Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ungültiges Bild, wieder einmal (https://www.trojaner-board.de/165786-ungueltiges-bild-einmal.html)

midimuc 04.04.2015 12:39
Ungültiges Bild, wieder einmal
 
Hallo schrauber,
ich melde mich jetzt von dem PC meiner Freundin, die wohl offenbar dasselbe Problem hat wie ich vor 2 Wochen.
Die logfiles poste ich hier.
Zusatzinfo:
Avira konnte ich nicht ausschalten, fehlen die Berechtigungen (obwohl ich als admin angemeldet war) und hat währende dem laufenlassen von G,er.exe folgende Fehlermeldung gegeben:
"Der Zugriff auf die Datei:
C:\Users\Karin\Downloads\Java.exe mit dem
Virus oder dem unerwünschten Pogramm
PUA\DomaIQ.Gen2 wurde blockiert"
Ich habe die Datei gelöscht.
Weitere Fehlermeldungen wurden beim anschließenden automatischen scan entdeckt, die ich ebenfalls lköschen ließ.
Danach bekam ich eine blackscreen beim aufruf von firefox.
Nach Neustart kein Internet-Zugriff im abgesicherten Modus möglich.
Jetzt habe ich wieder normal booten können, mit gefühlten 100 wegclicken der Windows-Fehlermeldung "...ungültiges Bild".
Schonmal herzlichen Dank für die Hilfe!
Michael

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:55 on 04/04/2015 (karin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by karin (administrator) on KITT on 04-04-2015 12:57:13
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin (Available profiles: UpdatusUser & karin & Sophia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [2610672 2011-04-06] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [256272 2015-02-19] ()
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [218384 2015-02-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53479;https=127.0.0.1:53479
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=hp&installDate=18/12/2013
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013
HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545875&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=55&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&SSPV=
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545875&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=58&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=58&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1420545875&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898

FireFox:
========
FF ProfilePath: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SearchEngineOrder.1:
FF SelectedSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\user.js [2015-03-16]
FF SearchPlugin: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\searchplugins\trovi-search.xml [2014-05-13]
FF SearchPlugin: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\searchplugins\webssearches.xml [2015-02-15]
FF Extension: Widget context - C:\Users\karin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2013-12-15]
FF Extension: LyricXeeker - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\Extensions\126 [2013-08-12]
FF Extension: Avira Browser Safety - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-26]
FF HKLM-x32\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Program Files (x86)\SparPilot\sparpilot_8.xpi
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Program Files (x86)\SparPilot\sparpilot_8.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (No Name) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-12-18]
CHR Extension: (Google Search) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (No Name) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-08-12]
CHR Extension: (Google Sheets) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (No Name) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn [2013-09-19]
CHR Extension: (Widget context) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2013-12-15]
CHR Extension: (Gmail) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mfkamignjaneflbgdjegpidckhjdiibj] - C:\Program Files (x86)\Storimbo\mfkamignjaneflbgdjegpidckhjdiibj.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2948880 2015-02-19] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 Origin Client Service; C:\Users\Sophia\Downloads\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-15] (Avira Operations GmbH & Co. KG)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                          )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [191984 2011-04-06] (SpyShelter) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 12:57 - 2015-04-04 12:57 - 00025767 _____ () C:\Users\karin\Desktop\FRST.txt
2015-04-04 12:56 - 2015-04-04 12:57 - 00000000 ____D () C:\FRST
2015-04-04 12:55 - 2015-04-04 12:55 - 00000472 _____ () C:\Users\karin\Desktop\defogger_disable.log
2015-04-04 12:55 - 2015-04-04 12:55 - 00000000 _____ () C:\Users\karin\defogger_reenable
2015-04-04 12:52 - 2015-04-04 12:52 - 02095616 _____ (Farbar) C:\Users\karin\Desktop\FRST64.exe
2015-04-04 12:52 - 2015-04-04 12:52 - 00380416 _____ () C:\Users\karin\Desktop\Gmer-19357.exe
2015-04-04 12:51 - 2015-04-04 12:51 - 00050477 _____ () C:\Users\karin\Desktop\Defogger.exe
2015-03-23 22:43 - 2015-03-23 22:43 - 00001474 _____ () C:\Users\karin\Downloads\URLLink(35).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001484 _____ () C:\Users\karin\Downloads\URLLink(31).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001467 _____ () C:\Users\karin\Downloads\URLLink(33).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001465 _____ () C:\Users\karin\Downloads\URLLink(32).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001455 _____ () C:\Users\karin\Downloads\URLLink(34).acsm
2015-03-22 04:09 - 2015-03-22 04:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 22:57 - 2015-03-20 22:57 - 00002184 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-03-20 22:27 - 2015-03-20 22:27 - 08132576 _____ (Adobe Systems Incorporated) C:\Users\karin\Downloads\ADE_4.0_Installer(1).exe
2015-03-17 22:25 - 2015-03-17 22:25 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-03-15 11:54 - 2015-03-15 11:54 - 00000000 ____D () C:\Users\Sophia\Downloads\female dress
2015-03-15 11:50 - 2015-03-15 11:56 - 00000000 ____D () C:\Users\Sophia\Downloads\romantic hair
2015-03-15 11:49 - 2015-03-15 11:49 - 00000000 ____D () C:\Users\Sophia\Downloads\käppi
2015-03-15 11:41 - 2015-03-15 11:41 - 00000000 ____D () C:\Users\Sophia\Downloads\woodpanels
2015-03-15 11:40 - 2015-03-15 11:40 - 00000000 ____D () C:\Users\Sophia\Downloads\Lidschatten
2015-03-15 11:39 - 2015-03-15 11:39 - 00000000 ____D () C:\Users\Sophia\Downloads\hochzeitskleid
2015-03-15 11:35 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\Weißes Kleid lang
2015-03-15 11:34 - 2015-03-15 11:34 - 00000000 ____D () C:\Users\Sophia\Downloads\Rokkoko
2015-03-15 11:31 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\victoria secret
2015-03-14 19:47 - 2015-03-14 19:47 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Need for Speed World
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\Users\karin\AppData\Local\Electronic_Arts_Inc
2015-03-10 21:59 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:59 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:59 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:59 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 21:59 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:59 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:59 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:59 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:59 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:59 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:59 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 21:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:59 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:59 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:59 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:59 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:59 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:59 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:59 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:59 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:59 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:59 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:59 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:59 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:59 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:59 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:59 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:59 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:59 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:59 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 21:59 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:59 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 21:59 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:59 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 21:59 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:59 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 21:59 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:59 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 21:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:54 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:54 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:06 - 2015-03-10 17:06 - 00000000 ____D () C:\Windows\SysWOW64\㐶

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 12:55 - 2011-12-26 18:01 - 00000000 ____D () C:\Users\karin
2015-04-04 12:55 - 2011-05-07 01:46 - 01946798 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 12:54 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 12:54 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 12:51 - 2010-11-21 08:50 - 00696848 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 12:51 - 2010-11-21 08:50 - 00148144 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 12:51 - 2009-07-14 07:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 12:50 - 2013-02-02 00:11 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C603C78-CC00-42DC-A30C-85E5A1B6871D}
2015-04-04 12:47 - 2013-12-18 20:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-04 12:46 - 2012-01-16 20:49 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-04-04 12:46 - 2011-06-25 22:53 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-04 12:45 - 2012-10-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 12:45 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-04 12:45 - 2010-11-21 05:47 - 00182136 _____ () C:\Windows\PFRO.log
2015-04-04 12:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 12:45 - 2009-07-14 06:51 - 00201968 _____ () C:\Windows\setupact.log
2015-04-02 23:05 - 2015-02-25 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-19 21:47 - 2012-03-31 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 01:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 00:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 00:17 - 2014-05-18 14:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 23:32 - 2011-12-26 19:08 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-18 23:30 - 2011-12-28 15:40 - 00000000 ____D () C:\Users\Sophia
2015-03-17 22:27 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 22:26 - 2012-03-31 13:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-17 22:25 - 2014-04-23 12:59 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-03-15 12:05 - 2012-12-25 20:48 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 18:32 - 2012-08-06 16:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-14 12:07 - 2012-12-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-14 12:01 - 2012-05-07 09:07 - 00320620 _____ () C:\Windows\DirectX.log
2015-03-11 17:03 - 2012-10-16 16:13 - 00000000 ____D () C:\Users\Sophia\Documents\Sonstiges
2015-03-11 16:53 - 2009-07-14 06:45 - 00344024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:57 - 2013-04-30 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:52 - 2013-07-16 12:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:46 - 2011-12-31 16:55 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 00:45 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini
2015-03-10 17:06 - 2013-05-17 12:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-02-11 09:35 - 2015-02-11 09:35 - 0184242 _____ () C:\Program Files (x86)\lizenzvertrag.pdf
2011-12-26 21:50 - 2011-12-26 22:46 - 0001749 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\karin\AppData\Local\Temp\228412-672209-minecraft.exe
C:\Users\karin\AppData\Local\Temp\60312uninstall.exe
C:\Users\karin\AppData\Local\Temp\7z920.exe
C:\Users\karin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\karin\AppData\Local\Temp\AutoRun.exe
C:\Users\karin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\karin\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\BackupSetup.exe
C:\Users\karin\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\karin\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\karin\AppData\Local\Temp\checkdb.exe
C:\Users\karin\AppData\Local\Temp\chromesetup.exe
C:\Users\karin\AppData\Local\Temp\contentDATs.exe
C:\Users\karin\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\karin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\karin\AppData\Local\Temp\EAInstall.dll
C:\Users\karin\AppData\Local\Temp\eauninstall.exe
C:\Users\karin\AppData\Local\Temp\First15.exe
C:\Users\karin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\karin\AppData\Local\Temp\hcwclear.exe
C:\Users\karin\AppData\Local\Temp\instloffer.exe
C:\Users\karin\AppData\Local\Temp\IR32.exe
C:\Users\karin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\nse66BC.exe
C:\Users\karin\AppData\Local\Temp\nse6A17.exe
C:\Users\karin\AppData\Local\Temp\nsj999A.exe
C:\Users\karin\AppData\Local\Temp\nsk713B.exe
C:\Users\karin\AppData\Local\Temp\nsp6DB1.exe
C:\Users\karin\AppData\Local\Temp\nspEA56.exe
C:\Users\karin\AppData\Local\Temp\nss2DB7.exe
C:\Users\karin\AppData\Local\Temp\nst8F28.exe
C:\Users\karin\AppData\Local\Temp\nsx3056.exe
C:\Users\karin\AppData\Local\Temp\nsx9E0C.exe
C:\Users\karin\AppData\Local\Temp\nsy3923.exe
C:\Users\karin\AppData\Local\Temp\nszE342.exe
C:\Users\karin\AppData\Local\Temp\nszE6EB.exe
C:\Users\karin\AppData\Local\Temp\optprosetup.exe
C:\Users\karin\AppData\Local\Temp\Quarantine.exe
C:\Users\karin\AppData\Local\Temp\sdanircmdc.exe
C:\Users\karin\AppData\Local\Temp\sdapskill.exe
C:\Users\karin\AppData\Local\Temp\sdaspwn.exe
C:\Users\karin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\karin\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\karin\AppData\Local\Temp\SearchHelper.exe
C:\Users\karin\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\karin\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\karin\AppData\Local\Temp\SPSetup.exe
C:\Users\karin\AppData\Local\Temp\SPStub.exe
C:\Users\karin\AppData\Local\Temp\Sqlite3.dll
C:\Users\karin\AppData\Local\Temp\StripExtra.exe
C:\Users\karin\AppData\Local\Temp\tbVgra.dll
C:\Users\karin\AppData\Local\Temp\The Sims 2 Celebration Stuff_uninst.exe
C:\Users\karin\AppData\Local\Temp\uninst1.exe
C:\Users\karin\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\karin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\karin\AppData\Local\Temp\vcredist_x86.exe
C:\Users\karin\AppData\Local\Temp\VP6Install.exe
C:\Users\karin\AppData\Local\Temp\VP6VFW.dll
C:\Users\karin\AppData\Local\Temp\wintv7_cd_3.3.exe
C:\Users\Sophia\AppData\Local\Temp\AskSLib.dll
C:\Users\Sophia\AppData\Local\Temp\avgnt.exe
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7320013.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7330016.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Sophia\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih.exe
C:\Users\Sophia\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih[1].exe
C:\Users\Sophia\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Sophia\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Sophia\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 01:06

==================== End Of Log ============================
--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by karin at 2015-04-04 13:00:56
Running from C:\Users\karin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.)
Die Sims™ Inselgeschichten (HKLM-x32\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Die Sims™ Lebensgeschichten (HKLM-x32\...\{DA932D71-E52A-43D5-009E-395A1AEC1474}) (Version:  - )
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Gold Rush - Treasure Hunt Deluxe (HKLM-x32\...\a43b5713e1c9daf9a348736c21961ee3) (Version:  - Zylom)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.32035 (CD 3.3) - Hauppauge Computer Works)
Hercules Link (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 4.0.2.1 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
LG USB Modem Drivers (HKLM-x32\...\{3E8DE1A6-B365-4FF6-B917-2892A34990E8}) (Version: 4.9.7 - LG Electronics)
Lollipop (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\lollipop_12240918) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
M&Ms - Die Geheimformeln (HKLM-x32\...\M&Ms The Lost Formulas) (Version:  - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein eigenes Tierheim SE (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Mein eigenes Tierheim SE) (Version: V1.000000 - )
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.10 - Symantec Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{ebf0bc89-b0e6-426a-b248-e886b1894999}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpyShelter Premium 5.14 (HKLM\...\SpyShelter_is1) (Version: 5.14 - )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TouchCopy 12 (HKLM-x32\...\{22E2998A-081D-4FAA-9DFA-D5CA52F5C4EB}) (Version: 12.40 - Wide Angle Software)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Wajam (HKLM-x32\...\WaInterEnhance) (Version: 2.21.2.32 (i2.6) - WaInterEnhance) <==== ATTENTION
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Wendy (HKLM-x32\...\{202BACA0-AA91-11D4-A5EE-004095501894}) (Version:  - )
Wendy 2 (HKLM-x32\...\{DFFCBCCE-3A43-11D5-AF42-000102B4CD2E}) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 12:56:03 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01118DC3-E7EE-4707-A0F3-83EAFC8122DF} - \Funmoods No Task File <==== ATTENTION
Task: {25CC741E-CE7A-4708-BEF3-34044EFD86B4} - System32\Tasks\Norton Security Scan for karin => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation)
Task: {81FAF565-8359-4678-9E7A-638E7DE2CEC6} - System32\Tasks\{30B32277-D4CB-4E4A-B780-13BEAF0062E7} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {9AB8391C-A843-40ED-A035-3326823BF5DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {ADEFEC53-F56C-423F-A676-8468803BDC0A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004
Task: {BF619E14-AABE-47A2-93EF-2194D526FC7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC7194DB-AF6A-47B8-94BC-2946B38E25FC} - System32\Tasks\{E2F2D9B5-29D4-42DC-A408-DAFF68786AAF} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {F1662AEE-2FB8-466E-8970-DBBB0CF9C57C} - System32\Tasks\{EA3CD6AA-5512-4118-AF25-B39F3FD495FE} => pcalua.exe -a D:\MANUAL\WinTV6Man_deu.EXE -d D:\MANUAL
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avayvaxvaa.job => C:\Users\Sophia\AppData\Local\avayvaxvaa\avayvaxvaa.exe
Task: C:\Windows\Tasks\Norton Security Scan for karin.job => C:\PROGRA~2\NORTON~2\Engine\372~1.10\Nss.exe
Task: C:\Windows\Tasks\Run_Bobby_Browser.job => C:\Users\karin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0B7D62C0-4D4C-47C6-8340-49CCD4930FA6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-07 02:07 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 02:07 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-05-07 02:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00076192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00383904 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00103328 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 64641440 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-26 18:15 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
karin (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\karin
Sophia (S-1-5-21-2260964575-2753946872-1401531445-1004 - Limited - Enabled) => C:\Users\Sophia
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2015 11:54:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (03/19/2015 11:50:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (03/19/2015 11:50:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (03/18/2015 11:33:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 11:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 11:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 11:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 10:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 09:29:12 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (03/17/2015 09:29:12 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{b3a072e4-783a-11e0-a08d-806e6f6e6963} - 0000000000000068,0x0053c010,00000000003A1F30,0,00000000003A2F40,4096,[0]).


Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider


System errors:
=============
Error: (04/04/2015 00:48:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%216

Error: (04/04/2015 00:45:24 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (04/04/2015 00:39:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:39:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:39:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:37:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:37:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:37:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:32:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/04/2015 00:32:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/19/2015 11:54:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (03/19/2015 11:50:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (03/19/2015 11:50:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (03/18/2015 11:33:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 11:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 11:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 11:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 10:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 09:29:12 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (03/17/2015 09:29:12 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{b3a072e4-783a-11e0-a08d-806e6f6e6963} - 0000000000000068,0x0053c010,00000000003A1F30,0,00000000003A2F40,4096,[0])

Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider


CodeIntegrity Errors:
===================================
  Date: 2014-05-18 13:55:21.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:55:20.954
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:53:17.477
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:53:17.399
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:50:13.914
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:50:13.821
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:47:08.874
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:47:08.780
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:45:21.044
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-18 13:45:20.966
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume6\Windows\System32\drivers\emOEM64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 7918.12 MB
Available physical RAM: 5629.75 MB
Total Pagefile: 15834.42 MB
Available Pagefile: 13410.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:704.92 GB) NTFS
Drive d: () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive e: () (Fixed) (Total:64 GB) (Free:3.08 GB) NTFS
Drive f: (PROGRAMME) (Fixed) (Total:59.54 GB) (Free:23.41 GB) FAT32
Drive g: () (Fixed) (Total:25.47 GB) (Free:25.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11BB29FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1E0A1E09)
Partition 1: (Active) - (Size=8 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-04 13:15:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-4 WDC_WD1002FAEX-00Z3A0 rev.05.01D05 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\karin\AppData\Local\Temp\pgldqpoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            00000000755b1401 2 bytes JMP 763db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              00000000755b1419 2 bytes JMP 763db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            00000000755b1431 2 bytes JMP 76458ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            00000000755b144a 2 bytes CALL 763b48ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                    * 9
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              00000000755b14dd 2 bytes JMP 764587a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        00000000755b14f5 2 bytes JMP 76458978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              00000000755b150d 2 bytes JMP 76458698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        00000000755b1525 2 bytes JMP 76458a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              00000000755b153d 2 bytes JMP 763cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  00000000755b1555 2 bytes JMP 763d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            00000000755b156d 2 bytes JMP 76458f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              00000000755b1585 2 bytes JMP 76458ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                00000000755b159d 2 bytes JMP 7645865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              00000000755b15b5 2 bytes JMP 763cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            00000000755b15cd 2 bytes JMP 763db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        00000000755b16b2 2 bytes JMP 76458e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        00000000755b16bd 2 bytes JMP 764585f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      00000000755b1401 2 bytes JMP 763db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        00000000755b1419 2 bytes JMP 763db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      00000000755b1431 2 bytes JMP 76458ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      00000000755b144a 2 bytes CALL 763b48ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                    * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        00000000755b14dd 2 bytes JMP 764587a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000755b14f5 2 bytes JMP 76458978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        00000000755b150d 2 bytes JMP 76458698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  00000000755b1525 2 bytes JMP 76458a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        00000000755b153d 2 bytes JMP 763cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            00000000755b1555 2 bytes JMP 763d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      00000000755b156d 2 bytes JMP 76458f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        00000000755b1585 2 bytes JMP 76458ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          00000000755b159d 2 bytes JMP 7645865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000755b15b5 2 bytes JMP 763cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000755b15cd 2 bytes JMP 763db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000755b16b2 2 bytes JMP 76458e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000755b16bd 2 bytes JMP 764585f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [5556:2164]                                                                                            000007fefa8ae8c4

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832c1d2e                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832c1d2e (not active ControlSet)                                       

---- EOF - GMER 2.1 ----

M-K-D-B 04.04.2015 13:45
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!







Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

midimuc 04.04.2015 23:54
Code:
# AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 17:59:56
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : karin - KITT
# Gestarted von : C:\Users\karin\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\VideoConverter
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\WaInterEnhance
Ordner Gelöscht : C:\Users\karin\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Users\karin\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\karin\AppData\Local\Video Converter
Ordner Gelöscht : C:\Users\karin\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\karin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\karin\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\karin\Documents\Video Converter
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\avayvaxvaa
Ordner Gelöscht : C:\Users\Sophia\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp
Datei Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfkamignjaneflbgdjegpidckhjdiibj_0.localstorage
Datei Gelöscht : C:\Users\karin\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\karin\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Windows\apppatch\apppatch64\vcldr64.dll
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
Datei Gelöscht : C:\Windows\AppPatch\nbin\VC32Loader.dll
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : avayvaxvaa
Task Gelöscht : Funmoods
Task Gelöscht : Run_Bobby_Browser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mfkamignjaneflbgdjegpidckhjdiibj
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\32ed0c07-a30c-b8e1-55c6-be27f7ea5c6e
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\WajIEnhance
Schlüssel Gelöscht : HKCU\Software\WaInterEnhance
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\WaInterEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaInterEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader_is1
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nationzoom.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0.4 (x86 de)

[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}");
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[tom1khdk.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPBDFE5A7E-927[...]
[tom1khdk.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [52979 Bytes] - [25/12/2013 14:05:22]
AdwCleaner[R1].txt - [13524 Bytes] - [04/04/2015 17:58:18]
AdwCleaner[S0].txt - [47107 Bytes] - [25/12/2013 14:07:33]
AdwCleaner[S1].txt - [11095 Bytes] - [04/04/2015 17:59:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11155  Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.04.2015
Suchlauf-Zeit: 18:05:43
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.04.04
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: karin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 473416
Verstrichene Zeit: 22 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 6
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [6e26c3a54a40c96df940d898dd26ae52],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [6e26c3a54a40c96df940d898dd26ae52],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ff95ec7c3a50e65026ca2c048283a957],
PUP.Optional.Feven.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [3460363297f375c1c1c3c93931d3df21],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.7, In Quarantäne, [652f244492f8c96d885b1ae0c93ac739],
PUP.Optional.Lyrics.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Lyrics, In Quarantäne, [bfd551170d7d5fd7279017f247bda858],

Registrierungswerte: 1
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [a2f20f597614aa8c3136a042f90a946c]

Registrierungsdaten: 8
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=hp&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=hp&installDate=18/12/2013),Ersetzt,[82127deb96f40e286df449a3679e3bc5]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[058f9bcd6c1ed561263b7c701beab14f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[d0c478f07218bb7bfe638c60cd388a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[296b82e6cebc1323fc64edff44c18977]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[296bb3b57713d660bca536b69570837d]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=55&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=55&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&SSPV=),Ersetzt,[83113038c9c181b5e2357f6f9a6b0af6]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[583cb8b099f1df574a1716d63ec79d63]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[cdc703658109a59107591dcfa65ffe02]

Ordner: 4
Rogue.Multiple, C:\ProgramData\1887373585, In Quarantäne, [c9cb4b1d5634290df082c7aa09fa629e],
PUP.Optional.CrossRider.A, C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn, In Quarantäne, [880c8edabfcb43f309c29bf8000310f0],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Managera.A, C:\Users\karin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [603492d6fa90f046423b9500c43f60a0],

