink.exe;c:\program files (x86)\ClearThink\updateClearThink.exe [x]
R2 vicoqudu;Encyclopaedia Enter;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp [x]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
R2 zejytose;Typewriter High Resolution;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
S1 {b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64;{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64;c:\windows\system32\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys;c:\windows\SYSNATIVE\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys [x]
S1 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys;c:\windows\SYSNATIVE\drivers\acedrv09.sys [x]
S1 wsafd_1_10_0_19;wsafd_1_10_0_19;c:\windows\system32\drivers\wsafd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsafd_1_10_0_19.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IHProtect Service;IHProtect Service;c:\program files (x86)\MiuiTab\ProtectService.exe;c:\program files (x86)\MiuiTab\ProtectService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 PrivoxyService;Privoxy (PrivoxyService);c:\program files (x86)\IT Viewer\privoxy.exe;c:\program files (x86)\IT Viewer\privoxy.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-06 20:57]
.
2015-07-21 c:\windows\Tasks\CaptureHigh.job
- c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe [2014-07-21 08:45]
.
2015-07-20 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
- c:\users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20 10:26]
.
2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
- c:\users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20 10:26]
.
2015-07-21 c:\windows\Tasks\M9aMN659.job
- c:\users\Lisa\AppData\Roaming\M9aMN659.exe [2015-04-20 14:05]
.
2015-07-21 c:\windows\Tasks\WwwoOyvTqB299LzHrWs.job
- c:\users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.exe [2015-04-20 14:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
mStart Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjN-ExX_oW7kU0TRL9vv-8jCVwmaMKewVVzpaCqbg4d_kDscVJgQv9IR6UIKAJDcyiXfmG4g5CO7A9ZJptLMNm0LcYrze_K_x4lFyMSsPUWyuHtax16h8XvQq86s1SH4fpQRZrkdfNxFmjp5hk7CTGc3QXHw0DNxilY6Q,,&q={searchTerms}
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-GoogleChromeAutoLaunch_B94B428F965CE44077607E28858C9F13 - c:\users\Lisa\AppData\Local\Chromium\Application\chrome.exe
Wow6432Node-HKCU-Run-DesktopSearch - c:\programdata\DesktopSearch\DesktopSearch.exe
Wow6432Node-HKCU-Run-DeskBar - c:\users\Lisa\AppData\Local\DeskBar\dblaunch.exe
Wow6432Node-HKLM-Run-mbot_de_014010035 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_005010035 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_002020035 - (no file)
Wow6432Node-HKLM-Run-rec_de_52 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_005010036 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
HKLM-Run-3D BubbleSound - c:\program files\BubbleSound\3D BubbleSound.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\qejytezo]
"ImagePath"="c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knsy49CB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vicoqudu]
"ImagePath"="c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\zejytose]
"ImagePath"="c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\SecuROM\License information*]
"datasecu"=hex:9c,e5,47,20,a8,bb,76,c4,21,21,b0,41,f1,a9,db,67,a9,ef,bc,01,71,
   26,a7,7f,a0,67,69,32,23,0b,53,56,7e,e3,fe,f0,1f,61,e2,dc,a0,fe,2e,1a,a6,fe,\
"rkeysecu"=hex:ee,10,5f,43,52,65,1c,18,ed,7d,54,2d,ba,3b,f1,13
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-21  11:47:07
ComboFix-quarantined-files.txt  2015-07-21 09:47
.
Vor Suchlauf: 15 Verzeichnis(se), 118.460.354.560 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 118.579.916.800 Bytes frei
.
- - End Of File - - 7FAB95BE3444BC43C771C74513886779
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Tja und nun habe ich erneut
Games-destkop 014.52
GamesDestkop 014.005050036
SmartWeb
Friendly Error
youtubeadbocker
Support PL 1.1
Tv For Chrome

auf dem Pc...


Langsam könnte ich echt heulen...
Pc platt machen und neu machen kann ich selbst nicht, außerdem habe ich ja nichtmal Windows 7 installations CD da...die dürfte ich mir dann erst kaufen....

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-07-20.01 - Lisa 21.07.2015  11:17:55.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2047.841 [GMT 2:00]
ausgeführt von:: c:\users\Lisa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\6471365703505097367
c:\programdata\6471365703505097367\586a6f6a6dbebd7af266bcc72039a1e9.ini
c:\programdata\6471365703505097367\b768923d4bae80f2f266bcc72039a1e9.ini
c:\programdata\6471365703505097367\b914fc66cb251846f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL
c:\programdata\6471365703505097367UL\1bb7f0e90631ad50f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\5f2014ba7c14068ff266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\6c691faf49e7ea54f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\70c836b690445aecf266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\72fd14ba52a386cff266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\7d7758bb23aa1503f266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\b9a553ecd277599ef266bcc72039a1e9.ini
c:\programdata\6471365703505097367UL\f8ef2aa6bc56bc0af266bcc72039a1e9.ini
c:\users\Lisa\AppData\Local\Installer\Installshopperpro_17110
c:\users\Lisa\AppData\Local\nsyAFD7.tmp
c:\users\Lisa\AppData\Roaming\AnyProtectEx
c:\users\Lisa\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\Lisa\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\Lisa\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\Lisa\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\Lisa\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\Lisa\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\Lisa\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\Lisa\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-21 bis 2015-07-21  ))))))))))))))))))))))))))))))
.
.
2015-07-21 09:42 . 2015-07-21 09:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-21 08:52 . 2015-07-21 08:52	--------	d-----w-	c:\programdata\c040fc4600001c00
2015-07-21 08:45 . 2015-07-21 08:45	--------	d-----w-	c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}
2015-07-21 08:40 . 2015-07-21 08:40	--------	d-----w-	c:\program files (x86)\savernet
2015-07-21 08:38 . 2015-07-21 08:38	--------	d-----w-	c:\program files (x86)\SaverAddon
2015-07-21 08:14 . 2015-07-21 08:14	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D07A70-E0F0-4E94-BB51-D78D8FF1F0F1}\offreg.868.dll
2015-07-20 15:32 . 2015-07-20 15:36	--------	d-----w-	C:\FRST
2015-07-20 15:20 . 2015-07-21 08:45	--------	d-----w-	c:\program files (x86)\WordSurfer_1.10.0.19
2015-07-20 14:50 . 2015-07-20 14:51	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D07A70-E0F0-4E94-BB51-D78D8FF1F0F1}\offreg.852.dll
2015-07-20 13:45 . 2015-07-20 13:45	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-07-20 13:34 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D07A70-E0F0-4E94-BB51-D78D8FF1F0F1}\mpengine.dll
2015-07-20 13:19 . 2015-07-21 08:15	--------	d-----w-	c:\users\Lisa\AppData\Local\Spotify
2015-07-20 10:34 . 2015-07-20 10:34	--------	d-----w-	c:\programdata\40313aa4000070ef
2015-07-20 10:32 . 2015-07-21 08:15	--------	d-----r-	c:\users\Lisa\Dropbox
2015-07-20 10:29 . 2015-07-20 10:31	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Dropbox
2015-07-20 10:26 . 2015-07-21 08:15	--------	d-----w-	c:\users\Lisa\AppData\Local\Dropbox
2015-07-20 10:26 . 2015-07-20 10:26	--------	d-----w-	c:\programdata\Dropbox
2015-07-20 10:08 . 2015-07-20 10:13	--------	d-----w-	c:\program files (x86)\GUPlayer
2015-07-20 08:04 . 2015-07-20 08:04	--------	d-----w-	c:\programdata\Browser
2015-07-19 22:54 . 2015-07-19 22:54	--------	d-----w-	c:\windows\SysWow64\Flash
2015-07-19 22:33 . 2015-07-19 22:33	--------	d-----w-	c:\programdata\Ensefnag
2015-07-19 22:29 . 2015-07-20 13:51	--------	d-----w-	c:\programdata\SearchModule
2015-07-19 22:28 . 2015-07-20 14:02	--------	d-----w-	c:\program files\Common Files\Goobzo
2015-07-19 22:23 . 2015-07-20 08:09	--------	d-----w-	c:\program files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-19 22:21 . 2015-07-19 22:21	--------	d-----w-	c:\users\Lisa\AppData\Local\Crossbrowse
2015-07-19 22:17 . 2015-07-19 22:17	--------	d-----w-	c:\users\Surriya
2015-07-19 21:00 . 2015-07-19 06:03	48784	----a-w-	c:\windows\system32\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys
2015-07-19 20:46 . 2015-07-19 20:46	--------	d-----w-	c:\program files (x86)\YTDownloader
2015-07-19 20:39 . 2015-07-21 09:42	--------	d-----w-	c:\users\Lisa\AppData\Local\Installer
2015-07-19 20:38 . 2015-07-20 20:50	--------	d-----w-	c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 20:37 . 2015-07-19 20:39	--------	d-----w-	c:\programdata\AppMgr4.27.1676029
2015-07-19 20:37 . 2015-07-20 10:41	--------	d-----w-	c:\program files (x86)\globalUpdate
2015-07-19 20:37 . 2015-07-19 20:42	--------	d-----w-	c:\program files (x86)\Coupon Time
2015-07-19 20:34 . 2015-07-19 20:34	--------	d-----w-	c:\programdata\IHProtectUpDate
2015-07-19 20:34 . 2015-07-20 15:22	--------	d-----w-	c:\program files (x86)\MiuiTab
2015-07-19 20:34 . 2015-07-19 20:34	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Updater
2015-07-19 20:33 . 2015-07-19 20:33	0	----a-w-	c:\windows\prleth.sys
2015-07-19 20:33 . 2015-07-19 20:33	0	----a-w-	c:\windows\hgfs.sys
2015-07-19 20:33 . 2015-07-19 20:34	--------	d-----w-	c:\program files (x86)\IT Viewer
2015-07-19 20:20 . 2015-07-19 20:20	--------	d-----w-	c:\program files (x86)\predm
2015-07-19 20:13 . 2015-07-19 20:13	--------	d-----w-	c:\program files (x86)\app_setup
2015-07-19 18:19 . 2015-07-19 20:19	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Nico Mak Computing
2015-07-19 18:18 . 2015-07-19 20:19	--------	d-----w-	c:\program files (x86)\WinZip Registry Optimizer
2015-07-19 18:17 . 2015-07-19 18:17	--------	d-----w-	c:\programdata\7b24ec7cc000461ebe26d116b88142c8
2015-07-19 09:48 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-17 09:44 . 2015-07-01 09:12	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A45C7070-8EE7-41D1-B407-6584E09E708D}\gapaengine.dll
2015-07-16 06:21 . 2015-06-02 00:07	254976	----a-w-	c:\windows\system32\cewmdm.dll
2015-07-16 06:21 . 2015-06-01 23:47	210432	----a-w-	c:\windows\SysWow64\cewmdm.dll
2015-07-15 09:39 . 2015-06-11 13:15	429568	----a-w-	c:\windows\system32\wksprt.exe
2015-07-15 09:38 . 2015-07-01 20:49	1216512	----a-w-	c:\windows\system32\rpcrt4.dll
2015-07-15 09:36 . 2015-06-15 21:45	3242496	----a-w-	c:\windows\system32\msi.dll
2015-07-15 09:35 . 2015-07-09 17:58	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-07-15 09:35 . 2015-07-03 18:05	41984	----a-w-	c:\windows\system32\lpk.dll
2015-07-15 09:35 . 2015-07-03 18:05	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-07-15 09:35 . 2015-07-03 18:05	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-07-15 09:35 . 2015-07-03 18:05	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-07-15 09:35 . 2015-07-03 17:56	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-07-15 09:35 . 2015-07-03 17:56	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-07-15 09:35 . 2015-07-03 17:56	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-07-15 09:35 . 2015-07-03 16:52	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-07-15 09:35 . 2015-07-03 16:42	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-07-15 09:35 . 2015-07-03 17:55	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-06-23 20:29 . 2015-06-23 20:30	--------	d-----w-	C:\3d46e15a7895a31b0ef8e1951832
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 20:57 . 2014-09-06 12:16	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 20:57 . 2014-09-06 12:16	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 10:08 . 2014-09-06 11:26	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-07-03 06:43 . 2014-09-06 13:04	130333168	----a-w-	c:\windows\system32\MRT.exe
2015-07-01 09:12 . 2014-09-17 10:27	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-21 13:31 . 2014-09-17 15:24	447752	----a-w-	c:\windows\SysWow64\vp6vfw.dll
2015-05-25 18:24 . 2015-06-10 08:17	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 08:17	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 08:17	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 08:17	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 08:17	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 08:17	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 08:17	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 08:17	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 08:17	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 08:17	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 08:17	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 08:17	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 08:17	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 08:17	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 08:17	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 08:17	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 08:17	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 08:17	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 08:17	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 08:17	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 08:17	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 08:17	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 08:17	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 08:17	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 08:17	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 08:17	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 08:17	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 08:17	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 08:17	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 08:17	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 08:17	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 08:17	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 08:17	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 08:17	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 08:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 08:17	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 08:17	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 08:17	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 08:17	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 08:17	82944	----a-w-	c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 08:17	17408	----a-w-	c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 08:17	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 08:17	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 08:17	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-10 08:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-14 2008632]
"Akamai NetSession Interface"="c:\users\Lisa\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"Spotify"="c:\users\Lisa\AppData\Roaming\Spotify\Spotify.exe" [2015-07-14 7334968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-05-14 28917376]
"Dropbox Update"="c:\users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-07-20 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2014-10-01 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 335232]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-7-20 44236896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 wsfd_1_10_0_19;wsfd_1_10_0_19;c:\windows\system32\drivers\wsfd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsfd_1_10_0_19.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 qejytezo;Mathematical Calculation Intuitive;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knsy49CB.tmp;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knsy49CB.tmp [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [x]
R2 Update ClearThink;Update ClearThink;c:\program files (x86)\ClearThink\updateClearThink.exe;c:\program files (x86)\ClearThink\updateClearThink.exe [x]
R2 vicoqudu;Encyclopaedia Enter;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp [x]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
R2 zejytose;Typewriter High Resolution;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp;c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
S1 {b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64;{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64;c:\windows\system32\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys;c:\windows\SYSNATIVE\drivers\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}Gw64.sys [x]
S1 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys;c:\windows\SYSNATIVE\drivers\acedrv09.sys [x]
S1 wsafd_1_10_0_19;wsafd_1_10_0_19;c:\windows\system32\drivers\wsafd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsafd_1_10_0_19.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IHProtect Service;IHProtect Service;c:\program files (x86)\MiuiTab\ProtectService.exe;c:\program files (x86)\MiuiTab\ProtectService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 PrivoxyService;Privoxy (PrivoxyService);c:\program files (x86)\IT Viewer\privoxy.exe;c:\program files (x86)\IT Viewer\privoxy.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-06 20:57]
.
2015-07-21 c:\windows\Tasks\CaptureHigh.job
- c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe [2014-07-21 08:45]
.
2015-07-20 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
- c:\users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20 10:26]
.
2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
- c:\users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20 10:26]
.
2015-07-21 c:\windows\Tasks\M9aMN659.job
- c:\users\Lisa\AppData\Roaming\M9aMN659.exe [2015-04-20 14:05]
.
2015-07-21 c:\windows\Tasks\WwwoOyvTqB299LzHrWs.job
- c:\users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.exe [2015-04-20 14:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
mStart Page = hxxp://www.oursurfing.com/?type=hppp&ts=1437338038&z=346e2a8ddebbbb1f76b841cg1z4ccm6ccc5b2ebcem&from=fsf&uid=SAMSUNGXHD252HJ_S17HJ1KS303375
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjN-ExX_oW7kU0TRL9vv-8jCVwmaMKewVVzpaCqbg4d_kDscVJgQv9IR6UIKAJDcyiXfmG4g5CO7A9ZJptLMNm0LcYrze_K_x4lFyMSsPUWyuHtax16h8XvQq86s1SH4fpQRZrkdfNxFmjp5hk7CTGc3QXHw0DNxilY6Q,,&q={searchTerms}
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-GoogleChromeAutoLaunch_B94B428F965CE44077607E28858C9F13 - c:\users\Lisa\AppData\Local\Chromium\Application\chrome.exe
Wow6432Node-HKCU-Run-DesktopSearch - c:\programdata\DesktopSearch\DesktopSearch.exe
Wow6432Node-HKCU-Run-DeskBar - c:\users\Lisa\AppData\Local\DeskBar\dblaunch.exe
Wow6432Node-HKLM-Run-mbot_de_014010035 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_005010035 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_002020035 - (no file)
Wow6432Node-HKLM-Run-rec_de_52 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_005010036 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
HKLM-Run-3D BubbleSound - c:\program files\BubbleSound\3D BubbleSound.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\qejytezo]
"ImagePath"="c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\knsy49CB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vicoqudu]
"ImagePath"="c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\hnsq8F83.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\zejytose]
"ImagePath"="c:\program files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\SecuROM\License information*]
"datasecu"=hex:9c,e5,47,20,a8,bb,76,c4,21,21,b0,41,f1,a9,db,67,a9,ef,bc,01,71,
   26,a7,7f,a0,67,69,32,23,0b,53,56,7e,e3,fe,f0,1f,61,e2,dc,a0,fe,2e,1a,a6,fe,\
"rkeysecu"=hex:ee,10,5f,43,52,65,1c,18,ed,7d,54,2d,ba,3b,f1,13
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-21  11:47:07
ComboFix-quarantined-files.txt  2015-07-21 09:47
.
Vor Suchlauf: 15 Verzeichnis(se), 118.460.354.560 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 118.579.916.800 Bytes frei
.
- - End Of File - - 7FAB95BE3444BC43C771C74513886779
         
--- --- ---
[/CODE]

ich glaube das Problem ist erledigt, habe einfach adwcleander drüber laufen lassen und der hatte Cassiopesa entdeckt und entfernt und Search protect usw auch.... aber trotzdem danke dir... oder soll ich nochmal mit irgendwas scannen und hier Posten das du nachschauen kannst ob nun echt alles in Ordnung ist?