Dateien: 117
Adware.DomaIQ, C:\$Recycle.Bin\S-1-5-21-2260964575-2753946872-1401531445-1004\$RFD9EEZ.exe, In Quarantäne, [a2f21c4cacde66d0991a7b9fba4cf50b],
PUP.Optional.Conduit, C:\Users\karin\AppData\Local\Temp\che8D8F.tmp, In Quarantäne, [296b3533b2d85ed81f8d33a9e52049b7],
Trojan.RotBrow.A, C:\Users\karin\AppData\Local\Temp\che9263.tmp, In Quarantäne, [791b293fccbee254a99f9515837e768a],
PUP.Optional.SweetIM, C:\Users\karin\AppData\Local\Temp\jBpUgXOJ.exe.part, In Quarantäne, [0193ec7c08829e98e993bf5e5aac38c8],
PUP.Optional.Somoto.A, C:\Users\karin\AppData\Local\Temp\BI_RunOnce.exe, In Quarantäne, [7d17d5934c3e4beb6392b98d818034cc],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nss2DB7.exe, In Quarantäne, [ade7e2862466989e4e2279d4728f1ce4],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsy3923.exe, In Quarantäne, [caca333506841026bdb3d677b05150b0],
PUP.Optional.DomalQ, C:\Users\karin\AppData\Local\Temp\I2T_lpcX.exe.part, In Quarantäne, [e9abce9af09aca6c748472212adb3bc5],
PUP.Optional.FilesFrog.A, C:\Users\karin\AppData\Local\Temp\UpdateCheckerSetup.exe, In Quarantäne, [fb9946225f2b6dc9f30c52d27f81b64a],
PUP.Optional.VIT.A, C:\Users\karin\AppData\Local\Temp\instloffer.exe, In Quarantäne, [2a6adc8c5d2d5adcb1a959e0b64b59a7],
PUP.Optional.MyPCBackup.A, C:\Users\karin\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [2c68de8a19711b1b90dbc034788952ae],
PUP.Optional.SweetIM, C:\Users\karin\AppData\Local\Temp\bundlesweetimsetup.exe, In Quarantäne, [bbd95e0aaedcc076681448d546c0ce32],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [3460d197404acf67dd21ffbc21e08878],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\SPStub.exe, In Quarantäne, [8f051d4b177346f0e3c9dd6e4bb6a65a],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsj999A.exe, In Quarantäne, [04905315d0ba1b1bc7a9222b1ce5df21],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nsk713B.exe, In Quarantäne, [5440ed7b19712d090f6dc6924eb3bb45],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nst8F28.exe, In Quarantäne, [167ebcac098147ef6d0315382fd226da],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsx3056.exe, In Quarantäne, [3460baae2f5b8fa7fe72ed607f820000],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsx9E0C.exe, In Quarantäne, [fc98ea7e31598aac93dd6edf8081718f],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nsp6DB1.exe, In Quarantäne, [375d1a4e9af08da97c006fe9649d20e0],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nspEA56.exe, In Quarantäne, [5143bfa902886ec8017ba5b3956c7b85],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\645E.tmp, In Quarantäne, [771d1d4b612972c4a26cb29eda27b749],
PUP.Optional.PerformerSoft.A, C:\Users\karin\AppData\Local\Temp\76A6.tmp, In Quarantäne, [20742543216921158046e95c758c6f91],
PUP.Optional.MediaTech.A, C:\Users\karin\AppData\Local\Temp\93B7.tmp, In Quarantäne, [ade7f8704b3f24123ca95763ba4bf30d],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nszE342.exe, In Quarantäne, [3064a3c552388aac5d1fc39511f0847c],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nszE6EB.exe, In Quarantäne, [8410baaee6a4a294007c7ade42bf768a],
Trojan.RotBrowse, C:\Users\karin\AppData\Local\Temp\473.tmp, In Quarantäne, [2074313755355fd775a29724986db54b],
Trojan.RotBrowse, C:\Users\karin\AppData\Local\Temp\288B.tmp, In Quarantäne, [31636efa2b5f1c1a9283a813d13404fc],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nse66BC.exe, In Quarantäne, [a9eb5414711916203448a9af08f940c0],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nse6A17.exe, In Quarantäne, [771d0266becc8fa7f18b0f4932cf1be5],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\SecondStepInstaller.exe, In Quarantäne, [7d175c0c028854e2521eee5f29d8cb35],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\E1E6.tmp, In Quarantäne, [e1b397d13d4d5fd7d5393020a061c33d],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\BExternal.dll, In Quarantäne, [504450187f0bd85ebf1535ef50b0d22e],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\ccp.exe, In Quarantäne, [910328403258c27465a95ef2eb165ea2],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\CrxInstaller.dll, In Quarantäne, [4e46e682464476c095a281c7ac55ed13],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\DSearchLink.exe, In Quarantäne, [8a0a8cdcabdf0531d891eda792731ee2],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\MntrDLLInstall.dll, In Quarantäne, [8c08b6b28a0085b13bfd2a1e17eaa55b],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\MyDeltaTB.exe, In Quarantäne, [bbd992d692f87fb75341633c8d748d73],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\Setup.exe, In Quarantäne, [f2a27cec2862e45203773de6f40c6898],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\89664E74-BAB0-7891-9ED1-A4FAD134D932\Latest\MyBabylonTB.exe, In Quarantäne, [40546503b7d30432dbb97728b74a7789],
Adware.DomaIQ, C:\Users\karin\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ.exe, In Quarantäne, [e5af2a3e6c1e3105862d65b5d82e53ad],
Adware.DomaIQ, C:\Users\karin\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ10.exe, In Quarantäne, [33616107246693a3595a9f7bf70f9f61],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlC128\~dljyb\tmp\STab_Down.exe, In Quarantäne, [eaaaa0c84743df578f651254e21e19e7],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlC128\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [801496d23357de5890f8359c8b76ac54],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlD084\~dljyb\tmp\STab_Down.exe, In Quarantäne, [a2f2de8a57334cea49abfd698d735aa6],
PUP.Optional.ELEX, C:\Users\karin\AppData\Local\Temp\~dlD084\~dljyb\tmp\STab_v4.0.exe, In Quarantäne, [8e0680e8513966d0ef80f83b818133cd],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlD084\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [484cce9a395106309eea1bb6c0411de3],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlDBD9\~dljyb\tmp\STab_Down.exe, In Quarantäne, [74206bfdfe8c0a2c6094e185f30de11f],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlDBD9\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [355f91d72c5e181e7216ad2408f9936d],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlEE7F\~dljyb\tmp\STab_Down.exe, In Quarantäne, [494bfa6e6b1f03334ea6174f718f629e],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlEE7F\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [8a0a34341476ab8bd2b6a32e3fc233cd],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsj21FE\SpSetup.exe, In Quarantäne, [563e4820840639fdd69a1439f70a40c0],
PUP.Optional.NationZoom.A, C:\Users\karin\AppData\Local\Temp\fullpackage_temp1387392401\Baofeng.exe, In Quarantäne, [8d075b0d92f8ac8ad28655da5ea223dd],
PUP.Optional.SkyTech.A, C:\Users\karin\AppData\Local\Temp\fullpackage_temp1387392401\UpDate.dll, In Quarantäne, [95ff4622a4e6c86ee3e9f50f689a1ae6],
PUP.Optional.WpManager, C:\Users\karin\AppData\Local\Temp\fullpackage_temp1387392401\tmp\NewGdp.exe, In Quarantäne, [0c888bdd1b6feb4b8f831b75d62b827e],
PUP.Optional.BundleInstaller.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\parent.txt, In Quarantäne, [03914b1d69213303be3ba9ca8180e020],
PUP.Optional.ScramblePacker.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\feven-1-5.exe, In Quarantäne, [6b29a7c18505cc6ab7f1bcefd03146ba],
PUP.Optional.Linkury.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\Installer.exe, In Quarantäne, [80146cfcd8b2cf671c176436669f17e9],
PUP.Optional.Storimbo.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\StorimboSetup.exe, In Quarantäne, [544098d0a3e78fa7173ebb99b74eea16],
PUP.Optional.SkyTech.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\tugs_nationzoom.exe, In Quarantäne, [d5bf05637c0e54e27ac03e47ff02ec14],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\chLogic.exe, In Quarantäne, [bfd567014e3c37ff713bc48711f0d828],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\ffLogic.exe, In Quarantäne, [97fd90d84941b383dad2ec5f06fb37c9],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\ieLogic.exe, In Quarantäne, [3361e6827812fe38f0bce16a12ef1be5],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\spch.exe, In Quarantäne, [a1f36008b5d5de583b713a11a45da858],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\spff.exe, In Quarantäne, [0c88cc9cf991a1955a52ee5d0ff2da26],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\statisticsStub.exe, In Quarantäne, [6034fc6c593195a156df8fa78f7245bb],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\BExternal.dll, In Quarantäne, [157f33351377b0865d779a8a58a8e917],
Trojan.RotBrowse, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\ccp.exe, In Quarantäne, [deb63b2d781243f3f71ef0cb24e11fe1],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\CrxInstaller.dll, In Quarantäne, [eda748200b7fd5614bec8fb9d130ec14],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\MntrDLLInstall.dll, In Quarantäne, [e4b08fd9f99147ef54e478d022df946c],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\MyDeltaTB.exe, In Quarantäne, [a3f11b4d8efcc175ddb75748ac5560a0],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\Setup.exe, In Quarantäne, [b8dc3b2dc8c266d0f927928ee7196898],
PUP.Optional.CrossRider.A, C:\Users\karin\AppData\Local\Temp\DwlTempFolder\temp.exe, In Quarantäne, [7c18c8a0aae0bb7bd403846b26dbc13f],
PUP.Optional.SearchProtect.A, C:\Users\Sophia\AppData\Local\Temp\2DB4.tmp, In Quarantäne, [9afae6828ffb4beb15e9caf12ed3f60a],
PUP.Optional.Vid, C:\Users\Sophia\AppData\Local\Temp\x6cvO45F.exe.part, In Quarantäne, [b1e33335c8c260d6973b50e7ea1736ca],
PUP.Optional.Conduit.A, C:\Users\Sophia\AppData\Local\Temp\SecondStepInstaller.exe, In Quarantäne, [f4a08ade16742a0cf37d59f461a0d32d],
PUP.Optional.SearchProtect.A, C:\Users\Sophia\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [7e16d296d3b73402c5399e1de51cbc44],
PUP.Optional.Delimax, C:\Users\Sophia\AppData\Local\Temp\n5814\s5814.exe, In Quarantäne, [cdc7a7c1afdbcc6a4d5b73e68481eb15],
PUP.Optional.Vittalia, C:\Windows\Temp\update.zip, In Quarantäne, [f2a22b3dfe8c1c1acc5ad61112ef748c],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsiF635.exe, In Quarantäne, [d5bf5c0cacde93a310d23a778b76b14f],
PUP.Optional.Conduit.A, C:\Windows\Temp\nssCA92.exe, In Quarantäne, [ff9502661d6dc37305dde8c97d840ff1],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsbB297.exe, In Quarantäne, [7024cf99fc8e1620db07139e3bc6c63a],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsd4A2E.exe, In Quarantäne, [652f9bcdcac06bcb29b94d64e819b050],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsd9DBA.exe, In Quarantäne, [4351d89099f140f6855d51609b66aa56],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsdB7A0.exe, In Quarantäne, [f2a25018dfab181e8062f4bdc33ee21e],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsi9F10.exe, In Quarantäne, [662ecc9c1377ec4aac363c750100b947],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsiE218.exe, In Quarantäne, [caca5b0da3e783b3f9e9179a55acd030],
PUP.Optional.Conduit.A, C:\Windows\Temp\nssEF22.exe, In Quarantäne, [8d076bfd7713ed49eef40da4a9586b95],
PUP.Optional.Conduit.A, C:\Windows\Temp\nst2C61.exe, In Quarantäne, [a7ed47213f4baf8705ddcae78e739967],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsvC1B4.exe, In Quarantäne, [6331194f4f3b092d954d1b96d928bc44],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx95FB.exe, In Quarantäne, [fb991c4ce0aa8ea822c0bef342bf39c7],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsy2447.exe, In Quarantäne, [6c2838306723c3735c868b2613ee25db],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsy929.exe, In Quarantäne, [3b597bed325878be99499a1748b915eb],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsyF386.exe, In Quarantäne, [7e162246e5a589ad2eb4822f649d5aa6],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsn1DA2.exe, In Quarantäne, [395b9fc917736cca964c5d54926f30d0],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsnB1C6.exe, In Quarantäne, [fd9784e4d9b137ff7d656d4447ba49b7],
PUP.Optional.Conduit.A, C:\Windows\Temp\nss714C.exe, In Quarantäne, [f89cf870296101359949c8e936cb6e92],
PUP.Optional.Conduit.A, C:\Windows\Temp\nss73BC.exe, In Quarantäne, [5143baae0585cd69578bdcd535cca55b],
PUP.Optional.Conduit.A, C:\Windows\Temp\nss8BCF.exe, In Quarantäne, [8b094e1a0c7ec175edf57e3351b0c33d],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\AppsUpdater (2).exe, In Quarantäne, [95ff3137cac00d29e390e7e49968d828],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\AppsUpdater.exe, In Quarantäne, [8e061355b8d2a591a1d2ab206f929070],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\KeyGen (2).dll, In Quarantäne, [177d27417c0e290dc95df6f13ec3d030],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\KeyGen.dll, In Quarantäne, [583ca2c699f1e74f43e3499e6b9644bc],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\UpdaterService (2).exe, In Quarantäne, [72222444fb8f93a376fc25a68f7202fe],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\UpdaterService.exe, In Quarantäne, [2b69cc9c6624a88ea2d0e5e645bcae52],
PUP.Optional.Softonic.A, C:\Users\karin\Downloads\SoftonicDownloader_fuer_format-factory.exe, In Quarantäne, [c0d499cf3951a09683afcf8037ca24dc],
PUP.Optional.OpenCandy, C:\Users\karin\Downloads\Zylom-Installer_BigKahunaReef2_DE.exe, In Quarantäne, [b5dfb7b14f3bc274d41779a42bdb04fc],
PUP.Optional.Bandoo, C:\Users\Sophia\Downloads\iLividSetup.exe, In Quarantäne, [51431f49800a73c39a3ec96fbf421ee2],
PUP.Optional.VIT, C:\Users\Sophia\Downloads\installer_minecraft_Deutsch.exe, In Quarantäne, [7c188cdc7d0dca6ca932df64a8599769],
PUP.Optional.Conduit.A, C:\Users\Sophia\Downloads\WiseConvert_1.3.exe, In Quarantäne, [f1a330381a704de988f65920b24f718f],
PUP.Optional.SnapDo.A, C:\Windows\Installer\1fb563.msi, In Quarantäne, [eba9c0a8b3d7eb4bf656e7cc41c040c0],
PUP.Optional.WidgetContext.A, C:\Users\karin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi, In Quarantäne, [445073f5c6c4e353d879fcc927dca35d],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Managera.A, C:\Users\karin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [603492d6fa90f046423b9500c43f60a0],
PUP.Optional.Managera.A, C:\Users\karin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [603492d6fa90f046423b9500c43f60a0],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by karin on 04.04.2015 at 18:35:40,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update storimbo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util storimbo



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\karin\music\qtrax media library"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\karin\AppData\Roaming\mozilla\firefox\profiles\f2rvw7w9.default\extensions\126
Successfully deleted the following from C:\Users\karin\AppData\Roaming\mozilla\firefox\profiles\f2rvw7w9.default\prefs.js

user_pref("browser.search.searchengine.alias", "webssearches");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.name", "webssearches");
user_pref("browser.search.searchengine.ptid", "cvs");
user_pref("browser.search.searchengine.uid", "WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898");
user_pref("browser.search.selectedEngine", "webssearches");
Emptied folder: C:\Users\karin\AppData\Roaming\mozilla\firefox\profiles\f2rvw7w9.default\minidumps [3479 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2015 at 18:39:45,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by karin (administrator) on KITT on 05-04-2015 00:51:39
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin &  (Available profiles: UpdatusUser & karin & Sophia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [2610672 2011-04-06] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-23] (Spotify Ltd)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [EADM] => C:\Users\Sophia\Downloads\Origin\Origin.exe [3631448 2015-02-27] (Electronic Arts)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {927b128c-268e-11e1-932b-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b3ef9deb-4436-11e2-8e42-5404a612598d} - I:\LGAutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53479;https=127.0.0.1:53479
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default
FF SearchEngineOrder.1:
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sophia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-07] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-26]
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR Profile: C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 Origin Client Service; C:\Users\Sophia\Downloads\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-15] (Avira Operations GmbH & Co. KG)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                          )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [191984 2011-04-06] (SpyShelter) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 18:39 - 2015-04-04 18:39 - 00001764 _____ () C:\Users\karin\Desktop\JRT.txt
2015-04-04 18:35 - 2015-04-04 18:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KITT-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 18:35 - 2015-04-04 18:35 - 00000000 ____D () C:\RegBackup
2015-04-04 18:34 - 2015-04-04 18:34 - 00022838 _____ () C:\Users\karin\Desktop\MBAM.txt
2015-04-04 18:33 - 2015-04-04 18:33 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 ____D () C:\Users\TEMP
2015-04-04 18:33 - 2015-01-18 23:27 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2015-04-04 18:33 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-04 18:33 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-04 18:05 - 2015-04-04 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 18:04 - 2015-04-04 18:04 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 17:59 - 2015-04-04 18:00 - 00011272 _____ () C:\Users\karin\Desktop\AdwCleaner[S1].txt
2015-04-04 17:55 - 2015-04-04 17:55 - 02690981 _____ (Thisisu) C:\Users\karin\Desktop\JRT.exe
2015-04-04 17:54 - 2015-04-04 17:55 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-04 17:53 - 2015-04-04 17:53 - 02208768 _____ () C:\Users\karin\Desktop\AdwCleaner_4.200.exe
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 13:15 - 2015-04-04 13:15 - 00008531 _____ () C:\Users\karin\Desktop\Gmer.txt
2015-04-04 13:00 - 2015-04-04 13:01 - 00037945 _____ () C:\Users\karin\Desktop\Addition.txt
2015-04-04 12:57 - 2015-04-05 00:52 - 00021349 _____ () C:\Users\karin\Desktop\FRST.txt
2015-04-04 12:56 - 2015-04-05 00:51 - 00000000 ____D () C:\FRST
2015-04-04 12:55 - 2015-04-04 12:55 - 00000472 _____ () C:\Users\karin\Desktop\defogger_disable.log
2015-04-04 12:55 - 2015-04-04 12:55 - 00000000 _____ () C:\Users\karin\defogger_reenable
2015-04-04 12:52 - 2015-04-04 12:52 - 02095616 _____ (Farbar) C:\Users\karin\Desktop\FRST64.exe
2015-04-04 12:52 - 2015-04-04 12:52 - 00380416 _____ () C:\Users\karin\Desktop\Gmer-19357.exe
2015-04-04 12:51 - 2015-04-04 12:51 - 00050477 _____ () C:\Users\karin\Desktop\Defogger.exe
2015-03-23 22:43 - 2015-03-23 22:43 - 00001474 _____ () C:\Users\karin\Downloads\URLLink(35).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001484 _____ () C:\Users\karin\Downloads\URLLink(31).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001467 _____ () C:\Users\karin\Downloads\URLLink(33).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001465 _____ () C:\Users\karin\Downloads\URLLink(32).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001455 _____ () C:\Users\karin\Downloads\URLLink(34).acsm
2015-03-22 04:09 - 2015-03-22 04:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 22:57 - 2015-03-20 22:57 - 00002184 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-03-20 22:27 - 2015-03-20 22:27 - 08132576 _____ (Adobe Systems Incorporated) C:\Users\karin\Downloads\ADE_4.0_Installer(1).exe
2015-03-17 22:25 - 2015-03-17 22:25 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-03-15 11:54 - 2015-03-15 11:54 - 00000000 ____D () C:\Users\Sophia\Downloads\female dress
2015-03-15 11:50 - 2015-03-15 11:56 - 00000000 ____D () C:\Users\Sophia\Downloads\romantic hair
2015-03-15 11:49 - 2015-03-15 11:49 - 00000000 ____D () C:\Users\Sophia\Downloads\käppi
2015-03-15 11:41 - 2015-03-15 11:41 - 00000000 ____D () C:\Users\Sophia\Downloads\woodpanels
2015-03-15 11:40 - 2015-03-15 11:40 - 00000000 ____D () C:\Users\Sophia\Downloads\Lidschatten
2015-03-15 11:39 - 2015-03-15 11:39 - 00000000 ____D () C:\Users\Sophia\Downloads\hochzeitskleid
2015-03-15 11:35 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\Weißes Kleid lang
2015-03-15 11:34 - 2015-03-15 11:34 - 00000000 ____D () C:\Users\Sophia\Downloads\Rokkoko
2015-03-15 11:31 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\victoria secret
2015-03-14 19:47 - 2015-03-14 19:47 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Need for Speed World
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\Users\karin\AppData\Local\Electronic_Arts_Inc
2015-03-10 21:59 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:59 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:59 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:59 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 21:59 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:59 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:59 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:59 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:59 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:59 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:59 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 21:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:59 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:59 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:59 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:59 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:59 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:59 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:59 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:59 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:59 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:59 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:59 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:59 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:59 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:59 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:59 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:59 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:59 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:59 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 21:59 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:59 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 21:59 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:59 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 21:59 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:59 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 21:59 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:59 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 21:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:54 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:54 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:06 - 2015-03-10 17:06 - 00000000 ____D () C:\Windows\SysWOW64\㐶