Okay Probem ist doch noch da -.-

Ich glaube das ist insgesamt ein Cassiopesa Problem.... das war nämlich bei Porgramme und Funktionen mal da und auch unter AppData/Lokal... aber da ist der Ordner nicht mehr... es erden aber immer wieder Programme installiert, Internetseiten öffnen sich....

Alt 22.07.2015, 07:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect Problem - Standard

Search Protect Problem



Nix machen was nicht angeordnet wurde

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



dann nochmal AdwCleaner:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2015, 11:42   #9
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



Maah ich hab das jetzt in Quarantäne und dann neugestartet, nur wenn ich jetzt auf das neueste Suchauf Protokoll gehe steht nirgendswo Ansicht? wie speicher ich das denn jetzt um Ihnen hier zu zeigen was alles gefunden wurde? das waren über 100 Dateien als Virus gemeldet :x Naja ich mach jetzt erst Mal den zweiten Schritt mit Adw Cleaner...
Sollen die Dateien erst mal nur in Quarantäne bleiben?

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 22/07/2015 um 12:12:39
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Lisa - LISA-PC
# Gestarted von : C:\Users\Lisa\Desktop\adwcleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\InstallSightSDK
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Games-desktop
Ordner Gelöscht : C:\Program Files (x86)\Crossbrowse
Ordner Gelöscht : C:\Program Files (x86)\gmsd_de_005010037
Ordner Gelöscht : C:\Program Files (x86)\rec_de_53
Ordner Gelöscht : C:\Program Files\WebBar
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\WebBar
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\Crossbrowse
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\gmsd_de_005010037
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\rec_de_53
Ordner Gelöscht : C:\Users\Lisa\AppData\LocalLow\SmartWeb
Ordner Gelöscht : C:\Users\Lisa\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Lisa\AppData\Roaming\istartsurf
Ordner Gelöscht : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Ordner Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage-journal
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.istartsurf.com_0.localstorage
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : Crossbrowse
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : SmartWeb Upgrade Trigger Task
Task Gelöscht : WebBarLaunchTask
Task Gelöscht : WebBarUpdateTask
Task Gelöscht : a9b25328-9dc7-4d8a-94b1-f1a515b3ecfd-1-6
Task Gelöscht : a9b25328-9dc7-4d8a-94b1-f1a515b3ecfd-1-7
Task Gelöscht : a9b25328-9dc7-4d8a-94b1-f1a515b3ecfd-10_user
Task Gelöscht : a9b25328-9dc7-4d8a-94b1-f1a515b3ecfd-11
Task Gelöscht : a9b25328-9dc7-4d8a-94b1-f1a515b3ecfd-5
Task Gelöscht : a9b25328-9dc7-4d8a-94b1-f1a515b3ecfd-5_user

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7579d140cc6e5a\Chromium.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Wert Gelöscht : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\HighDefAction
Schlüssel Gelöscht : HKCU\Software\ArenaHD
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v


-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [21362 Bytes] - [21/07/2015 13:41:11]
AdwCleaner[R1].txt - [1606 Bytes] - [21/07/2015 13:56:17]
AdwCleaner[R2].txt - [10497 Bytes] - [21/07/2015 16:18:29]
AdwCleaner[R3].txt - [10610 Bytes] - [22/07/2015 12:11:47]
AdwCleaner[S0].txt - [17514 Bytes] - [21/07/2015 13:44:43]
AdwCleaner[S1].txt - [7592 Bytes] - [21/07/2015 16:19:30]
AdwCleaner[S2].txt - [9504 Bytes] - [22/07/2015 12:12:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [9563  Bytes] ##########
         
--- --- ---
[/CODE]

JRT Logfile:
Code:
ATTFilter
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lisa on 22.07.2015 at 12:32:01,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_205ED920C9000802AD7CEBCFA68F870D
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] (Standard)    REG_SZ    Crossbrowse
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update ClearThink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc



~~~ Files

Successfully deleted: [File] C:\Users\Lisa\Appdata\Local\nsi82E7.tmp
Successfully deleted: [File] C:\Users\Lisa\Appdata\Local\nsk85D5.tmp
Successfully deleted: [File] C:\Users\Lisa\Appdata\Local\nst7EC5.tmp
Successfully deleted: [File] C:\Users\Lisa\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Lisa\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\CinemaPlus-3.2cV21.07
Successfully deleted: [Folder] C:\Users\Lisa\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Lisa\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Lisa\Documents\optimizer pro
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8



~~~ Chrome


[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2015 at 12:37:49,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---
[/CODE]


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Lisa (administrator) on LISA-PC on 22-07-2015 12:39:22
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-10-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify Web Helper] => C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify] => C:\Users\Lisa\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4A73E63-0074-49A9-ADD5-E0062660EF6D}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\NPSWF32.dll [2015-05-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-05-07] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (iWebar) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-19]
OPR Extension: (Product Deals) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm [2015-07-20]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartsurf.com/?type=sc&ts=1437490452&z=4ba2030ede134013ed43606g1z1c4m1z0t3ecz0o5e&from=face&uid=SAMSUNGXHD252HJ_S17HJ1KS303375

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2014-10-01] (Andrea Electronics Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88584 2015-05-07] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-04] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2015-04-20] () [File not signed]
R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2015-04-20] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-09-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2014-09-06] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 12:39 - 2015-07-22 12:39 - 00011677 _____ C:\Users\Lisa\Desktop\FRST.txt
2015-07-22 12:37 - 2015-07-22 12:37 - 00002746 _____ C:\Users\Lisa\Desktop\JRT.txt
2015-07-22 12:30 - 2015-07-22 12:30 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Lisa\Desktop\JRT.exe
2015-07-22 12:26 - 2015-07-22 12:26 - 02135552 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2015-07-22 11:04 - 2015-07-22 12:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 11:04 - 2015-07-22 11:04 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-22 11:04 - 2015-07-22 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-22 11:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 11:04 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 11:03 - 2015-07-22 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-22 11:03 - 2015-07-22 11:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 11:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-21 16:54 - 2015-07-21 16:54 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-07-21 16:01 - 2015-07-21 16:01 - 00003038 _____ C:\Windows\System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7}
2015-07-21 16:01 - 2015-07-21 16:01 - 00000000 ___HD C:\Users\Lisa\AppData\Roaming\eNdNEAHi
2015-07-21 13:34 - 2015-07-22 12:13 - 00000000 ____D C:\AdwCleaner
2015-07-21 13:29 - 2015-07-21 13:29 - 02248704 _____ C:\Users\Lisa\Desktop\adwcleaner_4.208.exe
2015-07-21 12:25 - 2015-07-22 11:51 - 00000000 ____D C:\Program Files (x86)\Tv For  Chrome
2015-07-21 11:47 - 2015-07-21 11:47 - 00032958 _____ C:\ComboFix.txt
2015-07-21 11:15 - 2015-07-21 11:15 - 00001146 _____ C:\Users\Lisa\Desktop\ComboFix.exe - Verknüpfung.lnk
2015-07-21 11:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-21 11:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-21 11:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-21 11:08 - 2015-07-21 11:47 - 00000000 ____D C:\Qoobox
2015-07-21 11:08 - 2015-07-21 11:44 - 00000000 ____D C:\Windows\erdnt
2015-07-21 10:45 - 2015-07-22 10:45 - 00000334 _____ C:\Windows\Tasks\CaptureHigh.job
2015-07-21 10:45 - 2015-07-21 10:45 - 00003244 _____ C:\Windows\System32\Tasks\CaptureHigh
2015-07-21 10:44 - 2015-07-21 12:24 - 00000000 _____ C:\dummy.htm
2015-07-21 10:26 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:26 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:26 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:44 - 2015-07-20 20:44 - 00000000 ____D C:\Users\Lisa\Documents\ANNO 1404 Venedig
2015-07-20 19:21 - 2015-07-20 19:21 - 00000201 _____ C:\Users\Lisa\Desktop\Anno 1404 Venice.url
2015-07-20 17:32 - 2015-07-22 12:39 - 00000000 ____D C:\FRST
2015-07-20 16:49 - 2015-07-22 12:14 - 00000448 _____ C:\Windows\setupact.log
2015-07-20 16:49 - 2015-07-22 10:32 - 00368880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00104056 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00000000 _____ C:\Windows\setuperr.log
2015-07-20 16:48 - 2015-07-22 11:54 - 00007478 _____ C:\Windows\PFRO.log
2015-07-20 15:45 - 2015-07-20 15:45 - 00001228 _____ C:\Users\Lisa\Desktop\Revo Uninstaller.lnk
2015-07-20 15:45 - 2015-07-20 15:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-20 15:19 - 2015-07-22 12:14 - 00000000 ____D C:\Users\Lisa\AppData\Local\Spotify
2015-07-20 12:32 - 2015-07-22 12:16 - 00000000 ___RD C:\Users\Lisa\Dropbox
2015-07-20 12:32 - 2015-07-20 12:32 - 00001121 _____ C:\Users\Lisa\Desktop\Dropbox.lnk
2015-07-20 12:31 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-20 12:29 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2015-07-20 12:28 - 2015-07-22 12:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
2015-07-20 12:28 - 2015-07-22 12:39 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
2015-07-20 12:28 - 2015-07-20 12:34 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA
2015-07-20 12:28 - 2015-07-20 12:34 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core
2015-07-20 12:26 - 2015-07-22 12:16 - 00000000 ____D C:\Users\Lisa\AppData\Local\Dropbox
2015-07-20 12:26 - 2015-07-20 12:26 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-20 10:08 - 2015-07-20 10:08 - 00003088 _____ C:\Windows\System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9}
2015-07-20 00:54 - 2015-07-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Flash
2015-07-20 00:33 - 2015-07-22 10:47 - 00000000 ____D C:\ProgramData\Ensefnag
2015-07-20 00:28 - 2015-07-20 00:28 - 00003850 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-20 00:28 - 2015-07-20 00:28 - 00000000 _____ C:\places.sqlite
2015-07-20 00:23 - 2015-07-20 10:09 - 00000000 ____D C:\Program Files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-20 00:17 - 2015-07-20 00:17 - 00104056 _____ C:\Users\Surriya\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 00:17 - 2015-07-20 00:17 - 00001425 _____ C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 00:17 - 2015-07-20 00:17 - 00000020 ___SH C:\Users\Surriya\ntuser.ini
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Vorlagen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Startmenü
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Netzwerkumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Lokale Einstellungen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Eigene Dateien
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Druckumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Musik
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Bilder
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Verlauf
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Roaming\Adobe
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\VirtualStore
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\NVIDIA
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya
2015-07-20 00:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 00:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-19 22:57 - 2015-07-19 22:57 - 00003140 _____ C:\Windows\System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD}
2015-07-19 22:46 - 2015-07-19 22:46 - 00005478 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007522 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007202 _____ C:\Windows\System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6
2015-07-19 22:39 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-19 22:38 - 2015-07-21 22:23 - 00000000 ____D C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 22:37 - 2015-07-22 11:08 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 22:37 - 2015-07-19 22:39 - 00000000 ____D C:\ProgramData\AppMgr4.27.1676029
2015-07-19 22:34 - 2015-07-20 22:34 - 00003254 _____ C:\Windows\System32\Tasks\IT Viewer Job
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\prleth.sys
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-19 22:13 - 2015-07-19 22:13 - 00003086 _____ C:\Windows\System32\Tasks\sab3009
2015-07-19 21:02 - 2015-07-19 21:03 - 00000000 ____D C:\Users\Lisa\Documents\Ps1 Emulator
2015-07-16 08:21 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 08:21 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 11:41 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 11:41 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:41 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:41 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:41 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:41 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 11:40 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:40 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:40 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:40 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:40 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:40 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:40 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:40 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:40 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:40 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:40 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:40 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:40 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:40 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:40 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:40 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:40 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:40 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:40 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:39 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:39 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 11:39 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 11:39 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 11:38 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:38 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:38 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:38 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:38 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:36 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 11:36 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 11:36 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 11:36 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:36 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:36 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:36 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 11:35 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-28 11:44 - 2015-07-22 12:18 - 01596630 _____ C:\Windows\WindowsUpdate.log
2015-06-26 16:33 - 2015-06-27 19:35 - 00000000 ____D C:\Users\Lisa\Documents\DAModder
2015-06-23 22:29 - 2015-06-23 22:30 - 00000000 ____D C:\3d46e15a7895a31b0ef8e1951832

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 12:31 - 2014-09-06 15:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2015-07-22 12:23 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 12:23 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 12:15 - 2014-09-16 11:18 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Spotify
2015-07-22 12:14 - 2014-09-06 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-22 12:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 12:12 - 2014-09-06 13:13 - 00000993 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-22 11:55 - 2014-09-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 11:34 - 2014-09-06 13:58 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89F12786-F91C-4F8D-9328-AC820C7336A4}
2015-07-22 10:48 - 2014-09-06 16:11 - 00000000 ____D C:\Users\Lisa\AppData\Local\FirestormOS_x64
2015-07-22 10:32 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-21 21:22 - 2014-09-06 14:24 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\TS3Client
2015-07-21 11:47 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 11:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-21 11:43 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 20:45 - 2014-09-06 14:32 - 00000000 ____D C:\Steam
2015-07-20 16:19 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
2015-07-20 12:45 - 2014-11-30 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 12:32 - 2014-09-06 13:11 - 00000000 ____D C:\Users\Lisa
2015-07-20 10:17 - 2014-11-24 14:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-20 10:16 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-20 10:00 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 00:12 - 2015-04-20 10:45 - 00000000 ____D C:\Windows\Minidump
2015-07-19 23:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-19 23:38 - 2014-09-15 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-19 22:37 - 2014-09-06 17:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Mozilla
2015-07-19 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 22:17 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 22:57 - 2014-09-06 14:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 22:57 - 2014-09-06 14:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 22:57 - 2014-09-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 07:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:01 - 2014-12-12 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:01 - 2014-09-06 15:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 06:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 23:51 - 2014-09-06 15:04 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 11:51 - 2014-09-06 14:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410005444
2015-07-15 11:51 - 2014-09-06 14:10 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-15 11:08 - 2014-09-15 14:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:03 - 2014-12-27 12:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-08 21:14 - 2014-11-19 22:34 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieBrowserModeList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieUserList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieSiteList
2015-07-05 12:08 - 2014-09-06 13:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 13:28 - 2014-09-17 16:52 - 00000000 ____D C:\ProgramData\Origin
2015-07-04 09:57 - 2014-09-06 15:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 09:56 - 2014-11-28 23:34 - 00000000 ____D C:\Users\Lisa\Documents\Electronic Arts
2015-07-04 09:40 - 2014-09-17 16:52 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 16:30 - 2014-09-06 14:19 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\.minecraft
2015-07-03 08:43 - 2014-09-06 15:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some files in TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\486.exe
C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmhrshq.dll
C:\Users\Lisa\AppData\Local\Temp\fsd6509.exe
C:\Users\Lisa\AppData\Local\Temp\fsd712A.exe
C:\Users\Lisa\AppData\Local\Temp\fsdB1A2.exe
C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe
C:\Users\Lisa\AppData\Local\Temp\gkey.exe
C:\Users\Lisa\AppData\Local\Temp\nswC228.tmp.exe
C:\Users\Lisa\AppData\Local\Temp\pkeyui.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\Uninstall.exe
C:\Users\Lisa\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 15:46