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 00:50 - 2013-12-25 14:05 - 00000000 ____D () C:\AdwCleaner
2015-04-05 00:49 - 2011-05-07 01:46 - 02007441 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 00:47 - 2013-04-25 20:13 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for karin.job
2015-04-05 00:47 - 2012-03-31 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 19:19 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 19:19 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 18:36 - 2010-11-21 08:50 - 00696848 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 18:36 - 2010-11-21 08:50 - 00148144 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 18:36 - 2009-07-14 07:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 18:31 - 2013-12-18 20:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-04 18:31 - 2012-01-16 20:49 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-04-04 18:31 - 2011-06-25 22:53 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-04 18:30 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-04 18:30 - 2010-11-21 05:47 - 00212856 _____ () C:\Windows\PFRO.log
2015-04-04 18:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 18:30 - 2009-07-14 06:51 - 00202248 _____ () C:\Windows\setupact.log
2015-04-04 18:00 - 2013-12-18 21:11 - 00001091 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001061 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 18:00 - 2011-12-26 18:01 - 00001003 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 12:55 - 2011-12-26 18:01 - 00000000 ____D () C:\Users\karin
2015-04-04 12:50 - 2013-02-02 00:11 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C603C78-CC00-42DC-A30C-85E5A1B6871D}
2015-04-04 12:45 - 2012-10-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 23:05 - 2015-02-25 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-19 01:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 00:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 00:17 - 2014-05-18 14:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 23:32 - 2011-12-26 19:08 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-18 23:30 - 2011-12-28 15:40 - 00000000 ____D () C:\Users\Sophia
2015-03-17 22:27 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 22:26 - 2012-03-31 13:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 12:05 - 2012-12-25 20:48 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 18:32 - 2012-08-06 16:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-14 12:07 - 2012-12-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-14 12:01 - 2012-05-07 09:07 - 00320620 _____ () C:\Windows\DirectX.log
2015-03-11 17:03 - 2012-10-16 16:13 - 00000000 ____D () C:\Users\Sophia\Documents\Sonstiges
2015-03-11 16:53 - 2009-07-14 06:45 - 00344024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:57 - 2013-04-30 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:52 - 2013-07-16 12:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:46 - 2011-12-31 16:55 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 00:45 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini
2015-03-10 17:06 - 2013-05-17 12:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-02-11 09:35 - 2015-02-11 09:35 - 0184242 _____ () C:\Program Files (x86)\lizenzvertrag.pdf
2011-12-26 21:50 - 2011-12-26 22:46 - 0001749 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\karin\AppData\Local\Temp\228412-672209-minecraft.exe
C:\Users\karin\AppData\Local\Temp\60312uninstall.exe
C:\Users\karin\AppData\Local\Temp\7z920.exe
C:\Users\karin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\karin\AppData\Local\Temp\AutoRun.exe
C:\Users\karin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\karin\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\checkdb.exe
C:\Users\karin\AppData\Local\Temp\chromesetup.exe
C:\Users\karin\AppData\Local\Temp\contentDATs.exe
C:\Users\karin\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\karin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\karin\AppData\Local\Temp\EAInstall.dll
C:\Users\karin\AppData\Local\Temp\eauninstall.exe
C:\Users\karin\AppData\Local\Temp\First15.exe
C:\Users\karin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\karin\AppData\Local\Temp\hcwclear.exe
C:\Users\karin\AppData\Local\Temp\IR32.exe
C:\Users\karin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\Quarantine.exe
C:\Users\karin\AppData\Local\Temp\sdanircmdc.exe
C:\Users\karin\AppData\Local\Temp\sdapskill.exe
C:\Users\karin\AppData\Local\Temp\sdaspwn.exe
C:\Users\karin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\karin\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\karin\AppData\Local\Temp\SearchHelper.exe
C:\Users\karin\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\karin\AppData\Local\Temp\Sqlite3.dll
C:\Users\karin\AppData\Local\Temp\StripExtra.exe
C:\Users\karin\AppData\Local\Temp\tbVgra.dll
C:\Users\karin\AppData\Local\Temp\The Sims 2 Celebration Stuff_uninst.exe
C:\Users\karin\AppData\Local\Temp\uninst1.exe
C:\Users\karin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\karin\AppData\Local\Temp\vcredist_x86.exe
C:\Users\karin\AppData\Local\Temp\VP6Install.exe
C:\Users\karin\AppData\Local\Temp\VP6VFW.dll
C:\Users\karin\AppData\Local\Temp\wintv7_cd_3.3.exe
C:\Users\Sophia\AppData\Local\Temp\AskSLib.dll
C:\Users\Sophia\AppData\Local\Temp\avgnt.exe
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7320013.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7330016.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Sophia\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih.exe
C:\Users\Sophia\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih[1].exe
C:\Users\Sophia\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:10

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by karin at 2015-04-05 00:52:30
Running from C:\Users\karin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.)
Die Sims™ Inselgeschichten (HKLM-x32\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Die Sims™ Lebensgeschichten (HKLM-x32\...\{DA932D71-E52A-43D5-009E-395A1AEC1474}) (Version:  - )
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Gold Rush - Treasure Hunt Deluxe (HKLM-x32\...\a43b5713e1c9daf9a348736c21961ee3) (Version:  - Zylom)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.32035 (CD 3.3) - Hauppauge Computer Works)
Hercules Link (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 4.0.2.1 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
LG USB Modem Drivers (HKLM-x32\...\{3E8DE1A6-B365-4FF6-B917-2892A34990E8}) (Version: 4.9.7 - LG Electronics)
Lollipop (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\lollipop_12240918) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
M&Ms - Die Geheimformeln (HKLM-x32\...\M&Ms The Lost Formulas) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein eigenes Tierheim SE (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Mein eigenes Tierheim SE) (Version: V1.000000 - )
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.10 - Symantec Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{ebf0bc89-b0e6-426a-b248-e886b1894999}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SpyShelter Premium 5.14 (HKLM\...\SpyShelter_is1) (Version: 5.14 - )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TouchCopy 12 (HKLM-x32\...\{22E2998A-081D-4FAA-9DFA-D5CA52F5C4EB}) (Version: 12.40 - Wide Angle Software)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wendy (HKLM-x32\...\{202BACA0-AA91-11D4-A5EE-004095501894}) (Version:  - )
Wendy 2 (HKLM-x32\...\{DFFCBCCE-3A43-11D5-AF42-000102B4CD2E}) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 12:56:03 Windows-Sicherung
04-04-2015 13:41:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A430C9-E3BB-4383-BAEC-EC5F749B69F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {25CC741E-CE7A-4708-BEF3-34044EFD86B4} - System32\Tasks\Norton Security Scan for karin => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation)
Task: {6144813C-9A9F-4353-ADBD-0D7EFB90F31C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {81FAF565-8359-4678-9E7A-638E7DE2CEC6} - System32\Tasks\{30B32277-D4CB-4E4A-B780-13BEAF0062E7} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {94B45807-FDD6-42E2-875E-B9A5A2F2A48C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9AB8391C-A843-40ED-A035-3326823BF5DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {A420D813-CB30-4B9E-AB0A-8B43ED261F7D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {ADEFEC53-F56C-423F-A676-8468803BDC0A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004
Task: {BF619E14-AABE-47A2-93EF-2194D526FC7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC7194DB-AF6A-47B8-94BC-2946B38E25FC} - System32\Tasks\{E2F2D9B5-29D4-42DC-A408-DAFF68786AAF} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {F1662AEE-2FB8-466E-8970-DBBB0CF9C57C} - System32\Tasks\{EA3CD6AA-5512-4118-AF25-B39F3FD495FE} => pcalua.exe -a D:\MANUAL\WinTV6Man_deu.EXE -d D:\MANUAL
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Norton Security Scan for karin.job => C:\PROGRA~2\NORTON~2\Engine\372~1.10\Nss.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0B7D62C0-4D4C-47C6-8340-49CCD4930FA6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-07 02:07 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 02:07 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-05-07 02:06 - 2010-05-24 11:10 - 00076192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00383904 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00103328 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 64641440 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2011-05-07 02:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-26 18:15 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
karin (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\karin
Sophia (S-1-5-21-2260964575-2753946872-1401531445-1004 - Limited - Enabled) => C:\Users\Sophia
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/05/2015 00:47:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 7918.12 MB
Available physical RAM: 6455.88 MB
Total Pagefile: 15834.42 MB
Available Pagefile: 13559.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:704.31 GB) NTFS
Drive d: () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive e: () (Fixed) (Total:64 GB) (Free:3.08 GB) NTFS
Drive f: (PROGRAMME) (Fixed) (Total:59.54 GB) (Free:23.41 GB) FAT32
Drive g: () (Fixed) (Total:25.47 GB) (Free:25.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11BB29FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1E0A1E09)
Partition 1: (Active) - (Size=8 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================

midimuc 04.04.2015 23:56
Code:
# AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 17:59:56
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : karin - KITT
# Gestarted von : C:\Users\karin\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\VideoConverter
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\WaInterEnhance
Ordner Gelöscht : C:\Users\karin\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Users\karin\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\karin\AppData\Local\Video Converter
Ordner Gelöscht : C:\Users\karin\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\karin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\karin\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\karin\Documents\Video Converter
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\avayvaxvaa
Ordner Gelöscht : C:\Users\Sophia\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
Ordner Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp
Datei Gelöscht : C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfkamignjaneflbgdjegpidckhjdiibj_0.localstorage
Datei Gelöscht : C:\Users\karin\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\karin\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Windows\apppatch\apppatch64\vcldr64.dll
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
Datei Gelöscht : C:\Windows\AppPatch\nbin\VC32Loader.dll
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : avayvaxvaa
Task Gelöscht : Funmoods
Task Gelöscht : Run_Bobby_Browser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mfkamignjaneflbgdjegpidckhjdiibj
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\32ed0c07-a30c-b8e1-55c6-be27f7ea5c6e
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\WajIEnhance
Schlüssel Gelöscht : HKCU\Software\WaInterEnhance
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\WaInterEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaInterEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader_is1
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nationzoom.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0.4 (x86 de)

[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1420545966&from=cvs&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898&q={searchTerms}");
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[f2rvw7w9.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[tom1khdk.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPBDFE5A7E-927[...]
[tom1khdk.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [52979 Bytes] - [25/12/2013 14:05:22]
AdwCleaner[R1].txt - [13524 Bytes] - [04/04/2015 17:58:18]
AdwCleaner[S0].txt - [47107 Bytes] - [25/12/2013 14:07:33]
AdwCleaner[S1].txt - [11095 Bytes] - [04/04/2015 17:59:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11155  Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.04.2015
Suchlauf-Zeit: 18:05:43
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.04.04
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: karin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 473416
Verstrichene Zeit: 22 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 6
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [6e26c3a54a40c96df940d898dd26ae52],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [6e26c3a54a40c96df940d898dd26ae52],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ff95ec7c3a50e65026ca2c048283a957],
PUP.Optional.Feven.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [3460363297f375c1c1c3c93931d3df21],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.7, In Quarantäne, [652f244492f8c96d885b1ae0c93ac739],
PUP.Optional.Lyrics.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Lyrics, In Quarantäne, [bfd551170d7d5fd7279017f247bda858],

Registrierungswerte: 1
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [a2f20f597614aa8c3136a042f90a946c]

Registrierungsdaten: 8
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=hp&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=hp&installDate=18/12/2013),Ersetzt,[82127deb96f40e286df449a3679e3bc5]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[058f9bcd6c1ed561263b7c701beab14f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[d0c478f07218bb7bfe638c60cd388a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[296b82e6cebc1323fc64edff44c18977]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[296bb3b57713d660bca536b69570837d]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=55&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M846CB5FB-E64D-412F-AEA8-795AF6F94007&SearchSource=55&CUI=&UM=5&UP=SPBDFE5A7E-9277-4231-A504-7B2BBCD94035&SSPV=),Ersetzt,[83113038c9c181b5e2357f6f9a6b0af6]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[583cb8b099f1df574a1716d63ec79d63]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=5fb07f25-17a7-493e-cf1b-6c549f3f2bb8&searchtype=ds&q={searchTerms}&installDate=18/12/2013),Ersetzt,[cdc703658109a59107591dcfa65ffe02]

Ordner: 4
Rogue.Multiple, C:\ProgramData\1887373585, In Quarantäne, [c9cb4b1d5634290df082c7aa09fa629e],
PUP.Optional.CrossRider.A, C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn, In Quarantäne, [880c8edabfcb43f309c29bf8000310f0],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Managera.A, C:\Users\karin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [603492d6fa90f046423b9500c43f60a0],