==================== End of log ============================
         
--- --- ---
[/CODE]

Code:
ATTFilter
    Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Lisa at 2015-07-22 12:40:17
Running from C:\Users\Lisa\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3081106795-2452553169-1351690023-500 - Administrator - Disabled)
Gast (S-1-5-21-3081106795-2452553169-1351690023-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081106795-2452553169-1351690023-1002 - Limited - Enabled)
Lisa (S-1-5-21-3081106795-2452553169-1351690023-1001 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Anno 1404: Venice (HKLM-x32\...\Steam App 33350) (Version:  - Blue Byte)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CinemaPlus-3.2cV21.07 (HKLM-x32\...\CinemaPlus-3.2cV21.07) (Version: 1.36.01.22 - Cinema PlusV21.07) <==== ATTENTION
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.8.61.1020 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
Friendly Error (HKLM-x32\...\FriendlyError) (Version:  - )
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Spotify (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-07-2015 15:33:11 Windows Update
20-07-2015 15:46:25 Revo Uninstaller's restore point - Search module
20-07-2015 15:52:15 Revo Uninstaller's restore point - SmartWeb
20-07-2015 16:06:49 Revo Uninstaller's restore point - Drakensang
20-07-2015 16:09:01 Revo Uninstaller's restore point - Akamai NetSession Interface
20-07-2015 16:09:45 Revo Uninstaller's restore point - Granado Espada Europe (23.07.18)
20-07-2015 16:11:34 Revo Uninstaller's restore point - FastSearch
20-07-2015 16:13:21 Revo Uninstaller's restore point - GamesDesktop 014.005010035
20-07-2015 16:15:12 Revo Uninstaller's restore point - Friendly Error
20-07-2015 17:28:28 Revo Uninstaller's restore point - Friendly Error
20-07-2015 19:17:29 Revo Uninstaller's restore point - AnyProtect
21-07-2015 10:22:02 Revo Uninstaller's restore point - dealpeak
21-07-2015 10:30:03 Revo Uninstaller's restore point - Games-desktop 014.52
21-07-2015 10:33:44 Revo Uninstaller's restore point - GamesDesktop 014.005010035
21-07-2015 10:35:03 Revo Uninstaller's restore point - GoldenCoupon
21-07-2015 10:37:00 Revo Uninstaller's restore point - mystartsearch uninstall
21-07-2015 10:38:26 Revo Uninstaller's restore point - SaverAddon
21-07-2015 10:39:50 Revo Uninstaller's restore point - savernet
21-07-2015 10:40:44 Revo Uninstaller's restore point - SmartWeb
21-07-2015 10:42:12 Revo Uninstaller's restore point - Software Version Updater
21-07-2015 10:43:22 Revo Uninstaller's restore point - WordSurfer 1.10.0.19
21-07-2015 10:47:09 Revo Uninstaller's restore point - PPriiceLess
21-07-2015 10:49:49 Revo Uninstaller's restore point - Boomerang for Gmail
21-07-2015 10:52:05 Revo Uninstaller's restore point - Support PL 1.1
21-07-2015 10:52:54 Revo Uninstaller's restore point - GamesDesktop 014.005010036
21-07-2015 10:55:47 Revo Uninstaller's restore point - Microsoft WSE 3.0 Runtime
21-07-2015 10:56:01 Removed Microsoft WSE 3.0 Runtime
21-07-2015 10:57:09 Revo Uninstaller's restore point - Friendly Error
21-07-2015 10:58:03 Revo Uninstaller's restore point - SmartWeb
21-07-2015 10:59:28 Revo Uninstaller's restore point - youtubeadblocker
21-07-2015 11:01:35 Revo Uninstaller's restore point - Games-desktop 014.52
21-07-2015 13:53:39 Revo Uninstaller's restore point - Friendly Error
21-07-2015 16:08:12 Revo Uninstaller's restore point - AnyProtect
21-07-2015 16:10:37 Revo Uninstaller's restore point - Friendly Error
21-07-2015 16:11:32 Revo Uninstaller's restore point - GamesDesktop 014.005010036
21-07-2015 16:14:37 Revo Uninstaller's restore point - Games-desktop 014.52
21-07-2015 16:16:07 Revo Uninstaller's restore point - SmartWeb
21-07-2015 16:17:14 Revo Uninstaller's restore point - mystartsearch uninstall
21-07-2015 22:43:14 Windows Update
22-07-2015 12:32:10 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D328C8-BEE3-4023-A318-26E1BBF0FC20} - System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6 => C:\Program Files (x86)\Object Browser\b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6.exe <==== ATTENTION
Task: {0E4D537E-6AEC-48CF-AC06-DF097340F477} - System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9} => pcalua.exe -a "C:\Program Files (x86)\FriendlyError\tmpA2E.bat"
Task: {0FE1C2D4-6C14-4972-B3A3-FBB4744EB96B} - System32\Tasks\{52E89830-3959-4D71-A55C-FAD2010555E9} => pcalua.exe -a C:\Users\Lisa\Downloads\win64_153330.exe -d C:\Users\Lisa\Downloads
Task: {1AB4098A-2484-45E0-90BA-04216460EA73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {21021748-3E8C-445F-A703-46D299CA75DC} - System32\Tasks\Opera scheduled Autoupdate 1410005444 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {232CCFDC-0804-4DF5-AA14-AE287CACB450} - System32\Tasks\IT Viewer Job => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {262FB643-37A8-4B67-8C16-2E4340A3F018} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2F85E6EF-0603-4A40-B943-E4A8E671143E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {3FD112B8-7BBA-4CA0-9955-3782BE8AA577} - System32\Tasks\{12BE6692-9709-45F9-A274-B1CA13D11B36} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {48E2964E-A5B6-408F-B42B-A9195B7560B9} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {4C5AE44B-0E8E-44F2-8513-307423FD9731} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {6F585571-6702-4D8D-9EC6-B7D9D7107B83} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7260FB6B-BC4D-4229-BD6C-CD95B1572FCC} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-6.exe <==== ATTENTION
Task: {7878BF35-935A-403C-A30D-B5BFF221DDAC} - System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=fsf
Task: {82138DBD-B283-4C6B-B290-0EB1939D10B5} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-1-6.exe <==== ATTENTION
Task: {83BE98C6-A01B-49C8-BED2-8BAA20611802} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {87DB57AF-6B1E-464D-ABD5-1BD215308E04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {A36A2071-390E-4B71-AB89-7A17D1AE471B} - System32\Tasks\sab3009 => C:\PROGRA~2\FASTSE~1\sab3009.exe
Task: {A76A0464-034E-4020-8DB6-4B37EB65CBE2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {AF134532-6A01-4823-ACEB-DEF1887B7DD4} - System32\Tasks\{232614BD-67BD-4EBF-90C1-41D88EA2BE28} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {BD83FA08-4D88-4D55-AEDB-A4EACC597908} - System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7} => C:\Users\Lisa\AppData\Roaming\eNdNEAHi\EtXnGslP\AdxooqIv\xixYVblSO.exe
Task: {D13618AC-BFA7-4A9E-A5A6-CB25A73FC924} - System32\Tasks\{852D5EB1-DEB2-419A-B434-FF965F832EE3} => pcalua.exe -a C:\Users\Lisa\AppData\Local\Temp\Temp1_Monopoly-Pro.zip\Mono245.exe
Task: {D303EB84-BB65-4346-AD76-3722CFDA688D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DAC91302-EAC4-45D4-BFE4-3B82FF106951} - System32\Tasks\CaptureHigh => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Task: {E538F603-01B0-473D-B1C4-842B1F04F7AB} - System32\Tasks\{399FE967-C224-4524-BC64-12429ED5EB3D} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {E94A1CFE-2233-4F83-9BD7-39ED376F21F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CaptureHigh.job => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B7427D0-65AF-4D6F-9C77-C9D3EAE8FAF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{05ADF46F-8AB7-47DC-B9F8-D69D2B6F9D2E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{43159BD3-25FA-4538-A56A-C3D62E6528B8}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{B11CEE67-C061-49E3-8BA5-D23BC2C5C688}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [TCP Query User{FC2540D5-6498-4814-92E9-4A7156FE873D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D5FF768B-EE92-4D05-A900-C87C68ED6EFA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F503F871-89ED-45DA-AC9C-3ABF4EA83152}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0363B4B7-70BB-4BAD-AB2A-B524E0278440}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{EA966F21-1E20-443D-B06F-199254E1FA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{00BC51D6-ED26-4B12-B2E8-D53A215859C6}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{02E9B33A-32E0-4CB0-B60C-443570E86382}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{83C41322-F52A-4447-B597-ABF58308B002}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D79E8567-1070-4DED-BF76-FA01B34BBB85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DE1FFE0B-7DF9-4EBD-8377-F8954E6A4B4A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7897420E-63CD-4CF0-9F73-7A0CCE9E614E}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75B29466-8908-44F0-A1DE-212A9B21F416}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{380FA9E8-A97A-4A4D-AD7D-183D9ED7F72C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4CE32472-B340-462F-8D90-03718A220F27}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{BA571566-1F0C-46F3-84B0-D9E64C0A1A9B}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C370CA67-FEC0-4E57-9577-9E9868E246ED}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E7C5C006-9310-40F9-824C-CC3100A04E46}] => (Allow) LPort=29900
FirewallRules: [{6717E152-FE41-4220-A3FD-911A4FAB29A3}] => (Allow) LPort=29900
FirewallRules: [TCP Query User{C909A75E-64E2-4323-A992-90D040C600A3}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{524D4E30-6753-40FE-9DCD-98490E1F7765}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{C3EA58CB-A810-48F8-B107-4504843CA73F}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1D5F5FB8-258B-4264-8B71-FC42316CB3A9}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{59D453EB-6027-41E9-913C-4912CDEC4074}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2E84E161-3287-4924-898E-1E1BB6EAD984}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F729251E-FE68-48C1-990C-68FC8CD2311B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1D0C6686-94DB-4DCA-B451-9E2FC61FA581}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8CA9BB09-2B22-4352-9B64-8BE803B0D081}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{7A6E2E0C-27F0-442F-B42F-86D429554D96}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{02093452-7A7B-4416-AD72-F842696FFAB5}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{E8D4FFF3-9D42-4DFF-8E87-4F6CDA4FD7B6}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [TCP Query User{7B7B029E-EC1B-4849-9773-980EEFFE8479}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{6ACD7323-35C2-47F9-829C-B4812F5B321B}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{4F703679-09CC-4FF6-A5E5-AD207B7911C5}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{186CFC37-D185-440A-B891-FE09B1F9B6CB}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{25C2745B-B011-439D-B034-521189260053}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9AA9719C-A0B6-42AF-B986-3B787289C955}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{72026A06-5CE7-4F1F-8B82-D46C025E04FE}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [UDP Query User{57CF344A-DEF8-4AA5-ABD4-BEBB398802B0}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [{086E3A07-F0BA-441A-B2A5-628C114C4944}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{AD22CA5F-6D73-4247-ABEE-2F311AED725D}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{E9D7C29F-9470-4E08-A983-DCD561CE1B83}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{D0344BA6-9AEA-4501-B781-550F31D19124}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{21CFAD21-A6FB-4ED6-8FC0-F1D047FEE3A9}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{A956318E-D938-4ED8-95F6-16E84EDB1976}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{E61A2207-EAAB-450D-8893-7CB93BB44071}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{85AED897-47D4-4251-ADBD-21E77A68AB6B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{D0867C0B-3672-4F57-B17E-E5A5C44983D5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4C091E2D-FA49-4B23-906E-7EE72D5B8451}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{B8217195-5D73-4DAC-AEB3-99ECE7D9059B}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{DBCFF8A6-DD4E-4873-8DA0-5AD931D1D0A8}] => (Allow) C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{D8F73629-9B95-4F6D-AFB8-6A275DCF4D6F}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Addon.exe
FirewallRules: [{A17D4F17-C96A-45F7-88A2-A18333D33B06}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Addon.exe
FirewallRules: [{B183F2F4-A691-4F0C-BA76-684549BBAA71}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 11:51:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jnsg729F.tmp, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xjnsg729F.tmp0
Pfad der fehlerhaften Anwendung: jnsg729F.tmp1
Pfad des fehlerhaften Moduls: jnsg729F.tmp2
Berichtskennung: jnsg729F.tmp3

Error: (07/22/2015 10:33:04 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3744) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/21/2015 09:31:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gmsd_de_005010037.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bdc

Startzeit: 01d0c3de7955b604

Endzeit: 108

Anwendungspfad: C:\Program Files (x86)\gmsd_de_005010037\gmsd_de_005010037.exe

Berichts-ID: 02f898ff-2fdf-11e5-a92d-001bfc1b1466

Error: (07/21/2015 08:04:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm myoffergroup_de.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1998

Startzeit: 01d0c3df7d3f5489

Endzeit: 4

Anwendungspfad: C:\Users\Lisa\AppData\Local\Temp\is-E9BMT.tmp\myoffergroup_de.tmp

Berichts-ID:

Error: (07/21/2015 04:59:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gentlemjmp_ieu.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 156c

Startzeit: 01d0c3c5d28af990

Endzeit: 6

Anwendungspfad: C:\Users\Lisa\AppData\Local\Temp\is-GG4D3.tmp\gentlemjmp_ieu.tmp

Berichts-ID:

Error: (07/21/2015 04:22:51 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3496) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/21/2015 02:26:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm myoffergroup_de.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f0

Startzeit: 01d0c3b05235ce41

Endzeit: 4

Anwendungspfad: C:\Users\Lisa\AppData\Local\Temp\is-4DU8N.tmp\myoffergroup_de.tmp

Berichts-ID:

Error: (07/21/2015 02:25:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm fsdC245.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f48

Startzeit: 01d0c3afea0bb2fc

Endzeit: 10

Anwendungspfad: C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe

Berichts-ID:

Error: (07/21/2015 01:48:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3648) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/21/2015 12:29:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm myoffergroup_de.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 964

Startzeit: 01d0c3a00dd36468

Endzeit: 2

Anwendungspfad: C:\Users\Lisa\AppData\Local\Temp\is-6M0VH.tmp\myoffergroup_de.tmp

Berichts-ID:


System errors:
=============
Error: (07/22/2015 12:33:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BBUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:33:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/22/2015 12:33:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BingBar Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Andrea ADI Filters Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2015 12:14:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07

Error: (07/22/2015 12:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (07/22/2015 11:51:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jnsg729F.tmp0.0.0.000000000unknown0.0.0.000000000c00000050000000081801d0c458efa3b16dC:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466\jnsg729F.tmpunknown29521109-3057-11e5-a942-001bfc1b1466

Error: (07/22/2015 10:33:04 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3744WindowsMail0:

Error: (07/21/2015 09:31:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gmsd_de_005010037.exe0.0.0.01bdc01d0c3de7955b604108C:\Program Files (x86)\gmsd_de_005010037\gmsd_de_005010037.exe02f898ff-2fdf-11e5-a92d-001bfc1b1466

Error: (07/21/2015 08:04:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: myoffergroup_de.tmp51.52.0.0199801d0c3df7d3f54894C:\Users\Lisa\AppData\Local\Temp\is-E9BMT.tmp\myoffergroup_de.tmp

Error: (07/21/2015 04:59:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gentlemjmp_ieu.tmp51.52.0.0156c01d0c3c5d28af9906C:\Users\Lisa\AppData\Local\Temp\is-GG4D3.tmp\gentlemjmp_ieu.tmp

Error: (07/21/2015 04:22:51 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3496WindowsMail0:

Error: (07/21/2015 02:26:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: myoffergroup_de.tmp51.52.0.015f001d0c3b05235ce414C:\Users\Lisa\AppData\Local\Temp\is-4DU8N.tmp\myoffergroup_de.tmp

Error: (07/21/2015 02:25:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: fsdC245.exe1.0.0.0f4801d0c3afea0bb2fc10C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe

Error: (07/21/2015 01:48:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3648WindowsMail0:

Error: (07/21/2015 12:29:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: myoffergroup_de.tmp51.52.0.096401d0c3a00dd364682C:\Users\Lisa\AppData\Local\Temp\is-6M0VH.tmp\myoffergroup_de.tmp


CodeIntegrity Errors:
===================================
  Date: 2015-07-22 12:14:07.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 12:14:07.566
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 11:54:15.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 11:54:15.566
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 10:31:48.301
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 10:31:48.223
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 16:22:00.095
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 16:22:00.017
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 13:48:02.797
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 13:48:02.719
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 42%
Total physical RAM: 2047.18 MB
Available physical RAM: 1170.91 MB
Total Virtual: 4094.36 MB
Available Virtual: 3024.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:107.11 GB) NTFS
Drive d: (ESO Install) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 36C9E45B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

Alt 23.07.2015, 07:04   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect Problem - Standard

Search Protect Problem



Zitat:
CinemaPlus-3.2cV21.07

globalupdate Helper
Nochmal versuchen zu deinstallieren.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2015, 14:21   #11
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



Code:
ATTFilter
    ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5bf61e3615ed6a4a96da31eff6869e86
# end=init
# utc_time=2015-07-23 09:29:31
# local_time=2015-07-23 11:29:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24938
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5bf61e3615ed6a4a96da31eff6869e86
# end=updated
# utc_time=2015-07-23 09:34:24
# local_time=2015-07-23 11:34:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5bf61e3615ed6a4a96da31eff6869e86
# engine=24938
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-23 11:12:53
# local_time=2015-07-23 01:12:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6132655 60633967 0 0
# scanned=212228
# found=113
# cleaned=0
# scan_time=5908
sh=5B532A4354D13DBC24E7FD923A350E467FBE775A ft=1 fh=c71c0011c5aeb8c5 vn="Variante von Win32/Adware.MultiPlug.NA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppendRunner\AppendRunner.dll.vir"
sh=285F6110A169AFB8E982FC78855B337E4AAB8EB3 ft=1 fh=2e5c1bfd1fab5333 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\utilCouponTime.exe.vir"
sh=90A1B418D3ED7E42561E3B6CB952E06D2732B29F ft=1 fh=e9506cd3140039c1 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010036\gamesdesktop_widget.exe.vir"
sh=533076DBE450AD00B5D134B0986BB0CDD550FD09 ft=1 fh=a3f51570f9f60f2e vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010036\gmsd_de_005010036.exe.vir"
sh=C0E71C3264880861105B3FDAD8969EB38DD3652C ft=1 fh=14d13cb0918bacb1 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010036\predm.exe.vir"
sh=C58178BF653E69B9A5B47C38793BF1901E6525B0 ft=1 fh=b62d43781ca83938 vn="Variante von Win32/TrojanDropper.Addrop.J Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe.vir"
sh=89D3D91B63CCB3FDA5BE51C28A6DF1CADA804CD2 ft=1 fh=cec1e0487579cffb vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchCH.dll.vir"
sh=286A3A4929F9194AB22CE4B2CFEB86C5C8B05B1C ft=1 fh=e01830d6344e6508 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowserAction.dll.vir"
sh=4C80B8272D2039580353E878D89F98C7E7A6C1D1 ft=1 fh=aa996b4324fb3c71 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=50D89A51B4F0750530071A1DBC21CB4E3D9DBA4B ft=1 fh=ef671f445b9b27a1 vn="Variante von Win32/ELEX.DK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\HPNotify.exe.vir"
sh=6728C97228C2330876C15837CC010B61CD41A834 ft=1 fh=838d510d68e65437 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\IeWatchDog.dll.vir"
sh=230933730A30AE6BF14753EFB3CF28451B4D2B56 ft=1 fh=53206f85c831ab5f vn="Variante von Win32/ELEX.EE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir"
sh=84378464F31AB4FA30B94E1220D7C85360130293 ft=1 fh=48b8d5336470e5b5 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir"
sh=001185BDA2642D8D82D53E4E78BBB83FC63F6CBC ft=1 fh=c71c001163ba2129 vn="Variante von Win32/Adware.MultiPlug.JY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PRiiceLiess\0LU7lKFZzW2ApS.exe.vir"
sh=7318CE32C32313BFD02250F6AB570FCDB2B4B961 ft=1 fh=cecc82c6e7a22e09 vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PrroShopPer\xVjo3voyyWMF1P.x64.dll.vir"
sh=C0E71C3264880861105B3FDAD8969EB38DD3652C ft=1 fh=14d13cb0918bacb1 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\rec_de_52\predm.exe.vir"
sh=1E7002E51D799B525FD728D81811815D3C8DF20B ft=1 fh=b00a330399b3166e vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\rec_de_52\rec_de_52.exe.vir"
sh=8FDD261BA479C154E24C7E6DBF5C444526DD1A3B ft=1 fh=c71c0011b7a91dad vn="Variante von Win32/Adware.MultiPlug.JY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\PfX9Nhw7wpXYlu.exe.vir"
sh=9680D848F6F0871528932239F9B31B8A283C3FB5 ft=1 fh=649d4276df95fdd9 vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=383F7B0F14ABA78B188E0E313F2936A4F7D7930B ft=1 fh=d841ec8e80dcb271 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=0C156F1E23AC6FB00DAC33D5FFB5AD61C478E8AC ft=1 fh=0bf16d9e5654d463 vn="Variante von Win32/Adware.MultiPlug.NH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe.vir"
sh=BF00BBFE523894BD4D8B06F78C8E71E11C6B36AD ft=1 fh=bdbcc78a013d2a8d vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Local\gmsd_de_005010036\upgmsd_de_005010036.exe.vir"
sh=F3065D1ADA4C8DA73F0EFFA3F046F8EE66F9501C ft=1 fh=442eb78e605ddc47 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Local\gmsd_de_005010036\Download\myoffergroup_de.exe.vir"
sh=B62FC1371F1B2C01B5F3F2DD59D2769DDDF5FA26 ft=1 fh=ac4b0fbfacf2e562 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Local\gmsd_de_005010036\Download\setup_recover_rec_de_52.exe.vir"
sh=C2CDF8F5CF8F8E7082898326B1937499DEFA5C63 ft=1 fh=4dce2de995a2d99e vn="Variante von Win32/Toolbar.CrossRider.CB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\M9aMN659.exe.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\M9aMN659.vir"
sh=C2CDF8F5CF8F8E7082898326B1937499DEFA5C63 ft=1 fh=4dce2de995a2d99e vn="Variante von Win32/Toolbar.CrossRider.CB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.exe.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\WwwoOyvTqB299LzHrWs.vir"
sh=32FE8D811A0CD3B7424FD03880F6FE6C32781264 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\19.js.vir"
sh=2A01C6CB9438CD629BD80B280DB6BE5994B8FA82 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\91.js.vir"
sh=908310927982C1DFD45B8CBBF669A940C0CE7CC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\5f931073c5a4e641b86b98926a58b918.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\578be746304c8f7ca22a3fe53b649c6a.js.vir"
sh=AF15C2CD390979ACF65E9210C6DB0E85252F6052 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\765ed7d07ea85562f377e1a33328934b.js.vir"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\ce84b2e5c57002f8f5e36b2bbb6a136a.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\0450011abc8afd5fc1ded6f4f6f3da07.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\124ef52ddcb70512b73f8fcbda8e82d6.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\19c3bf1f1ad62687a2b221fc5472277a.js.vir"
sh=3E6E49061DC4C0339624D1BD4C5972D2D6988DA4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\207384392c4d128189c7dbcd11a7728c.js.vir"
sh=B3ABD3CAA6ADACF7A87576C3F949A2C023F51456 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\37a3a41e7a8fbf752e871aef815ee9f1.js.vir"
sh=F7B2040B9EB935D0FFB1571CC0184FED6B7D7583 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\95dc3899058ff6da556485a78d39071e.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\96183f5d2ad4b621a8e158c3401dae75.js.vir"
sh=DAC709B5E008F210478B919F1472D52361AB450E ft=1 fh=0750c33383e298e8 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=41672D3335218C50901B8E32DB7D9E718A6306D0 ft=1 fh=391efafd6238c44a vn="Variante von MSIL/Adware.PullUpdate.P Anwendung" ac=I fn="C:\ProgramData\Ensefnag\1.0.4.1\euclemli.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lisa\AppData\Local\nsyAFD7.tmp.vir"
sh=41672D3335218C50901B8E32DB7D9E718A6306D0 ft=1 fh=391efafd6238c44a vn="Variante von MSIL/Adware.PullUpdate.P Anwendung" ac=I fn="C:\Users\All Users\Ensefnag\1.0.4.1\euclemli.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4U9S4A19\AnyProtectSetup[1].exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4U9S4A19\FinalInstaller_dotnet4[1].exe"
sh=E430D8A53EB1B3BE7B73E067B74BF40B28855146 ft=1 fh=74c75df3f8999e46 vn="Variante von Win32/Adware.ConvertAd.VE Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4U9S4A19\FriendlyError_s4[1].exe"
sh=8E8870EBCCE635BE6305584C38C976A3FF6BF2A7 ft=1 fh=7d58c5d9577e592f vn="Variante von Win32/Toolbar.CrossRider.CT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI583S8O\setup[1].exe"
sh=7DB421836267728545A48316131A5C598DBA4BAA ft=1 fh=e2e7f6fc35751e83 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI583S8O\setup_gmsd_de[2].exe"
sh=D8BFCF67F535EB59E182C852FDDC65C9B7A26330 ft=1 fh=d80e46de4c283a81 vn="Variante von Win32/ELEX.EH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\face_istartsurf[1].exe"
sh=1F0F66473D3309392CB205F8D9AB8901AF478A53 ft=1 fh=187ca44c58992790 vn="Variante von Win32/Adware.ConvertAd.VE Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\FriendlyError_s3[1].exe"
sh=38589E87AC387B691F4F99F0420A49A50AD52995 ft=1 fh=0d68d3f5dc74fddb vn="Win32/Adware.ConvertAd.ST Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\policyname[1].exe"
sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\SmartWebInstaller[1].exe"
sh=9ABBAF453246D0C43D62E3A372F40807FB500BCD ft=1 fh=c71c0011f21cd2d8 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\AnyProtect[1].exe"
sh=64D03177CDB27835E13D7C1232DC2B6D41AEB76A ft=1 fh=e3561a1716dadb37 vn="Variante von Win32/ELEX.EH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\cmi_mystartsearch[1].exe"
sh=AC597FF4CDB2DDBF589DF3B167DB49829DF30F81 ft=1 fh=3993e54b2ba8c468 vn="Variante von Win32/Adware.ConvertAd.RU Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\SearchUpdater[1].exe"
sh=74A50477FEA17B3932A01076C0FD6031F2BE2620 ft=1 fh=0a8c33f0e3d53939 vn="Variante von Win32/Packed.ScrambleWrapper.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\setup[2].exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\fsd6509.exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\fsd712A.exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\fsdB1A2.exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe"
sh=7DA49D4DEE8F19F1697D4ABA468134C9EEF978DC ft=1 fh=6a16dbf537f10013 vn="Win32/Adware.ConvertAd.RS Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\nsr37F5.tmp"
sh=E4011FBE248C58CC48732F35F34339949406EFA7 ft=1 fh=df3946b96237ec5f vn="Win32/Adware.ConvertAd.RS Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\nsrDCA0.tmp"
sh=15501A12C29C82672CDCFB7D64A9CAC4AE867C70 ft=1 fh=c432c5b92fd0415c vn="Variante von Win32/Adware.MultiPlug.NH Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\nswC228.tmp.exe"
sh=15501A12C29C82672CDCFB7D64A9CAC4AE867C70 ft=1 fh=c432c5b92fd0415c vn="Variante von Win32/Adware.MultiPlug.NH Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\CA50\temp\nswC228.tmp.exe"
sh=B0578200EE83F0FE70E98EB5CCD336311EC2B514 ft=1 fh=48455528e1e6df54 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\11.exe"
sh=6A0ED60624BC5BBAC0A09F14B10ACA475599FED2 ft=1 fh=48455528c5a2568b vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\399.exe"
sh=BAD262BB924DDDA54976CE970EF603E51016299B ft=1 fh=48455528b0814ef2 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\436.exe"
sh=E7F0A27A2E9510F9436131429EA2FA7427E16CF3 ft=1 fh=484555280ac0a5e5 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\465.exe"
sh=7361030DDB5C56A334D660929861FFD8AFC991E5 ft=1 fh=48455528cebe4552 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\473.exe"
sh=19A078EACEA6787CCDA5331399B53254229E0367 ft=1 fh=484555285684bff4 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_BubbleSound_installer_multilang.exe"
sh=EC462B23A558581C47F7BC8C81A310FF111EF9DC ft=1 fh=48455528e725bfd0 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_optimizerpro_installer_multilang.exe"
sh=43D4943BC85FDF37E3B258BC23598DF44A4B643D ft=1 fh=484555283920b921 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_pcrossbrowser_installer_multilang.exe"
sh=63628C213CC91C7595AD7F3D239F268CAF3AB07E ft=1 fh=48455528628a38e0 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_priceless_p_installer_multilang.exe"
sh=99194864FEC96FBE431F15D1314BDAA66DA20582 ft=1 fh=4845552834a67829 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_SByoutube_installer_multilang.exe"
sh=6A0ED60624BC5BBAC0A09F14B10ACA475599FED2 ft=1 fh=48455528c5a2568b vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-A8O9V.tmp\399.exe"
sh=6A0ED60624BC5BBAC0A09F14B10ACA475599FED2 ft=1 fh=48455528c5a2568b vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-KOH0O.tmp\399.exe"
sh=AA1EF6B141750A76E80CBC579D273EE43E53CFF1 ft=1 fh=48455528121f7d84 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\399.exe"
sh=749D17C0895E8C103CE200DDB9BE8A598B19E5C3 ft=1 fh=48455528f4eed607 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\436.exe"
sh=B4B52D744AFC7EF645FEFD818B5B28C0C53E04AF ft=1 fh=48455528a532758a vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\465.exe"
sh=9721B9AC3449A311AC1C6507EA7E619FA72D78DD ft=1 fh=4845552878bb057a vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\473.exe"
sh=CEEFB338703398834EADBF91A54D0C182887A322 ft=1 fh=48455528c6cca0f4 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\package_optimizerpro_installer_multilang.exe"
sh=908310927982C1DFD45B8CBBF669A940C0CE7CC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\59d65872ee915d517a23ebafc54b26b9.js"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\api\8bfdd4af9101a3a51b6ee5e8ed473611.js"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\api\a0dce027a605b62aff3b31a4838f3cc1.js"
sh=AF15C2CD390979ACF65E9210C6DB0E85252F6052 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\api\f2a491c25011147e180ee5446531bb5d.js"
sh=F7B2040B9EB935D0FFB1571CC0184FED6B7D7583 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\192466e5d0d4274940650755b542627f.js"
sh=3E6E49061DC4C0339624D1BD4C5972D2D6988DA4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\43116e5ec779158fe1b6c4db750ceb6b.js"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\61ce3447aadd5452471249d93d2243cd.js"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\9a8578023ea5f360724bdf072c4eaae9.js"
sh=B3ABD3CAA6ADACF7A87576C3F949A2C023F51456 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\af6297bdb5eb89e8b2b22af9c98f5213.js"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\d864576fe7e2d1b8a5874cd837ab437c.js"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\e57aae17780a1504232ad6de9591e5ce.js"
sh=70B1D76E74C72A0C0AE7FA00623CB23ABB07AC3C ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm\1.0.1_0\background.js"
sh=DC5F9D174C61808BE16BCE52470F44E6D8B7A3D3 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm\1.0.1_0\content.js"
sh=69E1DFF72C520FEC92827911C94D818FC0639999 ft=1 fh=7bb987ee912418aa vn="Variante von Win32/SoftPulse.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\Setup.exe"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI4885.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI4885.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI4885.tmp-\spusm.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI4885.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI4885.tmp-\srut.dll"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\spbe.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\srptc.dll"
sh=444801FC4365D9D9B000EF6CC97F31A0E06AAA16 ft=1 fh=3cf8016bf6ac35d8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIACB5.tmp-\srut.dll"
         
Code:
ATTFilter
   Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Reader XI  
 Mozilla Thunderbird (31.7.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Lisa (administrator) on LISA-PC on 23-07-2015 15:19:23
Running from C:\Users\Lisa\Pc Bereinigung
Loaded Profiles: Lisa (Available Profiles: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-10-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify Web Helper] => C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify] => C:\Users\Lisa\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4A73E63-0074-49A9-ADD5-E0062660EF6D}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\NPSWF32.dll [2015-05-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-05-07] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (iWebar) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-19]
OPR Extension: (Product Deals) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm [2015-07-20]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartsurf.com/?type=sc&ts=1437490452&z=4ba2030ede134013ed43606g1z1c4m1z0t3ecz0o5e&from=face&uid=SAMSUNGXHD252HJ_S17HJ1KS303375