Dateien: 117
Adware.DomaIQ, C:\$Recycle.Bin\S-1-5-21-2260964575-2753946872-1401531445-1004\$RFD9EEZ.exe, In Quarantäne, [a2f21c4cacde66d0991a7b9fba4cf50b],
PUP.Optional.Conduit, C:\Users\karin\AppData\Local\Temp\che8D8F.tmp, In Quarantäne, [296b3533b2d85ed81f8d33a9e52049b7],
Trojan.RotBrow.A, C:\Users\karin\AppData\Local\Temp\che9263.tmp, In Quarantäne, [791b293fccbee254a99f9515837e768a],
PUP.Optional.SweetIM, C:\Users\karin\AppData\Local\Temp\jBpUgXOJ.exe.part, In Quarantäne, [0193ec7c08829e98e993bf5e5aac38c8],
PUP.Optional.Somoto.A, C:\Users\karin\AppData\Local\Temp\BI_RunOnce.exe, In Quarantäne, [7d17d5934c3e4beb6392b98d818034cc],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nss2DB7.exe, In Quarantäne, [ade7e2862466989e4e2279d4728f1ce4],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsy3923.exe, In Quarantäne, [caca333506841026bdb3d677b05150b0],
PUP.Optional.DomalQ, C:\Users\karin\AppData\Local\Temp\I2T_lpcX.exe.part, In Quarantäne, [e9abce9af09aca6c748472212adb3bc5],
PUP.Optional.FilesFrog.A, C:\Users\karin\AppData\Local\Temp\UpdateCheckerSetup.exe, In Quarantäne, [fb9946225f2b6dc9f30c52d27f81b64a],
PUP.Optional.VIT.A, C:\Users\karin\AppData\Local\Temp\instloffer.exe, In Quarantäne, [2a6adc8c5d2d5adcb1a959e0b64b59a7],
PUP.Optional.MyPCBackup.A, C:\Users\karin\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [2c68de8a19711b1b90dbc034788952ae],
PUP.Optional.SweetIM, C:\Users\karin\AppData\Local\Temp\bundlesweetimsetup.exe, In Quarantäne, [bbd95e0aaedcc076681448d546c0ce32],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [3460d197404acf67dd21ffbc21e08878],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\SPStub.exe, In Quarantäne, [8f051d4b177346f0e3c9dd6e4bb6a65a],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsj999A.exe, In Quarantäne, [04905315d0ba1b1bc7a9222b1ce5df21],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nsk713B.exe, In Quarantäne, [5440ed7b19712d090f6dc6924eb3bb45],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nst8F28.exe, In Quarantäne, [167ebcac098147ef6d0315382fd226da],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsx3056.exe, In Quarantäne, [3460baae2f5b8fa7fe72ed607f820000],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsx9E0C.exe, In Quarantäne, [fc98ea7e31598aac93dd6edf8081718f],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nsp6DB1.exe, In Quarantäne, [375d1a4e9af08da97c006fe9649d20e0],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nspEA56.exe, In Quarantäne, [5143bfa902886ec8017ba5b3956c7b85],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\645E.tmp, In Quarantäne, [771d1d4b612972c4a26cb29eda27b749],
PUP.Optional.PerformerSoft.A, C:\Users\karin\AppData\Local\Temp\76A6.tmp, In Quarantäne, [20742543216921158046e95c758c6f91],
PUP.Optional.MediaTech.A, C:\Users\karin\AppData\Local\Temp\93B7.tmp, In Quarantäne, [ade7f8704b3f24123ca95763ba4bf30d],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nszE342.exe, In Quarantäne, [3064a3c552388aac5d1fc39511f0847c],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nszE6EB.exe, In Quarantäne, [8410baaee6a4a294007c7ade42bf768a],
Trojan.RotBrowse, C:\Users\karin\AppData\Local\Temp\473.tmp, In Quarantäne, [2074313755355fd775a29724986db54b],
Trojan.RotBrowse, C:\Users\karin\AppData\Local\Temp\288B.tmp, In Quarantäne, [31636efa2b5f1c1a9283a813d13404fc],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nse66BC.exe, In Quarantäne, [a9eb5414711916203448a9af08f940c0],
PUP.Optional.SearchProtect.A, C:\Users\karin\AppData\Local\Temp\nse6A17.exe, In Quarantäne, [771d0266becc8fa7f18b0f4932cf1be5],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\SecondStepInstaller.exe, In Quarantäne, [7d175c0c028854e2521eee5f29d8cb35],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\E1E6.tmp, In Quarantäne, [e1b397d13d4d5fd7d5393020a061c33d],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\BExternal.dll, In Quarantäne, [504450187f0bd85ebf1535ef50b0d22e],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\ccp.exe, In Quarantäne, [910328403258c27465a95ef2eb165ea2],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\CrxInstaller.dll, In Quarantäne, [4e46e682464476c095a281c7ac55ed13],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\DSearchLink.exe, In Quarantäne, [8a0a8cdcabdf0531d891eda792731ee2],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\MntrDLLInstall.dll, In Quarantäne, [8c08b6b28a0085b13bfd2a1e17eaa55b],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\MyDeltaTB.exe, In Quarantäne, [bbd992d692f87fb75341633c8d748d73],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\02B4B3D8-BAB0-7891-B282-100F1F8D29DA\Latest\Setup.exe, In Quarantäne, [f2a27cec2862e45203773de6f40c6898],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\89664E74-BAB0-7891-9ED1-A4FAD134D932\Latest\MyBabylonTB.exe, In Quarantäne, [40546503b7d30432dbb97728b74a7789],
Adware.DomaIQ, C:\Users\karin\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ.exe, In Quarantäne, [e5af2a3e6c1e3105862d65b5d82e53ad],
Adware.DomaIQ, C:\Users\karin\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ10.exe, In Quarantäne, [33616107246693a3595a9f7bf70f9f61],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlC128\~dljyb\tmp\STab_Down.exe, In Quarantäne, [eaaaa0c84743df578f651254e21e19e7],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlC128\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [801496d23357de5890f8359c8b76ac54],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlD084\~dljyb\tmp\STab_Down.exe, In Quarantäne, [a2f2de8a57334cea49abfd698d735aa6],
PUP.Optional.ELEX, C:\Users\karin\AppData\Local\Temp\~dlD084\~dljyb\tmp\STab_v4.0.exe, In Quarantäne, [8e0680e8513966d0ef80f83b818133cd],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlD084\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [484cce9a395106309eea1bb6c0411de3],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlDBD9\~dljyb\tmp\STab_Down.exe, In Quarantäne, [74206bfdfe8c0a2c6094e185f30de11f],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlDBD9\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [355f91d72c5e181e7216ad2408f9936d],
PUP.Optional.SupTab.A, C:\Users\karin\AppData\Local\Temp\~dlEE7F\~dljyb\tmp\STab_Down.exe, In Quarantäne, [494bfa6e6b1f03334ea6174f718f629e],
PUP.Optional.WindowsProtectManger.A, C:\Users\karin\AppData\Local\Temp\~dlEE7F\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [8a0a34341476ab8bd2b6a32e3fc233cd],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\nsj21FE\SpSetup.exe, In Quarantäne, [563e4820840639fdd69a1439f70a40c0],
PUP.Optional.NationZoom.A, C:\Users\karin\AppData\Local\Temp\fullpackage_temp1387392401\Baofeng.exe, In Quarantäne, [8d075b0d92f8ac8ad28655da5ea223dd],
PUP.Optional.SkyTech.A, C:\Users\karin\AppData\Local\Temp\fullpackage_temp1387392401\UpDate.dll, In Quarantäne, [95ff4622a4e6c86ee3e9f50f689a1ae6],
PUP.Optional.WpManager, C:\Users\karin\AppData\Local\Temp\fullpackage_temp1387392401\tmp\NewGdp.exe, In Quarantäne, [0c888bdd1b6feb4b8f831b75d62b827e],
PUP.Optional.BundleInstaller.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\parent.txt, In Quarantäne, [03914b1d69213303be3ba9ca8180e020],
PUP.Optional.ScramblePacker.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\feven-1-5.exe, In Quarantäne, [6b29a7c18505cc6ab7f1bcefd03146ba],
PUP.Optional.Linkury.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\Installer.exe, In Quarantäne, [80146cfcd8b2cf671c176436669f17e9],
PUP.Optional.Storimbo.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\StorimboSetup.exe, In Quarantäne, [544098d0a3e78fa7173ebb99b74eea16],
PUP.Optional.SkyTech.A, C:\Users\karin\AppData\Local\Temp\sfckhzrirswogkh\software\tugs_nationzoom.exe, In Quarantäne, [d5bf05637c0e54e27ac03e47ff02ec14],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\chLogic.exe, In Quarantäne, [bfd567014e3c37ff713bc48711f0d828],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\ffLogic.exe, In Quarantäne, [97fd90d84941b383dad2ec5f06fb37c9],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\ieLogic.exe, In Quarantäne, [3361e6827812fe38f0bce16a12ef1be5],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\spch.exe, In Quarantäne, [a1f36008b5d5de583b713a11a45da858],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\spff.exe, In Quarantäne, [0c88cc9cf991a1955a52ee5d0ff2da26],
PUP.Optional.Conduit.A, C:\Users\karin\AppData\Local\Temp\ct3293887\statisticsStub.exe, In Quarantäne, [6034fc6c593195a156df8fa78f7245bb],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\BExternal.dll, In Quarantäne, [157f33351377b0865d779a8a58a8e917],
Trojan.RotBrowse, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\ccp.exe, In Quarantäne, [deb63b2d781243f3f71ef0cb24e11fe1],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\CrxInstaller.dll, In Quarantäne, [eda748200b7fd5614bec8fb9d130ec14],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\MntrDLLInstall.dll, In Quarantäne, [e4b08fd9f99147ef54e478d022df946c],
PUP.Optional.Delta.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\MyDeltaTB.exe, In Quarantäne, [a3f11b4d8efcc175ddb75748ac5560a0],
PUP.Optional.Babylon.A, C:\Users\karin\AppData\Local\Temp\277E0D2C-BAB0-7891-BA03-B7DC73DF80D3\Latest\Setup.exe, In Quarantäne, [b8dc3b2dc8c266d0f927928ee7196898],
PUP.Optional.CrossRider.A, C:\Users\karin\AppData\Local\Temp\DwlTempFolder\temp.exe, In Quarantäne, [7c18c8a0aae0bb7bd403846b26dbc13f],
PUP.Optional.SearchProtect.A, C:\Users\Sophia\AppData\Local\Temp\2DB4.tmp, In Quarantäne, [9afae6828ffb4beb15e9caf12ed3f60a],
PUP.Optional.Vid, C:\Users\Sophia\AppData\Local\Temp\x6cvO45F.exe.part, In Quarantäne, [b1e33335c8c260d6973b50e7ea1736ca],
PUP.Optional.Conduit.A, C:\Users\Sophia\AppData\Local\Temp\SecondStepInstaller.exe, In Quarantäne, [f4a08ade16742a0cf37d59f461a0d32d],
PUP.Optional.SearchProtect.A, C:\Users\Sophia\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [7e16d296d3b73402c5399e1de51cbc44],
PUP.Optional.Delimax, C:\Users\Sophia\AppData\Local\Temp\n5814\s5814.exe, In Quarantäne, [cdc7a7c1afdbcc6a4d5b73e68481eb15],
PUP.Optional.Vittalia, C:\Windows\Temp\update.zip, In Quarantäne, [f2a22b3dfe8c1c1acc5ad61112ef748c],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsiF635.exe, In Quarantäne, [d5bf5c0cacde93a310d23a778b76b14f],
PUP.Optional.Conduit.A, C:\Windows\Temp\nssCA92.exe, In Quarantäne, [ff9502661d6dc37305dde8c97d840ff1],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsbB297.exe, In Quarantäne, [7024cf99fc8e1620db07139e3bc6c63a],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsd4A2E.exe, In Quarantäne, [652f9bcdcac06bcb29b94d64e819b050],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsd9DBA.exe, In Quarantäne, [4351d89099f140f6855d51609b66aa56],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsdB7A0.exe, In Quarantäne, [f2a25018dfab181e8062f4bdc33ee21e],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsi9F10.exe, In Quarantäne, [662ecc9c1377ec4aac363c750100b947],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsiE218.exe, In Quarantäne, [caca5b0da3e783b3f9e9179a55acd030],
PUP.Optional.Conduit.A, C:\Windows\Temp\nssEF22.exe, In Quarantäne, [8d076bfd7713ed49eef40da4a9586b95],
PUP.Optional.Conduit.A, C:\Windows\Temp\nst2C61.exe, In Quarantäne, [a7ed47213f4baf8705ddcae78e739967],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsvC1B4.exe, In Quarantäne, [6331194f4f3b092d954d1b96d928bc44],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx95FB.exe, In Quarantäne, [fb991c4ce0aa8ea822c0bef342bf39c7],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsy2447.exe, In Quarantäne, [6c2838306723c3735c868b2613ee25db],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsy929.exe, In Quarantäne, [3b597bed325878be99499a1748b915eb],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsyF386.exe, In Quarantäne, [7e162246e5a589ad2eb4822f649d5aa6],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsn1DA2.exe, In Quarantäne, [395b9fc917736cca964c5d54926f30d0],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsnB1C6.exe, In Quarantäne, [fd9784e4d9b137ff7d656d4447ba49b7],
PUP.Optional.Conduit.A, C:\Windows\Temp\nss714C.exe, In Quarantäne, [f89cf870296101359949c8e936cb6e92],
PUP.Optional.Conduit.A, C:\Windows\Temp\nss73BC.exe, In Quarantäne, [5143baae0585cd69578bdcd535cca55b],
PUP.Optional.Conduit.A, C:\Windows\Temp\nss8BCF.exe, In Quarantäne, [8b094e1a0c7ec175edf57e3351b0c33d],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\AppsUpdater (2).exe, In Quarantäne, [95ff3137cac00d29e390e7e49968d828],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\AppsUpdater.exe, In Quarantäne, [8e061355b8d2a591a1d2ab206f929070],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\KeyGen (2).dll, In Quarantäne, [177d27417c0e290dc95df6f13ec3d030],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\KeyGen.dll, In Quarantäne, [583ca2c699f1e74f43e3499e6b9644bc],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\UpdaterService (2).exe, In Quarantäne, [72222444fb8f93a376fc25a68f7202fe],
PUP.Optional.Vittalia, C:\Windows\Temp\updater\UpdaterService.exe, In Quarantäne, [2b69cc9c6624a88ea2d0e5e645bcae52],
PUP.Optional.Softonic.A, C:\Users\karin\Downloads\SoftonicDownloader_fuer_format-factory.exe, In Quarantäne, [c0d499cf3951a09683afcf8037ca24dc],
PUP.Optional.OpenCandy, C:\Users\karin\Downloads\Zylom-Installer_BigKahunaReef2_DE.exe, In Quarantäne, [b5dfb7b14f3bc274d41779a42bdb04fc],
PUP.Optional.Bandoo, C:\Users\Sophia\Downloads\iLividSetup.exe, In Quarantäne, [51431f49800a73c39a3ec96fbf421ee2],
PUP.Optional.VIT, C:\Users\Sophia\Downloads\installer_minecraft_Deutsch.exe, In Quarantäne, [7c188cdc7d0dca6ca932df64a8599769],
PUP.Optional.Conduit.A, C:\Users\Sophia\Downloads\WiseConvert_1.3.exe, In Quarantäne, [f1a330381a704de988f65920b24f718f],
PUP.Optional.SnapDo.A, C:\Windows\Installer\1fb563.msi, In Quarantäne, [eba9c0a8b3d7eb4bf656e7cc41c040c0],
PUP.Optional.WidgetContext.A, C:\Users\karin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi, In Quarantäne, [445073f5c6c4e353d879fcc927dca35d],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Extutil.A, C:\Users\karin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [5d378bdd4446cd6982fadcb952b115eb],
PUP.Optional.Managera.A, C:\Users\karin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [603492d6fa90f046423b9500c43f60a0],
PUP.Optional.Managera.A, C:\Users\karin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [603492d6fa90f046423b9500c43f60a0],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by karin on 04.04.2015 at 18:35:40,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update storimbo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util storimbo



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\karin\music\qtrax media library"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\karin\AppData\Roaming\mozilla\firefox\profiles\f2rvw7w9.default\extensions\126
Successfully deleted the following from C:\Users\karin\AppData\Roaming\mozilla\firefox\profiles\f2rvw7w9.default\prefs.js

user_pref("browser.search.searchengine.alias", "webssearches");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.name", "webssearches");
user_pref("browser.search.searchengine.ptid", "cvs");
user_pref("browser.search.searchengine.uid", "WDCXWD1002FAEX-00Z3A0_WD-WCATR508889888898");
user_pref("browser.search.selectedEngine", "webssearches");
Emptied folder: C:\Users\karin\AppData\Roaming\mozilla\firefox\profiles\f2rvw7w9.default\minidumps [3479 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2015 at 18:39:45,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by karin (administrator) on KITT on 05-04-2015 00:51:39
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin &  (Available profiles: UpdatusUser & karin & Sophia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [2610672 2011-04-06] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-23] (Spotify Ltd)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [EADM] => C:\Users\Sophia\Downloads\Origin\Origin.exe [3631448 2015-02-27] (Electronic Arts)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {927b128c-268e-11e1-932b-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b3ef9deb-4436-11e2-8e42-5404a612598d} - I:\LGAutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53479;https=127.0.0.1:53479
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default
FF SearchEngineOrder.1:
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sophia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-07] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-26]
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR Profile: C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 Origin Client Service; C:\Users\Sophia\Downloads\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-15] (Avira Operations GmbH & Co. KG)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                          )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [191984 2011-04-06] (SpyShelter) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 18:39 - 2015-04-04 18:39 - 00001764 _____ () C:\Users\karin\Desktop\JRT.txt
2015-04-04 18:35 - 2015-04-04 18:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KITT-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 18:35 - 2015-04-04 18:35 - 00000000 ____D () C:\RegBackup
2015-04-04 18:34 - 2015-04-04 18:34 - 00022838 _____ () C:\Users\karin\Desktop\MBAM.txt
2015-04-04 18:33 - 2015-04-04 18:33 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 ____D () C:\Users\TEMP
2015-04-04 18:33 - 2015-01-18 23:27 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2015-04-04 18:33 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-04 18:33 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-04 18:05 - 2015-04-04 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 18:04 - 2015-04-04 18:04 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 17:59 - 2015-04-04 18:00 - 00011272 _____ () C:\Users\karin\Desktop\AdwCleaner[S1].txt
2015-04-04 17:55 - 2015-04-04 17:55 - 02690981 _____ (Thisisu) C:\Users\karin\Desktop\JRT.exe
2015-04-04 17:54 - 2015-04-04 17:55 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-04 17:53 - 2015-04-04 17:53 - 02208768 _____ () C:\Users\karin\Desktop\AdwCleaner_4.200.exe
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 13:15 - 2015-04-04 13:15 - 00008531 _____ () C:\Users\karin\Desktop\Gmer.txt
2015-04-04 13:00 - 2015-04-04 13:01 - 00037945 _____ () C:\Users\karin\Desktop\Addition.txt
2015-04-04 12:57 - 2015-04-05 00:52 - 00021349 _____ () C:\Users\karin\Desktop\FRST.txt
2015-04-04 12:56 - 2015-04-05 00:51 - 00000000 ____D () C:\FRST
2015-04-04 12:55 - 2015-04-04 12:55 - 00000472 _____ () C:\Users\karin\Desktop\defogger_disable.log
2015-04-04 12:55 - 2015-04-04 12:55 - 00000000 _____ () C:\Users\karin\defogger_reenable
2015-04-04 12:52 - 2015-04-04 12:52 - 02095616 _____ (Farbar) C:\Users\karin\Desktop\FRST64.exe
2015-04-04 12:52 - 2015-04-04 12:52 - 00380416 _____ () C:\Users\karin\Desktop\Gmer-19357.exe
2015-04-04 12:51 - 2015-04-04 12:51 - 00050477 _____ () C:\Users\karin\Desktop\Defogger.exe
2015-03-23 22:43 - 2015-03-23 22:43 - 00001474 _____ () C:\Users\karin\Downloads\URLLink(35).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001484 _____ () C:\Users\karin\Downloads\URLLink(31).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001467 _____ () C:\Users\karin\Downloads\URLLink(33).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001465 _____ () C:\Users\karin\Downloads\URLLink(32).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001455 _____ () C:\Users\karin\Downloads\URLLink(34).acsm
2015-03-22 04:09 - 2015-03-22 04:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 22:57 - 2015-03-20 22:57 - 00002184 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-03-20 22:27 - 2015-03-20 22:27 - 08132576 _____ (Adobe Systems Incorporated) C:\Users\karin\Downloads\ADE_4.0_Installer(1).exe
2015-03-17 22:25 - 2015-03-17 22:25 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-03-15 11:54 - 2015-03-15 11:54 - 00000000 ____D () C:\Users\Sophia\Downloads\female dress
2015-03-15 11:50 - 2015-03-15 11:56 - 00000000 ____D () C:\Users\Sophia\Downloads\romantic hair
2015-03-15 11:49 - 2015-03-15 11:49 - 00000000 ____D () C:\Users\Sophia\Downloads\käppi
2015-03-15 11:41 - 2015-03-15 11:41 - 00000000 ____D () C:\Users\Sophia\Downloads\woodpanels
2015-03-15 11:40 - 2015-03-15 11:40 - 00000000 ____D () C:\Users\Sophia\Downloads\Lidschatten
2015-03-15 11:39 - 2015-03-15 11:39 - 00000000 ____D () C:\Users\Sophia\Downloads\hochzeitskleid
2015-03-15 11:35 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\Weißes Kleid lang
2015-03-15 11:34 - 2015-03-15 11:34 - 00000000 ____D () C:\Users\Sophia\Downloads\Rokkoko
2015-03-15 11:31 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\victoria secret
2015-03-14 19:47 - 2015-03-14 19:47 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Need for Speed World
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\Users\karin\AppData\Local\Electronic_Arts_Inc
2015-03-10 21:59 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:59 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:59 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:59 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 21:59 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:59 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:59 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:59 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:59 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:59 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:59 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 21:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:59 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:59 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:59 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:59 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:59 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:59 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:59 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:59 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:59 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:59 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:59 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:59 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:59 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:59 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:59 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:59 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:59 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:59 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 21:59 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:59 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 21:59 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:59 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 21:59 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:59 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 21:59 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:59 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 21:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:54 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:54 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:06 - 2015-03-10 17:06 - 00000000 ____D () C:\Windows\SysWOW64\㐶

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 00:50 - 2013-12-25 14:05 - 00000000 ____D () C:\AdwCleaner
2015-04-05 00:49 - 2011-05-07 01:46 - 02007441 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 00:47 - 2013-04-25 20:13 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for karin.job
2015-04-05 00:47 - 2012-03-31 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 19:19 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 19:19 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 18:36 - 2010-11-21 08:50 - 00696848 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 18:36 - 2010-11-21 08:50 - 00148144 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 18:36 - 2009-07-14 07:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 18:31 - 2013-12-18 20:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-04 18:31 - 2012-01-16 20:49 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-04-04 18:31 - 2011-06-25 22:53 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-04 18:30 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-04 18:30 - 2010-11-21 05:47 - 00212856 _____ () C:\Windows\PFRO.log
2015-04-04 18:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 18:30 - 2009-07-14 06:51 - 00202248 _____ () C:\Windows\setupact.log
2015-04-04 18:00 - 2013-12-18 21:11 - 00001091 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001061 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 18:00 - 2011-12-26 18:01 - 00001003 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 12:55 - 2011-12-26 18:01 - 00000000 ____D () C:\Users\karin
2015-04-04 12:50 - 2013-02-02 00:11 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C603C78-CC00-42DC-A30C-85E5A1B6871D}
2015-04-04 12:45 - 2012-10-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 23:05 - 2015-02-25 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-19 01:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 00:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 00:17 - 2014-05-18 14:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 23:32 - 2011-12-26 19:08 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-18 23:30 - 2011-12-28 15:40 - 00000000 ____D () C:\Users\Sophia
2015-03-17 22:27 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 22:26 - 2012-03-31 13:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 12:05 - 2012-12-25 20:48 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 18:32 - 2012-08-06 16:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-14 12:07 - 2012-12-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-14 12:01 - 2012-05-07 09:07 - 00320620 _____ () C:\Windows\DirectX.log
2015-03-11 17:03 - 2012-10-16 16:13 - 00000000 ____D () C:\Users\Sophia\Documents\Sonstiges
2015-03-11 16:53 - 2009-07-14 06:45 - 00344024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:57 - 2013-04-30 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:52 - 2013-07-16 12:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:46 - 2011-12-31 16:55 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 00:45 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini
2015-03-10 17:06 - 2013-05-17 12:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-02-11 09:35 - 2015-02-11 09:35 - 0184242 _____ () C:\Program Files (x86)\lizenzvertrag.pdf
2011-12-26 21:50 - 2011-12-26 22:46 - 0001749 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\karin\AppData\Local\Temp\228412-672209-minecraft.exe
C:\Users\karin\AppData\Local\Temp\60312uninstall.exe
C:\Users\karin\AppData\Local\Temp\7z920.exe
C:\Users\karin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\karin\AppData\Local\Temp\AutoRun.exe
C:\Users\karin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\karin\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\checkdb.exe
C:\Users\karin\AppData\Local\Temp\chromesetup.exe
C:\Users\karin\AppData\Local\Temp\contentDATs.exe
C:\Users\karin\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\karin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\karin\AppData\Local\Temp\EAInstall.dll
C:\Users\karin\AppData\Local\Temp\eauninstall.exe
C:\Users\karin\AppData\Local\Temp\First15.exe
C:\Users\karin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\karin\AppData\Local\Temp\hcwclear.exe
C:\Users\karin\AppData\Local\Temp\IR32.exe
C:\Users\karin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\karin\AppData\Local\Temp\Quarantine.exe
C:\Users\karin\AppData\Local\Temp\sdanircmdc.exe
C:\Users\karin\AppData\Local\Temp\sdapskill.exe
C:\Users\karin\AppData\Local\Temp\sdaspwn.exe
C:\Users\karin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\karin\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\karin\AppData\Local\Temp\SearchHelper.exe
C:\Users\karin\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\karin\AppData\Local\Temp\Sqlite3.dll
C:\Users\karin\AppData\Local\Temp\StripExtra.exe
C:\Users\karin\AppData\Local\Temp\tbVgra.dll
C:\Users\karin\AppData\Local\Temp\The Sims 2 Celebration Stuff_uninst.exe
C:\Users\karin\AppData\Local\Temp\uninst1.exe
C:\Users\karin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\karin\AppData\Local\Temp\vcredist_x86.exe
C:\Users\karin\AppData\Local\Temp\VP6Install.exe
C:\Users\karin\AppData\Local\Temp\VP6VFW.dll
C:\Users\karin\AppData\Local\Temp\wintv7_cd_3.3.exe
C:\Users\Sophia\AppData\Local\Temp\AskSLib.dll
C:\Users\Sophia\AppData\Local\Temp\avgnt.exe
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7320013.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7330016.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Sophia\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Sophia\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih.exe
C:\Users\Sophia\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih[1].exe
C:\Users\Sophia\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:10

==================== End Of Log ============================
--- --- ---

midimuc 04.04.2015 23:57
und noch das neue addition.txt
 
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by karin at 2015-04-05 00:52:30
Running from C:\Users\karin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.)
Die Sims™ Inselgeschichten (HKLM-x32\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Die Sims™ Lebensgeschichten (HKLM-x32\...\{DA932D71-E52A-43D5-009E-395A1AEC1474}) (Version:  - )
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Gold Rush - Treasure Hunt Deluxe (HKLM-x32\...\a43b5713e1c9daf9a348736c21961ee3) (Version:  - Zylom)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.32035 (CD 3.3) - Hauppauge Computer Works)
Hercules Link (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 4.0.2.1 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
LG USB Modem Drivers (HKLM-x32\...\{3E8DE1A6-B365-4FF6-B917-2892A34990E8}) (Version: 4.9.7 - LG Electronics)
Lollipop (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\lollipop_12240918) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
M&Ms - Die Geheimformeln (HKLM-x32\...\M&Ms The Lost Formulas) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein eigenes Tierheim SE (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Mein eigenes Tierheim SE) (Version: V1.000000 - )
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.10 - Symantec Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{ebf0bc89-b0e6-426a-b248-e886b1894999}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SpyShelter Premium 5.14 (HKLM\...\SpyShelter_is1) (Version: 5.14 - )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TouchCopy 12 (HKLM-x32\...\{22E2998A-081D-4FAA-9DFA-D5CA52F5C4EB}) (Version: 12.40 - Wide Angle Software)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wendy (HKLM-x32\...\{202BACA0-AA91-11D4-A5EE-004095501894}) (Version:  - )
Wendy 2 (HKLM-x32\...\{DFFCBCCE-3A43-11D5-AF42-000102B4CD2E}) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 12:56:03 Windows-Sicherung
04-04-2015 13:41:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A430C9-E3BB-4383-BAEC-EC5F749B69F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {25CC741E-CE7A-4708-BEF3-34044EFD86B4} - System32\Tasks\Norton Security Scan for karin => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation)
Task: {6144813C-9A9F-4353-ADBD-0D7EFB90F31C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {81FAF565-8359-4678-9E7A-638E7DE2CEC6} - System32\Tasks\{30B32277-D4CB-4E4A-B780-13BEAF0062E7} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {94B45807-FDD6-42E2-875E-B9A5A2F2A48C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9AB8391C-A843-40ED-A035-3326823BF5DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {A420D813-CB30-4B9E-AB0A-8B43ED261F7D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {ADEFEC53-F56C-423F-A676-8468803BDC0A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004
Task: {BF619E14-AABE-47A2-93EF-2194D526FC7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC7194DB-AF6A-47B8-94BC-2946B38E25FC} - System32\Tasks\{E2F2D9B5-29D4-42DC-A408-DAFF68786AAF} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {F1662AEE-2FB8-466E-8970-DBBB0CF9C57C} - System32\Tasks\{EA3CD6AA-5512-4118-AF25-B39F3FD495FE} => pcalua.exe -a D:\MANUAL\WinTV6Man_deu.EXE -d D:\MANUAL
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Norton Security Scan for karin.job => C:\PROGRA~2\NORTON~2\Engine\372~1.10\Nss.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0B7D62C0-4D4C-47C6-8340-49CCD4930FA6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-07 02:07 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 02:07 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-05-07 02:06 - 2010-05-24 11:10 - 00076192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00383904 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00103328 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 64641440 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2011-05-07 02:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-26 18:15 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
karin (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\karin
Sophia (S-1-5-21-2260964575-2753946872-1401531445-1004 - Limited - Enabled) => C:\Users\Sophia
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/05/2015 00:47:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 7918.12 MB
Available physical RAM: 6455.88 MB
Total Pagefile: 15834.42 MB
Available Pagefile: 13559.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:704.31 GB) NTFS
Drive d: () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive e: () (Fixed) (Total:64 GB) (Free:3.08 GB) NTFS
Drive f: (PROGRAMME) (Fixed) (Total:59.54 GB) (Free:23.41 GB) FAT32
Drive g: () (Fixed) (Total:25.47 GB) (Free:25.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11BB29FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1E0A1E09)
Partition 1: (Active) - (Size=8 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================