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2014-10-01] (Andrea Electronics Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88584 2015-05-07] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-04] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2015-04-20] () [File not signed]
R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2015-04-20] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-09-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2014-09-06] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 11:29 - 2015-07-23 11:29 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-22 13:42 - 2015-07-22 14:01 - 00000000 ____D C:\Users\Lisa\Desktop\Ps1 Emulator
2015-07-22 13:37 - 2015-07-23 15:19 - 00000000 ____D C:\Users\Lisa\Pc Bereinigung
2015-07-22 11:04 - 2015-07-22 12:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 11:04 - 2015-07-22 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-22 11:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 11:04 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 11:03 - 2015-07-22 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-22 11:03 - 2015-07-22 11:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 11:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-21 16:01 - 2015-07-21 16:01 - 00003038 _____ C:\Windows\System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7}
2015-07-21 16:01 - 2015-07-21 16:01 - 00000000 ___HD C:\Users\Lisa\AppData\Roaming\eNdNEAHi
2015-07-21 13:34 - 2015-07-22 12:13 - 00000000 ____D C:\AdwCleaner
2015-07-21 12:25 - 2015-07-22 11:51 - 00000000 ____D C:\Program Files (x86)\Tv For  Chrome
2015-07-21 11:47 - 2015-07-21 11:47 - 00032958 _____ C:\ComboFix.txt
2015-07-21 11:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-21 11:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-21 11:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-21 11:08 - 2015-07-21 11:47 - 00000000 ____D C:\Qoobox
2015-07-21 11:08 - 2015-07-21 11:44 - 00000000 ____D C:\Windows\erdnt
2015-07-21 10:45 - 2015-07-22 22:45 - 00000334 _____ C:\Windows\Tasks\CaptureHigh.job
2015-07-21 10:45 - 2015-07-21 10:45 - 00003244 _____ C:\Windows\System32\Tasks\CaptureHigh
2015-07-21 10:44 - 2015-07-21 12:24 - 00000000 _____ C:\dummy.htm
2015-07-21 10:26 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:26 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:26 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:44 - 2015-07-20 20:44 - 00000000 ____D C:\Users\Lisa\Documents\ANNO 1404 Venedig
2015-07-20 19:21 - 2015-07-20 19:21 - 00000201 _____ C:\Users\Lisa\Desktop\Anno 1404 Venice.url
2015-07-20 17:32 - 2015-07-23 15:19 - 00000000 ____D C:\FRST
2015-07-20 16:49 - 2015-07-23 11:20 - 00000560 _____ C:\Windows\setupact.log
2015-07-20 16:49 - 2015-07-22 10:32 - 00368880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00104056 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00000000 _____ C:\Windows\setuperr.log
2015-07-20 16:48 - 2015-07-22 11:54 - 00007478 _____ C:\Windows\PFRO.log
2015-07-20 15:45 - 2015-07-20 15:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-20 15:19 - 2015-07-23 11:20 - 00000000 ____D C:\Users\Lisa\AppData\Local\Spotify
2015-07-20 12:32 - 2015-07-22 22:45 - 00000000 ___RD C:\Users\Lisa\Dropbox
2015-07-20 12:32 - 2015-07-20 12:32 - 00001121 _____ C:\Users\Lisa\Desktop\Dropbox.lnk
2015-07-20 12:31 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-20 12:29 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2015-07-20 12:28 - 2015-07-23 14:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
2015-07-20 12:28 - 2015-07-23 12:39 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
2015-07-20 12:28 - 2015-07-20 12:34 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA
2015-07-20 12:28 - 2015-07-20 12:34 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core
2015-07-20 12:26 - 2015-07-22 22:45 - 00000000 ____D C:\Users\Lisa\AppData\Local\Dropbox
2015-07-20 12:26 - 2015-07-20 12:26 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-20 10:08 - 2015-07-20 10:08 - 00003088 _____ C:\Windows\System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9}
2015-07-20 00:54 - 2015-07-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Flash
2015-07-20 00:33 - 2015-07-22 10:47 - 00000000 ____D C:\ProgramData\Ensefnag
2015-07-20 00:28 - 2015-07-20 00:28 - 00003850 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-20 00:28 - 2015-07-20 00:28 - 00000000 _____ C:\places.sqlite
2015-07-20 00:23 - 2015-07-20 10:09 - 00000000 ____D C:\Program Files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-20 00:17 - 2015-07-20 00:17 - 00104056 _____ C:\Users\Surriya\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 00:17 - 2015-07-20 00:17 - 00001425 _____ C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 00:17 - 2015-07-20 00:17 - 00000020 ___SH C:\Users\Surriya\ntuser.ini
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Vorlagen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Startmenü
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Netzwerkumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Lokale Einstellungen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Eigene Dateien
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Druckumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Musik
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Bilder
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Verlauf
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Roaming\Adobe
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\VirtualStore
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\NVIDIA
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya
2015-07-20 00:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 00:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-19 22:57 - 2015-07-19 22:57 - 00003140 _____ C:\Windows\System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD}
2015-07-19 22:46 - 2015-07-19 22:46 - 00005478 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007522 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007202 _____ C:\Windows\System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6
2015-07-19 22:39 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-19 22:38 - 2015-07-21 22:23 - 00000000 ____D C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 22:37 - 2015-07-22 11:08 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 22:37 - 2015-07-19 22:39 - 00000000 ____D C:\ProgramData\AppMgr4.27.1676029
2015-07-19 22:34 - 2015-07-20 22:34 - 00003254 _____ C:\Windows\System32\Tasks\IT Viewer Job
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\prleth.sys
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-19 22:13 - 2015-07-19 22:13 - 00003086 _____ C:\Windows\System32\Tasks\sab3009
2015-07-19 21:02 - 2015-07-19 21:03 - 00000000 ____D C:\Users\Lisa\Documents\Ps1 Emulator
2015-07-16 08:21 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 08:21 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 11:41 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 11:41 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:41 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:41 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:41 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:41 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 11:40 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:40 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:40 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:40 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:40 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:40 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:40 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:40 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:40 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:40 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:40 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:40 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:40 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:40 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:40 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:40 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:40 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:40 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:40 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:39 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:39 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 11:39 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 11:39 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 11:38 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:38 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:38 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:38 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:38 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:36 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 11:36 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 11:36 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 11:36 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:36 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:36 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:36 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 11:35 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-28 11:44 - 2015-07-23 14:14 - 01695360 _____ C:\Windows\WindowsUpdate.log
2015-06-26 16:33 - 2015-06-27 19:35 - 00000000 ____D C:\Users\Lisa\Documents\DAModder
2015-06-23 22:29 - 2015-06-23 22:30 - 00000000 ____D C:\3d46e15a7895a31b0ef8e1951832

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 15:16 - 2014-09-06 13:58 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89F12786-F91C-4F8D-9328-AC820C7336A4}
2015-07-23 14:55 - 2014-09-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-23 13:46 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 13:46 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 11:21 - 2014-09-16 11:18 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Spotify
2015-07-23 11:21 - 2014-09-06 15:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2015-07-23 11:20 - 2014-09-06 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-23 11:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 23:16 - 2014-09-06 16:11 - 00000000 ____D C:\Users\Lisa\AppData\Local\FirestormOS_x64
2015-07-22 22:39 - 2014-11-24 15:04 - 00000000 ____D C:\Users\Lisa\Documents\BioWare
2015-07-22 22:38 - 2014-09-17 16:52 - 00000000 ____D C:\ProgramData\Origin
2015-07-22 13:37 - 2014-09-06 13:11 - 00000000 ____D C:\Users\Lisa
2015-07-22 12:12 - 2014-09-06 13:13 - 00000993 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-22 10:32 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-21 21:22 - 2014-09-06 14:24 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\TS3Client
2015-07-21 11:47 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 11:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-21 11:43 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 20:45 - 2014-09-06 14:32 - 00000000 ____D C:\Steam
2015-07-20 16:19 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
2015-07-20 12:45 - 2014-11-30 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 10:17 - 2014-11-24 14:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-20 10:16 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-20 10:00 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 00:12 - 2015-04-20 10:45 - 00000000 ____D C:\Windows\Minidump
2015-07-19 23:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-19 23:38 - 2014-09-15 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-19 22:37 - 2014-09-06 17:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Mozilla
2015-07-19 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 22:17 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 22:57 - 2014-09-06 14:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 22:57 - 2014-09-06 14:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 22:57 - 2014-09-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 07:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:01 - 2014-12-12 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:01 - 2014-09-06 15:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 06:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 23:51 - 2014-09-06 15:04 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 11:51 - 2014-09-06 14:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410005444
2015-07-15 11:51 - 2014-09-06 14:10 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-15 11:08 - 2014-09-15 14:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:03 - 2014-12-27 12:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-08 21:14 - 2014-11-19 22:34 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieBrowserModeList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieUserList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieSiteList
2015-07-05 12:08 - 2014-09-06 13:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 09:57 - 2014-09-06 15:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 09:56 - 2014-11-28 23:34 - 00000000 ____D C:\Users\Lisa\Documents\Electronic Arts
2015-07-04 09:40 - 2014-09-17 16:52 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 16:30 - 2014-09-06 14:19 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\.minecraft
2015-07-03 08:43 - 2014-09-06 15:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some files in TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\486.exe
C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_mv9g.dll
C:\Users\Lisa\AppData\Local\Temp\fsd6509.exe
C:\Users\Lisa\AppData\Local\Temp\fsd712A.exe
C:\Users\Lisa\AppData\Local\Temp\fsdB1A2.exe
C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe
C:\Users\Lisa\AppData\Local\Temp\gkey.exe
C:\Users\Lisa\AppData\Local\Temp\nswC228.tmp.exe
C:\Users\Lisa\AppData\Local\Temp\pkeyui.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\Uninstall.exe
C:\Users\Lisa\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 13:40

==================== End of log ============================
         
--- --- ---
[/CODE]

Alt 23.07.2015, 14:23   #12
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



Code:
ATTFilter
     Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Lisa at 2015-07-23 15:20:12
Running from C:\Users\Lisa\Pc Bereinigung
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3081106795-2452553169-1351690023-500 - Administrator - Disabled)
Gast (S-1-5-21-3081106795-2452553169-1351690023-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081106795-2452553169-1351690023-1002 - Limited - Enabled)
Lisa (S-1-5-21-3081106795-2452553169-1351690023-1001 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Anno 1404: Venice (HKLM-x32\...\Steam App 33350) (Version:  - Blue Byte)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.9.80.1020 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Spotify (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-07-2015 16:06:49 Revo Uninstaller's restore point - Drakensang
20-07-2015 16:09:01 Revo Uninstaller's restore point - Akamai NetSession Interface
20-07-2015 16:09:45 Revo Uninstaller's restore point - Granado Espada Europe (23.07.18)
20-07-2015 16:11:34 Revo Uninstaller's restore point - FastSearch
20-07-2015 16:13:21 Revo Uninstaller's restore point - GamesDesktop 014.005010035
20-07-2015 16:15:12 Revo Uninstaller's restore point - Friendly Error
20-07-2015 17:28:28 Revo Uninstaller's restore point - Friendly Error
20-07-2015 19:17:29 Revo Uninstaller's restore point - AnyProtect
21-07-2015 10:22:02 Revo Uninstaller's restore point - dealpeak
21-07-2015 10:30:03 Revo Uninstaller's restore point - Games-desktop 014.52
21-07-2015 10:33:44 Revo Uninstaller's restore point - GamesDesktop 014.005010035
21-07-2015 10:35:03 Revo Uninstaller's restore point - GoldenCoupon
21-07-2015 10:37:00 Revo Uninstaller's restore point - mystartsearch uninstall
21-07-2015 10:38:26 Revo Uninstaller's restore point - SaverAddon
21-07-2015 10:39:50 Revo Uninstaller's restore point - savernet
21-07-2015 10:40:44 Revo Uninstaller's restore point - SmartWeb
21-07-2015 10:42:12 Revo Uninstaller's restore point - Software Version Updater
21-07-2015 10:43:22 Revo Uninstaller's restore point - WordSurfer 1.10.0.19
21-07-2015 10:47:09 Revo Uninstaller's restore point - PPriiceLess
21-07-2015 10:49:49 Revo Uninstaller's restore point - Boomerang for Gmail
21-07-2015 10:52:05 Revo Uninstaller's restore point - Support PL 1.1
21-07-2015 10:52:54 Revo Uninstaller's restore point - GamesDesktop 014.005010036
21-07-2015 10:55:47 Revo Uninstaller's restore point - Microsoft WSE 3.0 Runtime
21-07-2015 10:56:01 Removed Microsoft WSE 3.0 Runtime
21-07-2015 10:57:09 Revo Uninstaller's restore point - Friendly Error
21-07-2015 10:58:03 Revo Uninstaller's restore point - SmartWeb
21-07-2015 10:59:28 Revo Uninstaller's restore point - youtubeadblocker
21-07-2015 11:01:35 Revo Uninstaller's restore point - Games-desktop 014.52
21-07-2015 13:53:39 Revo Uninstaller's restore point - Friendly Error
21-07-2015 16:08:12 Revo Uninstaller's restore point - AnyProtect
21-07-2015 16:10:37 Revo Uninstaller's restore point - Friendly Error
21-07-2015 16:11:32 Revo Uninstaller's restore point - GamesDesktop 014.005010036
21-07-2015 16:14:37 Revo Uninstaller's restore point - Games-desktop 014.52
21-07-2015 16:16:07 Revo Uninstaller's restore point - SmartWeb
21-07-2015 16:17:14 Revo Uninstaller's restore point - mystartsearch uninstall
21-07-2015 22:43:14 Windows Update
22-07-2015 12:32:10 JRT Pre-Junkware Removal
22-07-2015 13:13:04 Revo Uninstaller's restore point - Friendly Error
22-07-2015 13:14:33 Revo Uninstaller's restore point - CinemaPlus-3.2cV21.07
22-07-2015 18:35:47 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D328C8-BEE3-4023-A318-26E1BBF0FC20} - System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6 => C:\Program Files (x86)\Object Browser\b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6.exe <==== ATTENTION
Task: {0E4D537E-6AEC-48CF-AC06-DF097340F477} - System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9} => pcalua.exe -a "C:\Program Files (x86)\FriendlyError\tmpA2E.bat"
Task: {0FE1C2D4-6C14-4972-B3A3-FBB4744EB96B} - System32\Tasks\{52E89830-3959-4D71-A55C-FAD2010555E9} => pcalua.exe -a C:\Users\Lisa\Downloads\win64_153330.exe -d C:\Users\Lisa\Downloads
Task: {1AB4098A-2484-45E0-90BA-04216460EA73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {21021748-3E8C-445F-A703-46D299CA75DC} - System32\Tasks\Opera scheduled Autoupdate 1410005444 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {232CCFDC-0804-4DF5-AA14-AE287CACB450} - System32\Tasks\IT Viewer Job => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {262FB643-37A8-4B67-8C16-2E4340A3F018} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2F85E6EF-0603-4A40-B943-E4A8E671143E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {3FD112B8-7BBA-4CA0-9955-3782BE8AA577} - System32\Tasks\{12BE6692-9709-45F9-A274-B1CA13D11B36} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {48E2964E-A5B6-408F-B42B-A9195B7560B9} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {4C5AE44B-0E8E-44F2-8513-307423FD9731} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {6F585571-6702-4D8D-9EC6-B7D9D7107B83} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7260FB6B-BC4D-4229-BD6C-CD95B1572FCC} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-6.exe <==== ATTENTION
Task: {7878BF35-935A-403C-A30D-B5BFF221DDAC} - System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=fsf
Task: {82138DBD-B283-4C6B-B290-0EB1939D10B5} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-1-6.exe <==== ATTENTION
Task: {83BE98C6-A01B-49C8-BED2-8BAA20611802} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {87DB57AF-6B1E-464D-ABD5-1BD215308E04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {A36A2071-390E-4B71-AB89-7A17D1AE471B} - System32\Tasks\sab3009 => C:\PROGRA~2\FASTSE~1\sab3009.exe
Task: {A76A0464-034E-4020-8DB6-4B37EB65CBE2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {AF134532-6A01-4823-ACEB-DEF1887B7DD4} - System32\Tasks\{232614BD-67BD-4EBF-90C1-41D88EA2BE28} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {BD83FA08-4D88-4D55-AEDB-A4EACC597908} - System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7} => C:\Users\Lisa\AppData\Roaming\eNdNEAHi\EtXnGslP\AdxooqIv\xixYVblSO.exe
Task: {D13618AC-BFA7-4A9E-A5A6-CB25A73FC924} - System32\Tasks\{852D5EB1-DEB2-419A-B434-FF965F832EE3} => pcalua.exe -a C:\Users\Lisa\AppData\Local\Temp\Temp1_Monopoly-Pro.zip\Mono245.exe
Task: {D303EB84-BB65-4346-AD76-3722CFDA688D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DAC91302-EAC4-45D4-BFE4-3B82FF106951} - System32\Tasks\CaptureHigh => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Task: {E538F603-01B0-473D-B1C4-842B1F04F7AB} - System32\Tasks\{399FE967-C224-4524-BC64-12429ED5EB3D} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {E94A1CFE-2233-4F83-9BD7-39ED376F21F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CaptureHigh.job => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-06 13:31 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-15 11:40 - 2015-07-15 11:32 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libglesv2.dll
2015-07-15 11:40 - 2015-07-15 11:32 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libegl.dll
2015-07-16 22:56 - 2015-07-16 22:56 - 16307888 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_210.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B7427D0-65AF-4D6F-9C77-C9D3EAE8FAF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{05ADF46F-8AB7-47DC-B9F8-D69D2B6F9D2E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{43159BD3-25FA-4538-A56A-C3D62E6528B8}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{B11CEE67-C061-49E3-8BA5-D23BC2C5C688}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [TCP Query User{FC2540D5-6498-4814-92E9-4A7156FE873D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D5FF768B-EE92-4D05-A900-C87C68ED6EFA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F503F871-89ED-45DA-AC9C-3ABF4EA83152}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0363B4B7-70BB-4BAD-AB2A-B524E0278440}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{EA966F21-1E20-443D-B06F-199254E1FA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{00BC51D6-ED26-4B12-B2E8-D53A215859C6}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{02E9B33A-32E0-4CB0-B60C-443570E86382}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{83C41322-F52A-4447-B597-ABF58308B002}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D79E8567-1070-4DED-BF76-FA01B34BBB85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DE1FFE0B-7DF9-4EBD-8377-F8954E6A4B4A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7897420E-63CD-4CF0-9F73-7A0CCE9E614E}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75B29466-8908-44F0-A1DE-212A9B21F416}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{380FA9E8-A97A-4A4D-AD7D-183D9ED7F72C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4CE32472-B340-462F-8D90-03718A220F27}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{BA571566-1F0C-46F3-84B0-D9E64C0A1A9B}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C370CA67-FEC0-4E57-9577-9E9868E246ED}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E7C5C006-9310-40F9-824C-CC3100A04E46}] => (Allow) LPort=29900
FirewallRules: [{6717E152-FE41-4220-A3FD-911A4FAB29A3}] => (Allow) LPort=29900
FirewallRules: [TCP Query User{C909A75E-64E2-4323-A992-90D040C600A3}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{524D4E30-6753-40FE-9DCD-98490E1F7765}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{C3EA58CB-A810-48F8-B107-4504843CA73F}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1D5F5FB8-258B-4264-8B71-FC42316CB3A9}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{59D453EB-6027-41E9-913C-4912CDEC4074}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2E84E161-3287-4924-898E-1E1BB6EAD984}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F729251E-FE68-48C1-990C-68FC8CD2311B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1D0C6686-94DB-4DCA-B451-9E2FC61FA581}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8CA9BB09-2B22-4352-9B64-8BE803B0D081}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{7A6E2E0C-27F0-442F-B42F-86D429554D96}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{02093452-7A7B-4416-AD72-F842696FFAB5}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{E8D4FFF3-9D42-4DFF-8E87-4F6CDA4FD7B6}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [TCP Query User{7B7B029E-EC1B-4849-9773-980EEFFE8479}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{6ACD7323-35C2-47F9-829C-B4812F5B321B}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{4F703679-09CC-4FF6-A5E5-AD207B7911C5}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{186CFC37-D185-440A-B891-FE09B1F9B6CB}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{25C2745B-B011-439D-B034-521189260053}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9AA9719C-A0B6-42AF-B986-3B787289C955}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{72026A06-5CE7-4F1F-8B82-D46C025E04FE}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [UDP Query User{57CF344A-DEF8-4AA5-ABD4-BEBB398802B0}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [{086E3A07-F0BA-441A-B2A5-628C114C4944}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{AD22CA5F-6D73-4247-ABEE-2F311AED725D}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{E9D7C29F-9470-4E08-A983-DCD561CE1B83}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{D0344BA6-9AEA-4501-B781-550F31D19124}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{21CFAD21-A6FB-4ED6-8FC0-F1D047FEE3A9}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{A956318E-D938-4ED8-95F6-16E84EDB1976}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{E61A2207-EAAB-450D-8893-7CB93BB44071}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C091E2D-FA49-4B23-906E-7EE72D5B8451}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{B8217195-5D73-4DAC-AEB3-99ECE7D9059B}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{DBCFF8A6-DD4E-4873-8DA0-5AD931D1D0A8}] => (Allow) C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{D8F73629-9B95-4F6D-AFB8-6A275DCF4D6F}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Addon.exe
FirewallRules: [{A17D4F17-C96A-45F7-88A2-A18333D33B06}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Addon.exe
FirewallRules: [{B183F2F4-A691-4F0C-BA76-684549BBAA71}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{064AE189-23B8-4BDB-9673-B1B9E864C091}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{FDFCFA45-E069-41BF-9930-342036012F94}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2015 01:47:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 01:44:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 01:42:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 01:42:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/23/2015 11:32:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/22/2015 10:44:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Origin.exe, Version 9.6.1.5336 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ef4