M-K-D-B 05.04.2015 09:19
Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1004\User: Group Policy restriction detected <======= ATTENTION
Task: {ADEFEC53-F56C-423F-A676-8468803BDC0A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    TUGUU SL
    Snap.Do
    lollipop
    VideoConverter
    WaInterEnhance
    SearchProtect
    webssearches
    avayvaxvaa
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.

midimuc 05.04.2015 20:49
Hi,
hier die logfiles:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by karin at 2015-04-05 20:23:26 Run:1
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin (Available profiles: UpdatusUser & karin & Sophia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1004\User: Group Policy restriction detected <======= ATTENTION
Task: {ADEFEC53-F56C-423F-A676-8468803BDC0A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004
RemoveProxy:
EmptyTemp:
end

*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2260964575-2753946872-1401531445-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADEFEC53-F56C-423F-A676-8468803BDC0A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADEFEC53-F56C-423F-A676-8468803BDC0A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-2260964575-2753946872-1401531445-1004" => Key deleted successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 34.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:28:08 ====
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 05/04/2015 by karin
Administrator - Elevation successful

========== regfind ==========

Searching for "TUGUU SL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPlayer]
"Publisher"="TUGUU SL"

Searching for "Snap.Do"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\79C901292662353439686B34905F599C]
"ProductName"="Snap.Do"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ebf0bc89-b0e6-426a-b248-e886b1894999}]
"DisplayName"="Snap.Do Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2260964575-2753946872-1401531445-1001\Products\79C901292662353439686B34905F599C\InstallProperties]
"HelpLink"="hxxp://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2260964575-2753946872-1401531445-1001\Products\79C901292662353439686B34905F599C\InstallProperties]
"URLInfoAbout"="hxxp://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2260964575-2753946872-1401531445-1001\Products\79C901292662353439686B34905F599C\InstallProperties]
"DisplayName"="Snap.Do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9}]
"HelpLink"="hxxp://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9}]
"URLInfoAbout"="hxxp://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9}]
"DisplayName"="Snap.Do"
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Installer\Products\79C901292662353439686B34905F599C]
"ProductName"="Snap.Do"
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ebf0bc89-b0e6-426a-b248-e886b1894999}]
"DisplayName"="Snap.Do Engine"

Searching for "lollipop"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"DisplayName"="Lollipop"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"UninstallString"=""c:\users\karin\appdata\local\lollipop\lollipop_12240918.bat""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"DisplayIcon"="c:\users\karin\appdata\local\lollipop\logo.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"Publisher"="Lollipop Network, S.L."
[HKEY_CURRENT_USER\Software\Classes\Applications\lollipop_12240918.exe]
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"DisplayName"="Lollipop"
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"UninstallString"=""c:\users\karin\appdata\local\lollipop\lollipop_12240918.bat""
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"DisplayIcon"="c:\users\karin\appdata\local\lollipop\logo.ico"
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918]
"Publisher"="Lollipop Network, S.L."
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Classes\Applications\lollipop_12240918.exe]
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\Applications\lollipop_12240918.exe]

Searching for "VideoConverter"
[HKEY_CURRENT_USER\Software\Extensoft\VideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\VideoConverterCOM.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C74BDAB-EE97-4C90-8EDA-B5C6F4C15200}]
@="VideoConverterCOM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0924921B-A43D-4A6C-A8F1-75F297F4AB79}]
@="_IVideoConverterObjectEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111364F9-E86A-4659-96F4-CC2CADD52E6A}]
@="IVideoConverterObject"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{237FDF8F-0481-4CCE-A347-39174B1BF322}]
@="IVideoConverter5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{287FB7D2-53B1-4D67-AC19-3FF295086122}]
@="IVideoConverter2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{414A4711-5DAC-43C5-97C5-3D2C0BF22C22}]
@="IVideoConverter4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{722C073A-EABF-4EB0-965E-4A20CAEDE322}]
@="IVideoConverter6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C193BCA2-99E0-41D6-A26B-EDBF934C8222}]
@="IVideoConverter3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D81498F6-068D-486F-9937-66CC7EE29B22}]
@="IVideoConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D884BDC8-F993-473F-9DBC-34556C32A8E7}\1.0]
@="VideoConverterCOM 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D884BDC8-F993-473F-9DBC-34556C32A8E7}\1.0\0\win32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VCConfigHelper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VCConfigHelper\CurVer]
@="VideoConverterCOM.VCConfigHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VCConfigHelper.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VideoConverterObjec.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VideoConverterObjec.1]
@="VideoConverterObject Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VideoConverterObject]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VideoConverterObject]
@="VideoConverterObject Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoConverterCOM.VideoConverterObject\CurVer]
@="VideoConverterCOM.VideoConverterObjec.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoFileToIPOD.VideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoFileToIPOD.VideoConverter]
@="CVideoConverter Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoFileToIPOD.VideoConverter\CurVer]
@="VideoFileToIPOD.VideoConverter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoFileToIPOD.VideoConverter.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoFileToIPOD.VideoConverter.1]
@="CVideoConverter Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}]
@="VideoConverterObject Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}\InprocServer32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}\ProgID]
@="VideoConverterCOM.VideoConverterObjec.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}\VersionIndependentProgID]
@="VideoConverterCOM.VideoConverterObject"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2D6CAAA3-8123-44ED-B2F3-FA700E1E2110}\InProcServer32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBB94419-BFCF-48AA-9D03-BD3043CCBB22}]
@="CVideoConverter Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBB94419-BFCF-48AA-9D03-BD3043CCBB22}\ProgID]
@="VideoFileToIPOD.VideoConverter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBB94419-BFCF-48AA-9D03-BD3043CCBB22}\VersionIndependentProgID]
@="VideoFileToIPOD.VideoConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3440619-2BCF-4D1D-BCF6-D14BC0962AE5}\InprocServer32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3440619-2BCF-4D1D-BCF6-D14BC0962AE5}\ProgID]
@="VideoConverterCOM.VCConfigHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3440619-2BCF-4D1D-BCF6-D14BC0962AE5}\VersionIndependentProgID]
@="VideoConverterCOM.VCConfigHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0924921B-A43D-4A6C-A8F1-75F297F4AB79}]
@="_IVideoConverterObjectEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{111364F9-E86A-4659-96F4-CC2CADD52E6A}]
@="IVideoConverterObject"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{237FDF8F-0481-4CCE-A347-39174B1BF322}]
@="IVideoConverter5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{287FB7D2-53B1-4D67-AC19-3FF295086122}]
@="IVideoConverter2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A4711-5DAC-43C5-97C5-3D2C0BF22C22}]
@="IVideoConverter4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{722C073A-EABF-4EB0-965E-4A20CAEDE322}]
@="IVideoConverter6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C193BCA2-99E0-41D6-A26B-EDBF934C8222}]
@="IVideoConverter3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D81498F6-068D-486F-9937-66CC7EE29B22}]
@="IVideoConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\VideoConverterCOM.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3C74BDAB-EE97-4C90-8EDA-B5C6F4C15200}]
@="VideoConverterCOM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D884BDC8-F993-473F-9DBC-34556C32A8E7}\1.0]
@="VideoConverterCOM 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D884BDC8-F993-473F-9DBC-34556C32A8E7}\1.0\0\win32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Extensoft\VideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}]
@="VideoConverterObject Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}\InprocServer32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}\ProgID]
@="VideoConverterCOM.VideoConverterObjec.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1C4B4974-FF8C-4E5B-9ABA-80278281234E}\VersionIndependentProgID]
@="VideoConverterCOM.VideoConverterObject"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2D6CAAA3-8123-44ED-B2F3-FA700E1E2110}\InProcServer32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CBB94419-BFCF-48AA-9D03-BD3043CCBB22}]
@="CVideoConverter Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CBB94419-BFCF-48AA-9D03-BD3043CCBB22}\ProgID]
@="VideoFileToIPOD.VideoConverter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CBB94419-BFCF-48AA-9D03-BD3043CCBB22}\VersionIndependentProgID]
@="VideoFileToIPOD.VideoConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3440619-2BCF-4D1D-BCF6-D14BC0962AE5}\InprocServer32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3440619-2BCF-4D1D-BCF6-D14BC0962AE5}\ProgID]
@="VideoConverterCOM.VCConfigHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3440619-2BCF-4D1D-BCF6-D14BC0962AE5}\VersionIndependentProgID]
@="VideoConverterCOM.VCConfigHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0924921B-A43D-4A6C-A8F1-75F297F4AB79}]
@="_IVideoConverterObjectEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{111364F9-E86A-4659-96F4-CC2CADD52E6A}]
@="IVideoConverterObject"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{237FDF8F-0481-4CCE-A347-39174B1BF322}]
@="IVideoConverter5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{287FB7D2-53B1-4D67-AC19-3FF295086122}]
@="IVideoConverter2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{414A4711-5DAC-43C5-97C5-3D2C0BF22C22}]
@="IVideoConverter4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{722C073A-EABF-4EB0-965E-4A20CAEDE322}]
@="IVideoConverter6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C193BCA2-99E0-41D6-A26B-EDBF934C8222}]
@="IVideoConverter3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D81498F6-068D-486F-9937-66CC7EE29B22}]
@="IVideoConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\VideoConverterCOM.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3C74BDAB-EE97-4C90-8EDA-B5C6F4C15200}]
@="VideoConverterCOM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D884BDC8-F993-473F-9DBC-34556C32A8E7}\1.0]
@="VideoConverterCOM 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D884BDC8-F993-473F-9DBC-34556C32A8E7}\1.0\0\win32]
@="C:\Program Files (x86)\Free Video Converter\VideoConverterCOM.dll"
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Extensoft\VideoConverter]

Searching for "WaInterEnhance"
No data found.

Searching for "SearchProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe]

Searching for "webssearches"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com]
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com]

Searching for "avayvaxvaa"
No data found.

Searching for "        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe"="Malwarebytes Anti-Malware                                  "
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]
"ProcessorNameString"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1]
"ProcessorNameString"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2]
"ProcessorNameString"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3]
"ProcessorNameString"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_1]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_2]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_3]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_4]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A270020B30C17&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_#11101800012365&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#352202046612624&0#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#352202046612624&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7302\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_1]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_2]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_3]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_4]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A270020B30C17&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_#11101800012365&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#352202046612624&0#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#352202046612624&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7302\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_1]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_2]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_3]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\AuthenticAMD_-_AMD64_Family_21_Model_1_-_AMD_FX(tm)-4100_Quad-Core_Processor____________\_4]
"FriendlyName"="AMD FX(tm)-4100 Quad-Core Processor            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A270020B30C17&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_#11101800012365&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#352202046612624&0#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#352202046612624&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7302\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe"="Malwarebytes Anti-Malware                                  "
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe"="Malwarebytes Anti-Malware                                  "

-= EOF =-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by karin (administrator) on KITT on 05-04-2015 21:43:08
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin (Available profiles: UpdatusUser & karin & Sophia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [2610672 2011-04-06] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default
FF SearchEngineOrder.1:
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-26]
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 Origin Client Service; C:\Users\Sophia\Downloads\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-15] (Avira Operations GmbH & Co. KG)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                          )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [191984 2011-04-06] (SpyShelter) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 20:36 - 2015-04-05 20:40 - 00097578 _____ () C:\Users\karin\Desktop\SystemLook.txt
2015-04-05 20:35 - 2015-04-05 20:35 - 00165376 _____ () C:\Users\karin\Desktop\SystemLook_x64.exe
2015-04-05 00:59 - 2015-04-05 00:59 - 00000000 ____D () C:\Users\karin\Documents\Outlook-Dateien
2015-04-04 18:39 - 2015-04-04 18:39 - 00001764 _____ () C:\Users\karin\Desktop\JRT.txt
2015-04-04 18:35 - 2015-04-04 18:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KITT-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 18:35 - 2015-04-04 18:35 - 00000000 ____D () C:\RegBackup
2015-04-04 18:34 - 2015-04-04 18:34 - 00022838 _____ () C:\Users\karin\Desktop\MBAM.txt
2015-04-04 18:05 - 2015-04-04 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 18:04 - 2015-04-04 18:04 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 17:59 - 2015-04-04 18:00 - 00011272 _____ () C:\Users\karin\Desktop\AdwCleaner[S1].txt
2015-04-04 17:55 - 2015-04-04 17:55 - 02690981 _____ (Thisisu) C:\Users\karin\Desktop\JRT.exe
2015-04-04 17:54 - 2015-04-04 17:55 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-04 17:53 - 2015-04-04 17:53 - 02208768 _____ () C:\Users\karin\Desktop\AdwCleaner_4.200.exe
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 13:15 - 2015-04-04 13:15 - 00008531 _____ () C:\Users\karin\Desktop\Gmer.txt
2015-04-04 13:00 - 2015-04-05 00:52 - 00025533 _____ () C:\Users\karin\Desktop\Addition.txt
2015-04-04 12:57 - 2015-04-05 21:43 - 00018938 _____ () C:\Users\karin\Desktop\FRST.txt
2015-04-04 12:56 - 2015-04-05 21:43 - 00000000 ____D () C:\FRST
2015-04-04 12:55 - 2015-04-04 12:55 - 00000472 _____ () C:\Users\karin\Desktop\defogger_disable.log
2015-04-04 12:55 - 2015-04-04 12:55 - 00000000 _____ () C:\Users\karin\defogger_reenable
2015-04-04 12:52 - 2015-04-04 12:52 - 02095616 _____ (Farbar) C:\Users\karin\Desktop\FRST64.exe
2015-04-04 12:52 - 2015-04-04 12:52 - 00380416 _____ () C:\Users\karin\Desktop\Gmer-19357.exe
2015-04-04 12:51 - 2015-04-04 12:51 - 00050477 _____ () C:\Users\karin\Desktop\Defogger.exe
2015-03-23 22:43 - 2015-03-23 22:43 - 00001474 _____ () C:\Users\karin\Downloads\URLLink(35).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001484 _____ () C:\Users\karin\Downloads\URLLink(31).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001467 _____ () C:\Users\karin\Downloads\URLLink(33).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001465 _____ () C:\Users\karin\Downloads\URLLink(32).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001455 _____ () C:\Users\karin\Downloads\URLLink(34).acsm
2015-03-22 04:09 - 2015-03-22 04:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 22:57 - 2015-03-20 22:57 - 00002184 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-03-20 22:27 - 2015-03-20 22:27 - 08132576 _____ (Adobe Systems Incorporated) C:\Users\karin\Downloads\ADE_4.0_Installer(1).exe
2015-03-17 22:25 - 2015-03-17 22:25 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-03-15 11:54 - 2015-03-15 11:54 - 00000000 ____D () C:\Users\Sophia\Downloads\female dress
2015-03-15 11:50 - 2015-03-15 11:56 - 00000000 ____D () C:\Users\Sophia\Downloads\romantic hair
2015-03-15 11:49 - 2015-03-15 11:49 - 00000000 ____D () C:\Users\Sophia\Downloads\käppi
2015-03-15 11:41 - 2015-03-15 11:41 - 00000000 ____D () C:\Users\Sophia\Downloads\woodpanels
2015-03-15 11:40 - 2015-03-15 11:40 - 00000000 ____D () C:\Users\Sophia\Downloads\Lidschatten
2015-03-15 11:39 - 2015-03-15 11:39 - 00000000 ____D () C:\Users\Sophia\Downloads\hochzeitskleid
2015-03-15 11:35 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\Weißes Kleid lang
2015-03-15 11:34 - 2015-03-15 11:34 - 00000000 ____D () C:\Users\Sophia\Downloads\Rokkoko
2015-03-15 11:31 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\victoria secret
2015-03-14 19:47 - 2015-03-14 19:47 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Need for Speed World
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\Users\karin\AppData\Local\Electronic_Arts_Inc
2015-03-10 21:59 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:59 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:59 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:59 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 21:59 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:59 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:59 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:59 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:59 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:59 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:59 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 21:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:59 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:59 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:59 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:59 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:59 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:59 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:59 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:59 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:59 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:59 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:59 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:59 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:59 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:59 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:59 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:59 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:59 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:59 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 21:59 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:59 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 21:59 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:59 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 21:59 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:59 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 21:59 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:59 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 21:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:54 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:54 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:06 - 2015-03-10 17:06 - 00000000 ____D () C:\Windows\SysWOW64\㐶