Startzeit: 01d0c4be545739bf

Endzeit: 20

Anwendungspfad: C:\Program Files (x86)\Origin\Origin.exe

Berichts-ID: 650ffc0c-30b2-11e5-8630-001bfc1b1466


System errors:
=============
Error: (07/23/2015 11:34:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/23/2015 11:34:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lisa\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/23/2015 11:34:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/23/2015 11:34:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lisa\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/23/2015 11:34:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/23/2015 11:34:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lisa\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/23/2015 11:32:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/23/2015 11:32:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lisa\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/23/2015 11:32:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/23/2015 11:32:06 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lisa\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (07/23/2015 01:47:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/23/2015 01:44:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\lisa\downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 01:42:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/23/2015 01:42:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\perfect world entertainment\Arc\gamepatch\woi\launcher.exe

Error: (07/23/2015 11:32:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\lisa\downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/22/2015 10:44:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Origin.exe9.6.1.5336ef401d0c4be545739bf20C:\Program Files (x86)\Origin\Origin.exe650ffc0c-30b2-11e5-8630-001bfc1b1466


CodeIntegrity Errors:
===================================
  Date: 2015-07-23 11:19:58.596
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-23 11:19:58.518
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 15:30:18.954
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 15:30:18.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 12:14:07.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 12:14:07.566
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 11:54:15.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 11:54:15.566
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 10:31:48.301
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-22 10:31:48.223
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 2047.18 MB
Available physical RAM: 785.31 MB
Total Virtual: 4094.36 MB
Available Virtual: 2486.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:98.54 GB) NTFS
Drive d: (Tap - Land) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 36C9E45B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---
Also ich habe schon seit gestern, seit dem ich das Malwarebytes Anti-Malware drüber laufen gelassen habe und die da gefunden Dateien in Quarantäne sind keinerlei Probleme mehr.
Meine Frage jetzt dazu, sollen die da bleiben oder kann ich die auch löschen lassen? Oder fängt alles von vorne an wenn ich die lösche?

Alt 24.07.2015, 06:47   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect Problem - Standard

Search Protect Problem



Die kannste auch Löschen

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\Ensefnag\1.0.4.1\euclemli.exe

C:\Qoobox\Quarantine\C\Users\Lisa\AppData\Local\nsyAFD7.tmp.vir

C:\Users\All Users\Ensefnag\1.0.4.1\euclemli.exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4U9S4A19\AnyProtectSetup[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4U9S4A19\FinalInstaller_dotnet4[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4U9S4A19\FriendlyError_s4[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI583S8O\setup[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI583S8O\setup_gmsd_de[2].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\face_istartsurf[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\FriendlyError_s3[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\policyname[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QLLHHZ\SmartWebInstaller[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\AnyProtect[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\cmi_mystartsearch[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\SearchUpdater[1].exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGDK2SH0\setup[2].exe

C:\Users\Lisa\AppData\Local\Temp\fsd6509.exe

C:\Users\Lisa\AppData\Local\Temp\fsd712A.exe

C:\Users\Lisa\AppData\Local\Temp\fsdB1A2.exe

C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe

C:\Users\Lisa\AppData\Local\Temp\nsr37F5.tmp

C:\Users\Lisa\AppData\Local\Temp\nsrDCA0.tmp

C:\Users\Lisa\AppData\Local\Temp\nswC228.tmp.exe

C:\Users\Lisa\AppData\Local\Temp\CA50\temp\nswC228.tmp.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\11.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\399.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\436.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\465.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\473.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_BubbleSound_installer_multilang.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_optimizerpro_installer_multilang.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_pcrossbrowser_installer_multilang.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_priceless_p_installer_multilang.exe

C:\Users\Lisa\AppData\Local\Temp\is-24EIK.tmp\package_SByoutube_installer_multilang.exe

C:\Users\Lisa\AppData\Local\Temp\is-A8O9V.tmp\399.exe

C:\Users\Lisa\AppData\Local\Temp\is-KOH0O.tmp\399.exe

C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\399.exe

C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\436.exe

C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\465.exe

C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\473.exe

C:\Users\Lisa\AppData\Local\Temp\is-TO3ET.tmp\package_optimizerpro_installer_multilang.exe

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\59d65872ee915d517a23ebafc54b26b9.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\api\8bfdd4af9101a3a51b6ee5e8ed473611.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\api\a0dce027a605b62aff3b31a4838f3cc1.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\api\f2a491c25011147e180ee5446531bb5d.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\192466e5d0d4274940650755b542627f.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\43116e5ec779158fe1b6c4db750ceb6b.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\61ce3447aadd5452471249d93d2243cd.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\9a8578023ea5f360724bdf072c4eaae9.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\af6297bdb5eb89e8b2b22af9c98f5213.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\d864576fe7e2d1b8a5874cd837ab437c.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc\1.26.55_0\js\lib\e57aae17780a1504232ad6de9591e5ce.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm\1.0.1_0\background.js

C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm\1.0.1_0\content.js

C:\Users\Lisa\Downloads\Setup.exe

C:\Windows\Installer\MSI4885.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI4885.tmp-\sppsm.dll

C:\Windows\Installer\MSI4885.tmp-\spusm.dll

C:\Windows\Installer\MSI4885.tmp-\srptc.dll

C:\Windows\Installer\MSI4885.tmp-\srut.dll

C:\Windows\Installer\MSIACB5.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIACB5.tmp-\spbe.dll

C:\Windows\Installer\MSIACB5.tmp-\sppsm.dll

C:\Windows\Installer\MSIACB5.tmp-\spusm.dll

C:\Windows\Installer\MSIACB5.tmp-\srbs.dll

C:\Windows\Installer\MSIACB5.tmp-\srbu.dll

C:\Windows\Installer\MSIACB5.tmp-\srptc.dll

C:\Windows\Installer\MSIACB5.tmp-\srut.dll

Task: {01D328C8-BEE3-4023-A318-26E1BBF0FC20} - System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6 => C:\Program Files (x86)\Object Browser\b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6.exe <==== ATTENTION
C:\Program Files (x86)\Object Browser
Task: {48E2964E-A5B6-408F-B42B-A9195B7560B9} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
C:\Program Files\Common Files\Goobzo
Task: {7260FB6B-BC4D-4229-BD6C-CD95B1572FCC} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-6.exe <==== ATTENTION
C:\Program Files (x86)\iWebar
Task: {82138DBD-B283-4C6B-B290-0EB1939D10B5} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-1-6.exe <==== ATTENTION
c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}
Task: {DAC91302-EAC4-45D4-BFE4-3B82FF106951} - System32\Tasks\CaptureHigh => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION

Task: C:\Windows\Tasks\CaptureHigh.job => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte, mit Addition.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.07.2015, 20:59   #14
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von Lisa (Administrator) auf LISA-PC (28-07-2015 21:48:47)
Gestartet von C:\Users\Lisa\Pc Bereinigung
Geladene Profile: Lisa (Verfügbare Profile: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-10-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify Web Helper] => C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-27] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify] => C:\Users\Lisa\AppData\Roaming\Spotify\Spotify.exe [7574584 2015-07-27] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ATTENTION

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4A73E63-0074-49A9-ADD5-E0062660EF6D}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\NPSWF32.dll [2015-05-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-05-07] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR dev: Chrome dev build erkannt! <======= ATTENTION
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (iWebar) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-19]
OPR Extension: (Product Deals) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm [2015-07-20]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartsurf.com/?type=sc&ts=1437490452&z=4ba2030ede134013ed43606g1z1c4m1z0t3ecz0o5e&from=face&uid=SAMSUNGXHD252HJ_S17HJ1KS303375

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2014-10-01] (Andrea Electronics Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88584 2015-05-07] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-04] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2015-04-20] () [Datei ist nicht signiert]
R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2015-04-20] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-09-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2014-09-06] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] () [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 21:47 - 2015-07-28 21:47 - 00007045 _____ C:\Users\Lisa\Desktop\Fixlist.txt
2015-07-28 21:15 - 2015-07-28 21:15 - 00000000 ____D C:\Users\Lisa\Desktop\runtime
2015-07-28 21:09 - 2015-07-28 21:17 - 00000000 ____D C:\Users\Lisa\Desktop\game
2015-07-28 21:09 - 2015-07-28 21:09 - 01293704 _____ (Mojang) C:\Users\Lisa\Desktop\Minecraft.exe
2015-07-28 21:09 - 2015-07-28 21:09 - 00000000 ____D C:\Users\Lisa\Desktop\tools
2015-07-27 13:33 - 2015-07-27 13:33 - 00009789 _____ C:\Users\Lisa\Documents\zahnarzt.odt
2015-07-26 10:44 - 2015-07-26 10:46 - 00000000 ____D C:\Users\Lisa\Downloads\Breath_of_Fire_3
2015-07-22 13:42 - 2015-07-22 14:01 - 00000000 ____D C:\Users\Lisa\Desktop\Ps1 Emulator
2015-07-22 13:37 - 2015-07-28 21:48 - 00000000 ____D C:\Users\Lisa\Pc Bereinigung
2015-07-22 11:04 - 2015-07-22 12:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 11:04 - 2015-07-22 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-22 11:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 11:04 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 11:03 - 2015-07-22 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-22 11:03 - 2015-07-22 11:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 11:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-21 16:01 - 2015-07-21 16:01 - 00003038 _____ C:\Windows\System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7}
2015-07-21 16:01 - 2015-07-21 16:01 - 00000000 ___HD C:\Users\Lisa\AppData\Roaming\eNdNEAHi
2015-07-21 13:34 - 2015-07-22 12:13 - 00000000 ____D C:\AdwCleaner
2015-07-21 12:25 - 2015-07-22 11:51 - 00000000 ____D C:\Program Files (x86)\Tv For  Chrome
2015-07-21 11:47 - 2015-07-21 11:47 - 00032958 _____ C:\ComboFix.txt
2015-07-21 11:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-21 11:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-21 11:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-21 11:08 - 2015-07-21 11:47 - 00000000 ____D C:\Qoobox
2015-07-21 11:08 - 2015-07-21 11:44 - 00000000 ____D C:\Windows\erdnt
2015-07-21 10:45 - 2015-07-28 16:45 - 00000334 _____ C:\Windows\Tasks\CaptureHigh.job
2015-07-21 10:45 - 2015-07-21 10:45 - 00003244 _____ C:\Windows\System32\Tasks\CaptureHigh
2015-07-21 10:44 - 2015-07-21 12:24 - 00000000 _____ C:\dummy.htm
2015-07-21 10:26 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:26 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:26 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:44 - 2015-07-20 20:44 - 00000000 ____D C:\Users\Lisa\Documents\ANNO 1404 Venedig
2015-07-20 19:21 - 2015-07-20 19:21 - 00000201 _____ C:\Users\Lisa\Desktop\Anno 1404 Venice.url
2015-07-20 17:32 - 2015-07-28 21:48 - 00000000 ____D C:\FRST
2015-07-20 16:49 - 2015-07-28 09:01 - 00000896 _____ C:\Windows\setupact.log
2015-07-20 16:49 - 2015-07-22 10:32 - 00368880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00104056 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00000000 _____ C:\Windows\setuperr.log
2015-07-20 16:48 - 2015-07-22 11:54 - 00007478 _____ C:\Windows\PFRO.log
2015-07-20 15:45 - 2015-07-20 15:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-20 15:19 - 2015-07-28 09:01 - 00000000 ____D C:\Users\Lisa\AppData\Local\Spotify
2015-07-20 12:32 - 2015-07-28 09:02 - 00000000 ___RD C:\Users\Lisa\Dropbox
2015-07-20 12:32 - 2015-07-20 12:32 - 00001121 _____ C:\Users\Lisa\Desktop\Dropbox.lnk
2015-07-20 12:31 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-20 12:29 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2015-07-20 12:28 - 2015-07-28 21:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
2015-07-20 12:28 - 2015-07-28 12:39 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
2015-07-20 12:28 - 2015-07-20 12:34 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA
2015-07-20 12:28 - 2015-07-20 12:34 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core
2015-07-20 12:26 - 2015-07-28 09:02 - 00000000 ____D C:\Users\Lisa\AppData\Local\Dropbox
2015-07-20 12:26 - 2015-07-20 12:26 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-20 10:08 - 2015-07-20 10:08 - 00003088 _____ C:\Windows\System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9}
2015-07-20 00:54 - 2015-07-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Flash
2015-07-20 00:33 - 2015-07-22 10:47 - 00000000 ____D C:\ProgramData\Ensefnag
2015-07-20 00:28 - 2015-07-20 00:28 - 00003850 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-20 00:28 - 2015-07-20 00:28 - 00000000 _____ C:\places.sqlite
2015-07-20 00:23 - 2015-07-20 10:09 - 00000000 ____D C:\Program Files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-20 00:17 - 2015-07-20 00:17 - 00104056 _____ C:\Users\Surriya\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 00:17 - 2015-07-20 00:17 - 00001425 _____ C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 00:17 - 2015-07-20 00:17 - 00000020 ___SH C:\Users\Surriya\ntuser.ini
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Vorlagen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Startmenü
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Netzwerkumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Lokale Einstellungen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Eigene Dateien
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Druckumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Musik
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Bilder
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Verlauf
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Roaming\Adobe
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\VirtualStore
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\NVIDIA
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya
2015-07-20 00:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 00:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-19 22:57 - 2015-07-19 22:57 - 00003140 _____ C:\Windows\System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD}
2015-07-19 22:46 - 2015-07-19 22:46 - 00005478 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007522 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007202 _____ C:\Windows\System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6
2015-07-19 22:39 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-19 22:38 - 2015-07-21 22:23 - 00000000 ____D C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 22:37 - 2015-07-22 11:08 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 22:37 - 2015-07-19 22:39 - 00000000 ____D C:\ProgramData\AppMgr4.27.1676029
2015-07-19 22:34 - 2015-07-20 22:34 - 00003254 _____ C:\Windows\System32\Tasks\IT Viewer Job
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\prleth.sys
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-19 22:13 - 2015-07-19 22:13 - 00003086 _____ C:\Windows\System32\Tasks\sab3009
2015-07-16 08:21 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 08:21 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 11:41 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 11:41 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:41 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:41 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:41 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:41 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 11:40 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:40 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:40 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:40 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:40 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:40 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:40 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:40 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:40 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:40 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:40 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:40 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:40 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:40 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:40 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:40 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:40 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:40 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:40 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:39 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:39 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 11:39 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 11:39 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 11:38 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:38 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:38 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:38 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:38 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:36 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 11:36 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 11:36 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 11:36 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:36 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:36 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:36 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 11:35 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-28 11:44 - 2015-07-28 14:38 - 02093020 _____ C:\Windows\WindowsUpdate.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 21:40 - 2014-09-06 15:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2015-07-28 21:40 - 2014-09-06 13:58 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89F12786-F91C-4F8D-9328-AC820C7336A4}
2015-07-28 21:36 - 2014-09-06 16:11 - 00000000 ____D C:\Users\Lisa\AppData\Local\FirestormOS_x64
2015-07-28 21:35 - 2014-09-06 14:24 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\TS3Client
2015-07-28 21:19 - 2014-09-06 14:19 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\.minecraft
2015-07-28 20:55 - 2014-09-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 11:35 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 11:35 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 09:02 - 2014-09-16 11:18 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Spotify
2015-07-28 09:01 - 2014-09-06 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-28 09:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 08:56 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 17:55 - 2014-09-06 14:16 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 17:55 - 2014-09-06 14:16 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-24 17:55 - 2014-09-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 21:07 - 2014-09-17 16:52 - 00000000 ____D C:\ProgramData\Origin
2015-07-22 22:39 - 2014-11-24 15:04 - 00000000 ____D C:\Users\Lisa\Documents\BioWare
2015-07-22 13:37 - 2014-09-06 13:11 - 00000000 ____D C:\Users\Lisa
2015-07-22 12:12 - 2014-09-06 13:13 - 00000993 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-22 10:32 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-21 11:47 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 11:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-21 11:43 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 20:45 - 2014-09-06 14:32 - 00000000 ____D C:\Steam
2015-07-20 16:19 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
2015-07-20 12:45 - 2014-11-30 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 10:17 - 2014-11-24 14:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-20 10:16 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-20 10:00 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 00:12 - 2015-04-20 10:45 - 00000000 ____D C:\Windows\Minidump
2015-07-19 23:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-19 23:38 - 2014-09-15 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-19 22:37 - 2014-09-06 17:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Mozilla
2015-07-19 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 22:17 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 07:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:01 - 2014-12-12 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:01 - 2014-09-06 15:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 06:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 23:51 - 2014-09-06 15:04 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 11:51 - 2014-09-06 14:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410005444
2015-07-15 11:51 - 2014-09-06 14:10 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-15 11:08 - 2014-09-15 14:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:03 - 2014-12-27 12:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-08 21:14 - 2014-11-19 22:34 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieBrowserModeList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieUserList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieSiteList
2015-07-05 12:08 - 2014-09-06 13:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 09:57 - 2014-09-06 15:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 09:56 - 2014-11-28 23:34 - 00000000 ____D C:\Users\Lisa\Documents\Electronic Arts
2015-07-04 09:40 - 2014-09-17 16:52 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 08:43 - 2014-09-06 15:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Einige Dateien in TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\486.exe
C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8p_pao.dll
C:\Users\Lisa\AppData\Local\Temp\fsd6509.exe
C:\Users\Lisa\AppData\Local\Temp\fsd712A.exe
C:\Users\Lisa\AppData\Local\Temp\fsdB1A2.exe
C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe
C:\Users\Lisa\AppData\Local\Temp\gkey.exe
C:\Users\Lisa\AppData\Local\Temp\nswC228.tmp.exe
C:\Users\Lisa\AppData\Local\Temp\pkeyui.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\Uninstall.exe
C:\Users\Lisa\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-23 13:40

==================== Ende von log ============================
         
--- --- ---
[/CODE]


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von Lisa (Administrator) auf LISA-PC (28-07-2015 21:56:28)
Gestartet von C:\Users\Lisa\Pc Bereinigung
Geladene Profile: Lisa (Verfügbare Profile: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-10-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify Web Helper] => C:\Users\Lisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-27] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Spotify] => C:\Users\Lisa\AppData\Roaming\Spotify\Spotify.exe [7574584 2015-07-27] (Spotify Ltd)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ATTENTION

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4A73E63-0074-49A9-ADD5-E0062660EF6D}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\NPSWF32.dll [2015-05-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-05-07] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR dev: Chrome dev build erkannt! <======= ATTENTION
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (iWebar) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-19]
OPR Extension: (Product Deals) - C:\Users\Lisa\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfnfcecgilmblkepmebjomnhmjpacllm [2015-07-20]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartsurf.com/?type=sc&ts=1437490452&z=4ba2030ede134013ed43606g1z1c4m1z0t3ecz0o5e&from=face&uid=SAMSUNGXHD252HJ_S17HJ1KS303375

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2014-10-01] (Andrea Electronics Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88584 2015-05-07] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-04] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2015-04-20] () [Datei ist nicht signiert]
R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2015-04-20] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-09-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2014-09-06] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] () [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 21:56 - 2015-07-27 19:44 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Lisa\Desktop\JRT.exe
2015-07-28 21:47 - 2015-07-28 21:47 - 00007045 _____ C:\Users\Lisa\Desktop\Fixlist.txt
2015-07-28 21:15 - 2015-07-28 21:15 - 00000000 ____D C:\Users\Lisa\Desktop\runtime
2015-07-28 21:09 - 2015-07-28 21:17 - 00000000 ____D C:\Users\Lisa\Desktop\game
2015-07-28 21:09 - 2015-07-28 21:09 - 01293704 _____ (Mojang) C:\Users\Lisa\Desktop\Minecraft.exe
2015-07-28 21:09 - 2015-07-28 21:09 - 00000000 ____D C:\Users\Lisa\Desktop\tools
2015-07-27 13:33 - 2015-07-27 13:33 - 00009789 _____ C:\Users\Lisa\Documents\zahnarzt.odt
2015-07-26 10:44 - 2015-07-26 10:46 - 00000000 ____D C:\Users\Lisa\Downloads\Breath_of_Fire_3
2015-07-22 13:42 - 2015-07-22 14:01 - 00000000 ____D C:\Users\Lisa\Desktop\Ps1 Emulator
2015-07-22 13:37 - 2015-07-28 21:56 - 00000000 ____D C:\Users\Lisa\Pc Bereinigung
2015-07-22 11:04 - 2015-07-28 21:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 11:04 - 2015-07-22 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-22 11:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 11:04 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 11:03 - 2015-07-22 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-22 11:03 - 2015-07-22 11:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 11:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-21 16:01 - 2015-07-21 16:01 - 00003038 _____ C:\Windows\System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7}
2015-07-21 16:01 - 2015-07-21 16:01 - 00000000 ___HD C:\Users\Lisa\AppData\Roaming\eNdNEAHi
2015-07-21 13:34 - 2015-07-22 12:13 - 00000000 ____D C:\AdwCleaner
2015-07-21 12:25 - 2015-07-22 11:51 - 00000000 ____D C:\Program Files (x86)\Tv For  Chrome
2015-07-21 11:47 - 2015-07-21 11:47 - 00032958 _____ C:\ComboFix.txt
2015-07-21 11:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-21 11:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-21 11:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-21 11:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-21 11:08 - 2015-07-21 11:47 - 00000000 ____D C:\Qoobox
2015-07-21 11:08 - 2015-07-21 11:44 - 00000000 ____D C:\Windows\erdnt
2015-07-21 10:45 - 2015-07-28 16:45 - 00000334 _____ C:\Windows\Tasks\CaptureHigh.job
2015-07-21 10:45 - 2015-07-21 10:45 - 00003244 _____ C:\Windows\System32\Tasks\CaptureHigh
2015-07-21 10:44 - 2015-07-21 12:24 - 00000000 _____ C:\dummy.htm
2015-07-21 10:26 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:26 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:26 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:26 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:26 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:26 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:44 - 2015-07-20 20:44 - 00000000 ____D C:\Users\Lisa\Documents\ANNO 1404 Venedig
2015-07-20 19:21 - 2015-07-20 19:21 - 00000201 _____ C:\Users\Lisa\Desktop\Anno 1404 Venice.url
2015-07-20 17:32 - 2015-07-28 21:56 - 00000000 ____D C:\FRST
2015-07-20 16:49 - 2015-07-28 09:01 - 00000896 _____ C:\Windows\setupact.log
2015-07-20 16:49 - 2015-07-22 10:32 - 00368880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00104056 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 16:49 - 2015-07-20 16:49 - 00000000 _____ C:\Windows\setuperr.log
2015-07-20 16:48 - 2015-07-22 11:54 - 00007478 _____ C:\Windows\PFRO.log
2015-07-20 15:45 - 2015-07-20 15:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-20 15:19 - 2015-07-28 09:01 - 00000000 ____D C:\Users\Lisa\AppData\Local\Spotify
2015-07-20 12:32 - 2015-07-28 09:02 - 00000000 ___RD C:\Users\Lisa\Dropbox
2015-07-20 12:32 - 2015-07-20 12:32 - 00001121 _____ C:\Users\Lisa\Desktop\Dropbox.lnk
2015-07-20 12:31 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-20 12:29 - 2015-07-20 12:31 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2015-07-20 12:28 - 2015-07-28 21:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job
2015-07-20 12:28 - 2015-07-28 12:39 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job
2015-07-20 12:28 - 2015-07-20 12:34 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA
2015-07-20 12:28 - 2015-07-20 12:34 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core
2015-07-20 12:26 - 2015-07-28 09:02 - 00000000 ____D C:\Users\Lisa\AppData\Local\Dropbox
2015-07-20 12:26 - 2015-07-20 12:26 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-20 10:08 - 2015-07-20 10:08 - 00003088 _____ C:\Windows\System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9}
2015-07-20 00:54 - 2015-07-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Flash
2015-07-20 00:33 - 2015-07-22 10:47 - 00000000 ____D C:\ProgramData\Ensefnag
2015-07-20 00:28 - 2015-07-20 00:28 - 00003850 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-20 00:28 - 2015-07-20 00:28 - 00000000 _____ C:\places.sqlite
2015-07-20 00:23 - 2015-07-20 10:09 - 00000000 ____D C:\Program Files (x86)\5a0a607d-3b41-4c48-8b9f-28547ee4a1f4
2015-07-20 00:17 - 2015-07-20 00:17 - 00104056 _____ C:\Users\Surriya\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-20 00:17 - 2015-07-20 00:17 - 00001425 _____ C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 00:17 - 2015-07-20 00:17 - 00000020 ___SH C:\Users\Surriya\ntuser.ini
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Vorlagen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Startmenü
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Netzwerkumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Lokale Einstellungen
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Eigene Dateien
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Druckumgebung
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Musik
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Documents\Eigene Bilder
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Verlauf
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\AppData\Local\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 _SHDL C:\Users\Surriya\Anwendungsdaten
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Roaming\Adobe
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\VirtualStore
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya\AppData\Local\NVIDIA
2015-07-20 00:17 - 2015-07-20 00:17 - 00000000 ____D C:\Users\Surriya
2015-07-20 00:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 00:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Surriya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-19 22:57 - 2015-07-19 22:57 - 00003140 _____ C:\Windows\System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD}
2015-07-19 22:46 - 2015-07-19 22:46 - 00005478 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007522 _____ C:\Windows\System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6
2015-07-19 22:43 - 2015-07-19 22:43 - 00007202 _____ C:\Windows\System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6
2015-07-19 22:39 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-19 22:38 - 2015-07-21 22:23 - 00000000 ____D C:\Program Files (x86)\4DE81800-1437338334-11DB-BB71-001BFC1B1466
2015-07-19 22:37 - 2015-07-22 11:08 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 22:37 - 2015-07-19 22:39 - 00000000 ____D C:\ProgramData\AppMgr4.27.1676029
2015-07-19 22:34 - 2015-07-20 22:34 - 00003254 _____ C:\Windows\System32\Tasks\IT Viewer Job
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\prleth.sys
2015-07-19 22:33 - 2015-07-19 22:33 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-19 22:13 - 2015-07-19 22:13 - 00003086 _____ C:\Windows\System32\Tasks\sab3009
2015-07-16 08:21 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 08:21 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 11:41 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 11:41 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 11:41 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 11:41 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 11:41 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:41 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:41 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:41 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:41 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:41 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:41 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 11:40 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:40 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:40 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:40 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:40 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:40 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:40 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:40 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:40 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:40 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:40 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:40 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:40 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:40 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:40 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:40 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:40 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:40 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:40 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:40 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:40 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:40 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:40 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:40 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:39 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:39 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 11:39 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 11:39 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 11:39 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 11:39 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 11:39 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 11:38 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:38 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:38 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:38 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:38 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:38 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:38 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:38 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:38 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:38 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:38 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:38 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:36 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 11:36 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 11:36 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 11:36 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 11:36 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:36 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:36 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:36 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:36 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:36 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:36 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 11:35 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-28 11:44 - 2015-07-28 21:53 - 02095724 _____ C:\Windows\WindowsUpdate.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 21:56 - 2014-09-06 15:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2015-07-28 21:55 - 2014-09-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 21:55 - 2014-09-06 13:58 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89F12786-F91C-4F8D-9328-AC820C7336A4}
2015-07-28 21:36 - 2014-09-06 16:11 - 00000000 ____D C:\Users\Lisa\AppData\Local\FirestormOS_x64
2015-07-28 21:35 - 2014-09-06 14:24 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\TS3Client
2015-07-28 21:19 - 2014-09-06 14:19 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\.minecraft
2015-07-28 11:35 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 11:35 - 2009-07-14 06:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 09:02 - 2014-09-16 11:18 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Spotify
2015-07-28 09:01 - 2014-09-06 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-28 09:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 08:56 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 17:55 - 2014-09-06 14:16 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 17:55 - 2014-09-06 14:16 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-24 17:55 - 2014-09-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 21:07 - 2014-09-17 16:52 - 00000000 ____D C:\ProgramData\Origin
2015-07-22 22:39 - 2014-11-24 15:04 - 00000000 ____D C:\Users\Lisa\Documents\BioWare
2015-07-22 13:37 - 2014-09-06 13:11 - 00000000 ____D C:\Users\Lisa
2015-07-22 12:12 - 2014-09-06 13:13 - 00000993 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-22 10:32 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-21 11:47 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-21 11:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-21 11:43 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 20:45 - 2014-09-06 14:32 - 00000000 ____D C:\Steam
2015-07-20 16:19 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
2015-07-20 12:45 - 2014-11-30 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 10:17 - 2014-11-24 14:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-20 10:16 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-20 10:00 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 00:12 - 2015-04-20 10:45 - 00000000 ____D C:\Windows\Minidump
2015-07-19 23:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-19 23:38 - 2014-09-15 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-19 22:37 - 2014-09-06 17:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Mozilla
2015-07-19 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 22:17 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-16 23:06 - 2015-04-04 17:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 07:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:01 - 2014-12-12 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:01 - 2014-09-06 15:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 06:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 23:51 - 2014-09-06 15:04 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 11:51 - 2014-09-06 14:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410005444
2015-07-15 11:51 - 2014-09-06 14:10 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-15 11:08 - 2014-09-15 14:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:03 - 2014-12-27 12:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-08 21:14 - 2014-11-19 22:34 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieBrowserModeList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieUserList
2015-07-08 21:14 - 2014-09-25 19:02 - 00000000 __SHD C:\Users\Lisa\AppData\Local\EmieSiteList
2015-07-05 12:08 - 2014-09-06 13:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 09:57 - 2014-09-06 15:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 09:56 - 2014-11-28 23:34 - 00000000 ____D C:\Users\Lisa\Documents\Electronic Arts
2015-07-04 09:40 - 2014-09-17 16:52 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 08:43 - 2014-09-06 15:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Einige Dateien in TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\486.exe
C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8p_pao.dll
C:\Users\Lisa\AppData\Local\Temp\fsd6509.exe
C:\Users\Lisa\AppData\Local\Temp\fsd712A.exe
C:\Users\Lisa\AppData\Local\Temp\fsdB1A2.exe
C:\Users\Lisa\AppData\Local\Temp\fsdC245.exe
C:\Users\Lisa\AppData\Local\Temp\gkey.exe
C:\Users\Lisa\AppData\Local\Temp\nswC228.tmp.exe
C:\Users\Lisa\AppData\Local\Temp\pkeyui.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\Uninstall.exe
C:\Users\Lisa\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-23 13:40

==================== Ende von log ============================
         
--- --- ---
[/CODE]

Alt 28.07.2015, 21:00   #15
Surriya
 
Search Protect Problem - Standard

Search Protect Problem



Code:
ATTFilter
  Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015
durchgeführt von Lisa an 2015-07-28 21:57:09
Gestartet von C:\Users\Lisa\Pc Bereinigung
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3081106795-2452553169-1351690023-500 - Administrator - Disabled)
Gast (S-1-5-21-3081106795-2452553169-1351690023-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081106795-2452553169-1351690023-1002 - Limited - Enabled)
Lisa (S-1-5-21-3081106795-2452553169-1351690023-1001 - Administrator - Enabled) => C:\Users\Lisa

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.115 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Anno 1404: Venice (HKLM-x32\...\Steam App 33350) (Version:  - Blue Byte)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.9.80.1020 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Spotify (HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

25-07-2015 09:04:10 Windows Update
28-07-2015 09:21:03 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01D328C8-BEE3-4023-A318-26E1BBF0FC20} - System32\Tasks\temp_b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6 => C:\Program Files (x86)\Object Browser\b1f0b064-6205-4e49-8f0c-ba0d5ac977c0-6.exe <==== ATTENTION
Task: {0E4D537E-6AEC-48CF-AC06-DF097340F477} - System32\Tasks\{6F1602F9-D378-4EFF-8194-FBB7BD3980B9} => pcalua.exe -a "C:\Program Files (x86)\FriendlyError\tmpA2E.bat"
Task: {0FE1C2D4-6C14-4972-B3A3-FBB4744EB96B} - System32\Tasks\{52E89830-3959-4D71-A55C-FAD2010555E9} => pcalua.exe -a C:\Users\Lisa\Downloads\win64_153330.exe -d C:\Users\Lisa\Downloads
Task: {1AB4098A-2484-45E0-90BA-04216460EA73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {21021748-3E8C-445F-A703-46D299CA75DC} - System32\Tasks\Opera scheduled Autoupdate 1410005444 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {232CCFDC-0804-4DF5-AA14-AE287CACB450} - System32\Tasks\IT Viewer Job => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {262FB643-37A8-4B67-8C16-2E4340A3F018} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2F85E6EF-0603-4A40-B943-E4A8E671143E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {3FD112B8-7BBA-4CA0-9955-3782BE8AA577} - System32\Tasks\{12BE6692-9709-45F9-A274-B1CA13D11B36} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {48E2964E-A5B6-408F-B42B-A9195B7560B9} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {4C5AE44B-0E8E-44F2-8513-307423FD9731} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {6F585571-6702-4D8D-9EC6-B7D9D7107B83} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7260FB6B-BC4D-4229-BD6C-CD95B1572FCC} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-6.exe <==== ATTENTION
Task: {7878BF35-935A-403C-A30D-B5BFF221DDAC} - System32\Tasks\{526C6BE4-7E50-4DAD-A34F-D57A6232E8AD} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=fsf
Task: {82138DBD-B283-4C6B-B290-0EB1939D10B5} - System32\Tasks\temp_f885e91a-239b-453e-b901-c71087ae2a9d-1-6 => C:\Program Files (x86)\iWebar\f885e91a-239b-453e-b901-c71087ae2a9d-1-6.exe <==== ATTENTION
Task: {83BE98C6-A01B-49C8-BED2-8BAA20611802} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {87DB57AF-6B1E-464D-ABD5-1BD215308E04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {A36A2071-390E-4B71-AB89-7A17D1AE471B} - System32\Tasks\sab3009 => C:\PROGRA~2\FASTSE~1\sab3009.exe
Task: {A76A0464-034E-4020-8DB6-4B37EB65CBE2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {AF134532-6A01-4823-ACEB-DEF1887B7DD4} - System32\Tasks\{232614BD-67BD-4EBF-90C1-41D88EA2BE28} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {BD83FA08-4D88-4D55-AEDB-A4EACC597908} - System32\Tasks\{E3B3875B-230E-D8AF-077B-954B8BF903B7} => C:\Users\Lisa\AppData\Roaming\eNdNEAHi\EtXnGslP\AdxooqIv\xixYVblSO.exe
Task: {D13618AC-BFA7-4A9E-A5A6-CB25A73FC924} - System32\Tasks\{852D5EB1-DEB2-419A-B434-FF965F832EE3} => pcalua.exe -a C:\Users\Lisa\AppData\Local\Temp\Temp1_Monopoly-Pro.zip\Mono245.exe
Task: {D303EB84-BB65-4346-AD76-3722CFDA688D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DAC91302-EAC4-45D4-BFE4-3B82FF106951} - System32\Tasks\CaptureHigh => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Task: {E538F603-01B0-473D-B1C4-842B1F04F7AB} - System32\Tasks\{399FE967-C224-4524-BC64-12429ED5EB3D} => pcalua.exe -a C:\Users\Lisa\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {E94A1CFE-2233-4F83-9BD7-39ED376F21F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CaptureHigh.job => c:\programdata\{fdaa3723-70d5-e9be-fdaa-a372370ddc8d}\nshcadf.tmp.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3081106795-2452553169-1351690023-1001UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-09-06 13:31 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-28 09:01 - 2015-07-28 09:01 - 00043008 _____ () c:\users\lisa\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8p_pao.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-20 12:30 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-15 11:40 - 2015-07-15 11:32 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libglesv2.dll
2015-07-15 11:40 - 2015-07-15 11:32 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libegl.dll
2015-07-24 17:55 - 2015-07-24 17:55 - 16322248 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_115.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\...\aeriagames.com -> hxxp://aeriagames.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3081106795-2452553169-1351690023-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{3B7427D0-65AF-4D6F-9C77-C9D3EAE8FAF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{05ADF46F-8AB7-47DC-B9F8-D69D2B6F9D2E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{43159BD3-25FA-4538-A56A-C3D62E6528B8}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{B11CEE67-C061-49E3-8BA5-D23BC2C5C688}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [TCP Query User{FC2540D5-6498-4814-92E9-4A7156FE873D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D5FF768B-EE92-4D05-A900-C87C68ED6EFA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F503F871-89ED-45DA-AC9C-3ABF4EA83152}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0363B4B7-70BB-4BAD-AB2A-B524E0278440}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{EA966F21-1E20-443D-B06F-199254E1FA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{00BC51D6-ED26-4B12-B2E8-D53A215859C6}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{02E9B33A-32E0-4CB0-B60C-443570E86382}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{83C41322-F52A-4447-B597-ABF58308B002}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D79E8567-1070-4DED-BF76-FA01B34BBB85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DE1FFE0B-7DF9-4EBD-8377-F8954E6A4B4A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7897420E-63CD-4CF0-9F73-7A0CCE9E614E}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75B29466-8908-44F0-A1DE-212A9B21F416}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{380FA9E8-A97A-4A4D-AD7D-183D9ED7F72C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4CE32472-B340-462F-8D90-03718A220F27}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{BA571566-1F0C-46F3-84B0-D9E64C0A1A9B}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C370CA67-FEC0-4E57-9577-9E9868E246ED}C:\users\lisa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E7C5C006-9310-40F9-824C-CC3100A04E46}] => (Allow) LPort=29900
FirewallRules: [{6717E152-FE41-4220-A3FD-911A4FAB29A3}] => (Allow) LPort=29900
FirewallRules: [TCP Query User{C909A75E-64E2-4323-A992-90D040C600A3}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{524D4E30-6753-40FE-9DCD-98490E1F7765}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{C3EA58CB-A810-48F8-B107-4504843CA73F}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1D5F5FB8-258B-4264-8B71-FC42316CB3A9}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{59D453EB-6027-41E9-913C-4912CDEC4074}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2E84E161-3287-4924-898E-1E1BB6EAD984}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F729251E-FE68-48C1-990C-68FC8CD2311B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1D0C6686-94DB-4DCA-B451-9E2FC61FA581}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8CA9BB09-2B22-4352-9B64-8BE803B0D081}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{7A6E2E0C-27F0-442F-B42F-86D429554D96}C:\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) C:\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{02093452-7A7B-4416-AD72-F842696FFAB5}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{E8D4FFF3-9D42-4DFF-8E87-4F6CDA4FD7B6}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [TCP Query User{7B7B029E-EC1B-4849-9773-980EEFFE8479}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{6ACD7323-35C2-47F9-829C-B4812F5B321B}C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{4F703679-09CC-4FF6-A5E5-AD207B7911C5}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{186CFC37-D185-440A-B891-FE09B1F9B6CB}C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lisa\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{25C2745B-B011-439D-B034-521189260053}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9AA9719C-A0B6-42AF-B986-3B787289C955}C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\lisa\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{72026A06-5CE7-4F1F-8B82-D46C025E04FE}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [UDP Query User{57CF344A-DEF8-4AA5-ABD4-BEBB398802B0}C:\program files (x86)\origin games\fifa world\fifaworld.exe] => (Allow) C:\program files (x86)\origin games\fifa world\fifaworld.exe
FirewallRules: [{086E3A07-F0BA-441A-B2A5-628C114C4944}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{AD22CA5F-6D73-4247-ABEE-2F311AED725D}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{E9D7C29F-9470-4E08-A983-DCD561CE1B83}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{D0344BA6-9AEA-4501-B781-550F31D19124}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{21CFAD21-A6FB-4ED6-8FC0-F1D047FEE3A9}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{A956318E-D938-4ED8-95F6-16E84EDB1976}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{E61A2207-EAAB-450D-8893-7CB93BB44071}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C091E2D-FA49-4B23-906E-7EE72D5B8451}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{B8217195-5D73-4DAC-AEB3-99ECE7D9059B}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{DBCFF8A6-DD4E-4873-8DA0-5AD931D1D0A8}] => (Allow) C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{D8F73629-9B95-4F6D-AFB8-6A275DCF4D6F}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Addon.exe
FirewallRules: [{A17D4F17-C96A-45F7-88A2-A18333D33B06}] => (Allow) C:\Steam\SteamApps\common\Anno 1404\Addon.exe
FirewallRules: [{B183F2F4-A691-4F0C-BA76-684549BBAA71}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{064AE189-23B8-4BDB-9673-B1B9E864C091}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{FDFCFA45-E069-41BF-9930-342036012F94}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/26/2015 06:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: psxfin.exe, Version: 0.0.0.0, Zeitstempel: 0x46d33866
Name des fehlerhaften Moduls: psxfin.exe, Version: 0.0.0.0, Zeitstempel: 0x46d33866
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001138b2
ID des fehlerhaften Prozesses: 0x13cc
Startzeit der fehlerhaften Anwendung: 0xpsxfin.exe0
Pfad der fehlerhaften Anwendung: psxfin.exe1
Pfad des fehlerhaften Moduls: psxfin.exe2
Berichtskennung: psxfin.exe3

Error: (07/23/2015 01:47:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 01:44:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 01:42:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 01:42:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/23/2015 11:32:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/23/2015 11:29:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


Systemfehler:
=============
Error: (07/28/2015 09:01:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07

Error: (07/28/2015 09:01:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/27/2015 09:59:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07

Error: (07/27/2015 09:59:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/26/2015 10:13:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07

Error: (07/26/2015 10:13:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/25/2015 08:52:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07

Error: (07/25/2015 08:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/24/2015 09:58:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
acedrv07

Error: (07/24/2015 09:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (07/26/2015 06:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: psxfin.exe0.0.0.046d33866psxfin.exe0.0.0.046d33866c0000005001138b213cc01d0c7c1475a3939C:\Users\Lisa\Desktop\Ps1 Emulator\psxfin.exeC:\Users\Lisa\Desktop\Ps1 Emulator\psxfin.exe9e6484f5-33b4-11e5-a94b-001bfc1b1466

Error: (07/23/2015 01:47:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/23/2015 01:44:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\lisa\downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 01:42:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/23/2015 01:42:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\perfect world entertainment\Arc\gamepatch\woi\launcher.exe

Error: (07/23/2015 11:32:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\lisa\downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe

Error: (07/23/2015 11:29:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lisa\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Fehler:
===================================
  Date: 2015-07-28 09:01:14.788
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-28 09:01:14.710
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-27 09:59:18.725
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-27 09:59:18.647
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-26 10:12:44.994
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-26 10:12:44.916
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-25 08:51:40.624
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-25 08:51:40.561
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-24 09:58:32.516
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-24 09:58:32.438
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 57%
Total physical RAM: 2047.18 MB
Available physical RAM: 866.63 MB
Total Virtual: 4094.36 MB
Available Virtual: 1650.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:110.21 GB) NTFS
Drive d: (Tap - Land) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 36C9E45B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== Ende von log ============================
         

Antwort

Themen zu Search Protect Problem
brauche, browser, dringend, einfach, funktionen, google, hilfe!, installer, komplett, neustart, nicht mehr, problem, programme, protect, revo uninstaller, runter, search, search protect problem, startseite, sweet-page, sweet-page entfernen, symbole, taskleiste, thread, uninstaller, versuche, warum




Ähnliche Themen: Search Protect Problem


  1. Search Protect in Taskleiste
    Log-Analyse und Auswertung - 17.04.2015 (24)
  2. Search Protect in Taskleiste
    Lob, Kritik und Wünsche - 16.04.2015 (1)
  3. Search Protect entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  4. Windows 7: Search Protect
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (11)
  5. Search Protect und Co entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.12.2014 (19)
  6. Protect search -wie werde ich ihn los?
    Log-Analyse und Auswertung - 03.12.2014 (10)
  7. Search Protect mitinstalliert
    Plagegeister aller Art und deren Bekämpfung - 22.08.2014 (15)
  8. Search Protect (trovi.com, search.iminent.com), Fehler bei der Deinstallation.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2014 (17)
  9. Problem mit Search Protect
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (18)
  10. Search Protect Beseitigung
    Log-Analyse und Auswertung - 05.05.2014 (11)
  11. Search Protect / V-bates 2.0.0.438
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (11)
  12. Malware? regleaner pro und search protect
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (23)
  13. Search protect - conduit
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  14. search protect condoit
    Alles rund um Windows - 29.12.2013 (1)
  15. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  16. Search Protect by Conduit (u.a.?)
    Log-Analyse und Auswertung - 10.12.2013 (11)
  17. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (8)

Zum Thema Search Protect Problem - Ich habe das Problem das ich warum auch immer Search Protect auf meinem PC habe und es nicht komplett runter bekomme... Ich habe hier in einem ähnlichen Thread gelesen dass - Search Protect Problem...
Archiv
Du betrachtest: Search Protect Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.