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 21:37 - 2012-03-31 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 21:25 - 2013-02-02 00:11 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C603C78-CC00-42DC-A30C-85E5A1B6871D}
2015-04-05 20:40 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 20:40 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 20:37 - 2010-11-21 08:50 - 00700396 _____ () C:\Windows\system32\perfh007.dat
2015-04-05 20:37 - 2010-11-21 08:50 - 00149192 _____ () C:\Windows\system32\perfc007.dat
2015-04-05 20:37 - 2009-07-14 07:13 - 01622172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 20:36 - 2011-05-07 01:46 - 02066320 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 20:33 - 2013-12-18 20:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-05 20:33 - 2012-01-16 20:49 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-04-05 20:33 - 2011-06-25 22:53 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-05 20:32 - 2011-12-28 15:36 - 00000008 __RSH () C:\Users\karin\ntuser.pol
2015-04-05 20:32 - 2011-12-26 18:01 - 00000000 ____D () C:\Users\karin
2015-04-05 20:32 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-05 20:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 20:32 - 2009-07-14 06:51 - 00202360 _____ () C:\Windows\setupact.log
2015-04-05 20:23 - 2011-12-28 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-05 20:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-05 07:49 - 2010-11-21 05:47 - 00213198 _____ () C:\Windows\PFRO.log
2015-04-05 01:25 - 2012-05-17 15:17 - 292062208 _____ () C:\Users\karin\Documents\Mails bis 2011.pst
2015-04-05 00:50 - 2013-12-25 14:05 - 00000000 ____D () C:\AdwCleaner
2015-04-05 00:47 - 2013-04-25 20:13 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for karin.job
2015-04-04 18:00 - 2013-12-18 21:11 - 00001091 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001061 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 18:00 - 2011-12-26 18:01 - 00001003 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 12:45 - 2012-10-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 23:05 - 2015-02-25 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-19 01:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 00:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 00:17 - 2014-05-18 14:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 23:32 - 2011-12-26 19:08 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-18 23:30 - 2011-12-28 15:40 - 00000000 ____D () C:\Users\Sophia
2015-03-17 22:27 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 22:26 - 2012-03-31 13:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 12:05 - 2012-12-25 20:48 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 18:32 - 2012-08-06 16:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-14 12:07 - 2012-12-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-14 12:01 - 2012-05-07 09:07 - 00320620 _____ () C:\Windows\DirectX.log
2015-03-11 17:03 - 2012-10-16 16:13 - 00000000 ____D () C:\Users\Sophia\Documents\Sonstiges
2015-03-11 16:53 - 2009-07-14 06:45 - 00344024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:57 - 2013-04-30 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:52 - 2013-07-16 12:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:46 - 2011-12-31 16:55 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 00:45 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini
2015-03-10 17:06 - 2013-05-17 12:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-02-11 09:35 - 2015-02-11 09:35 - 0184242 _____ () C:\Program Files (x86)\lizenzvertrag.pdf
2011-12-26 21:50 - 2011-12-26 22:46 - 0001749 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\karin\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:10

==================== End Of Log ============================
--- --- ---

midimuc 05.04.2015 20:50
und noch das addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by karin at 2015-04-05 21:43:53
Running from C:\Users\karin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.)
Die Sims™ Inselgeschichten (HKLM-x32\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Die Sims™ Lebensgeschichten (HKLM-x32\...\{DA932D71-E52A-43D5-009E-395A1AEC1474}) (Version:  - )
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Gold Rush - Treasure Hunt Deluxe (HKLM-x32\...\a43b5713e1c9daf9a348736c21961ee3) (Version:  - Zylom)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.32035 (CD 3.3) - Hauppauge Computer Works)
Hercules Link (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 4.0.2.1 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
LG USB Modem Drivers (HKLM-x32\...\{3E8DE1A6-B365-4FF6-B917-2892A34990E8}) (Version: 4.9.7 - LG Electronics)
Lollipop (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\lollipop_12240918) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
M&Ms - Die Geheimformeln (HKLM-x32\...\M&Ms The Lost Formulas) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein eigenes Tierheim SE (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Mein eigenes Tierheim SE) (Version: V1.000000 - )
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.10 - Symantec Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{ebf0bc89-b0e6-426a-b248-e886b1894999}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpyShelter Premium 5.14 (HKLM\...\SpyShelter_is1) (Version: 5.14 - )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TouchCopy 12 (HKLM-x32\...\{22E2998A-081D-4FAA-9DFA-D5CA52F5C4EB}) (Version: 12.40 - Wide Angle Software)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wendy (HKLM-x32\...\{202BACA0-AA91-11D4-A5EE-004095501894}) (Version:  - )
Wendy 2 (HKLM-x32\...\{DFFCBCCE-3A43-11D5-AF42-000102B4CD2E}) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 12:56:03 Windows-Sicherung
04-04-2015 13:41:40 Windows Update
05-04-2015 20:19:20 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A430C9-E3BB-4383-BAEC-EC5F749B69F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {25CC741E-CE7A-4708-BEF3-34044EFD86B4} - System32\Tasks\Norton Security Scan for karin => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation)
Task: {6144813C-9A9F-4353-ADBD-0D7EFB90F31C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {81FAF565-8359-4678-9E7A-638E7DE2CEC6} - System32\Tasks\{30B32277-D4CB-4E4A-B780-13BEAF0062E7} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {94B45807-FDD6-42E2-875E-B9A5A2F2A48C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9AB8391C-A843-40ED-A035-3326823BF5DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {A420D813-CB30-4B9E-AB0A-8B43ED261F7D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BF619E14-AABE-47A2-93EF-2194D526FC7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC7194DB-AF6A-47B8-94BC-2946B38E25FC} - System32\Tasks\{E2F2D9B5-29D4-42DC-A408-DAFF68786AAF} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {F1662AEE-2FB8-466E-8970-DBBB0CF9C57C} - System32\Tasks\{EA3CD6AA-5512-4118-AF25-B39F3FD495FE} => pcalua.exe -a D:\MANUAL\WinTV6Man_deu.EXE -d D:\MANUAL
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Norton Security Scan for karin.job => C:\PROGRA~2\NORTON~2\Engine\372~1.10\Nss.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0B7D62C0-4D4C-47C6-8340-49CCD4930FA6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-07 02:07 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 02:07 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-05-07 02:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00076192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00383904 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00103328 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 64641440 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-26 18:15 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
karin (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\karin
Sophia (S-1-5-21-2260964575-2753946872-1401531445-1004 - Limited - Enabled) => C:\Users\Sophia
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/05/2015 08:33:56 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{093520CF-181B-47E8-BF47-1F0F534C0266}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/05/2015 08:32:27 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (04/05/2015 08:23:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ForceWare IP service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/05/2015 08:23:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ForceWare Intelligent Application Manager (IAM)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613722

Error: (04/05/2015 00:47:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 7918.12 MB
Available physical RAM: 6162.23 MB
Total Pagefile: 15834.42 MB
Available Pagefile: 13744.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:737.89 GB) NTFS
Drive d: () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive e: () (Fixed) (Total:64 GB) (Free:3.08 GB) NTFS
Drive f: (PROGRAMME) (Fixed) (Total:59.54 GB) (Free:23.41 GB) FAT32
Drive g: () (Fixed) (Total:25.47 GB) (Free:25.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11BB29FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1E0A1E09)
Partition 1: (Active) - (Size=8 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================

M-K-D-B 06.04.2015 08:52
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
C:\Windows\system32\Drivers\SPPD.sys
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:905844AA
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPlayer
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\79C901292662353439686B34905F599C
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ebf0bc89-b0e6-426a-b248-e886b1894999}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9}
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Applications\lollipop_12240918.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

midimuc 06.04.2015 18:16
Hallo M-K-D-B,
hier die Ergebnisse:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by karin at 2015-04-06 12:02:29 Run:3
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin (Available profiles: UpdatusUser & karin & Sophia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Windows\system32\Drivers\SPPD.sys
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:905844AA
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPlayer
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\79C901292662353439686B34905F599C
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ebf0bc89-b0e6-426a-b248-e886b1894999}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9}
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Applications\lollipop_12240918.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
EmptyTemp:
end
       
*****************

Processes closed successfully.
"C:\Windows\system32\Drivers\SPPD.sys" => File/Directory not found.
"C:\ProgramData\TEMP" => ":373E1720" ADS not found.
C:\ProgramData\TEMP => ":905844AA" ADS removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPlayer => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\79C901292662353439686B34905F599C => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ebf0bc89-b0e6-426a-b248-e886b1894999} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9} => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_12240918 => Key not found.
HKEY_CURRENT_USER\Software\Classes\Applications\lollipop_12240918.exe => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com => Key not found.
EmptyTemp: => Removed 17.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:02:34 ====
Code:

       
Code:

       
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : KITT
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : KITT\karin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-06 12:09:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 6
   Traces  . . . . . . . : 129

   Objects scanned . . . : 2.404.587
   Files scanned . . . . : 107.495
   Remnants scanned  . . : 644.941 files / 1.652.151 keys

Suspicious files ____________________________________________________________

   C:\Users\karin\Desktop\FRST64.exe
      Size . . . . . . . : 2.095.616 bytes
      Age  . . . . . . . : 2.0 days (2015-04-04 12:52:01)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\karin\Desktop\FRST64.exe


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32Ldr\ (SearchProtect) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe\ (SearchProtect) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe\ (SearchProtect) -> Deleted
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPPD\ (SearchProtect) -> Deleted
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPPD\ (SearchProtect) -> Deleted
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPPD\ (SearchProtect) -> PendingDelete

Potential Unwanted Programs _________________________________________________

   C:\Users\karin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk (Tuvaro) -> Deleted
   extensions.dealply.channel
   C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\prefs.js

   extensions.dealply.installId
   C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\prefs.js

   extensions.dealply.installIdSource
   C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\prefs.js

   extensions.dealply.partner
   C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\prefs.js

   extensions.dealply.sampleGroup
   C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\prefs.js

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Search\Default_Search_URL (Snap.do) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Snap.do) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Wajam\ (Wajam) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\Software\Microsoft\Internet Explorer\Search\Default_Search_URL (Snap.do) -> Deleted
   HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Snap.do) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\cookies.sqlite:doubleclick.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:247realmedia.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:2o7.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.360yield.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.adc-serv.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.adnet.de
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.doubleclick.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.expressmpu.biz
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.movad.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.thoughtsondance.info
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.yieldpartners.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ad.zanox.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.ad-center.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.ad4game.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.adk2.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.adsrvmedia.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.bundesanzeiger-verlag.de
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.escinteractive.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.eurogrand.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.leadaffiliates.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.lfstmedia.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.mediade.sk
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.newtention.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.p161.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.shoplove.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.smartstream.tv
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.trafficjunky.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.undertone.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:adserver.revolvd.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:adtech.de
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:adtechus.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:advertising.aubi-plus.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:advertising.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:at.atwola.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:atdmt.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:burstnet.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:casalemedia.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:collective-media.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:de.sitestat.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:doubleclick.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:eas.apm.emediate.eu
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:eas4.emediate.eu
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:einfachporno.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:engine.pgmediaserve.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:engine.phn.doublepimp.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ero-advertising.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:exoclick.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:fastclick.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:freeporn.to
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ganzvielporno.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:googleadservices.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:img-cdn.mediaplex.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:img.mediaplex.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:lesbianpornvideos.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:livejasmin.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:madchensex.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:mataporno.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:media6degrees.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:mediaplex.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:pornoreich.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:revsci.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:ru4.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:server.cpmstar.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:serving-sys.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:sexfrog.tv
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:sexgangsters.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:sexiba.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:sexkiste.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:sexyfreecams.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:smartadserver.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:specificclick.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:statcounter.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:stats.paypal.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:testdata.coremetrics.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:track.adform.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:tradedoubler.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:tribalfusion.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:vagosex-pornos.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:warnerbros.112.2o7.net
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:weborama.fr
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.burstnet.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.etracker.de
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.gutesex.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.lesbianpornvideos.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.madchensex.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.sexgangsters.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.sexkiste.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:www.youporn.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:xiti.com
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:yadro.ru
   C:\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\cookies.sqlite:youporn.com

Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5515d924ca93be459fa6774aa28f0507
# engine=23253
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-06 02:48:16
# local_time=2015-04-06 04:48:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 54779463 179961546 0 0
# scanned=441468
# found=311
# cleaned=0
# scan_time=8767
sh=04AE36DA44C505B0156D8F6755981520C680CD87 ft=1 fh=85e5e9829832eaf2 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2260964575-2753946872-1401531445-1004\$R1OKU2Y.exe"
sh=A3A3ACEFA778B0CEFDEA9506CBE34BBBCDF7135C ft=1 fh=b8d172fc147c0b07 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2260964575-2753946872-1401531445-1004\$RBLFBR6.exe"
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=1A44373C7D9083D4E83D4C7E63E84EC1B7DF4DDD ft=1 fh=7b1f17aaf5ac4c39 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltaApp.dll.vir"
sh=1039767B6CA8B147053BD89B771B6A1A98B4D15C ft=1 fh=a640223e2df9bd9b vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltaEng.dll.vir"
sh=2716D2D21C1DB1BA71010D57CF048657ACA2A98F ft=1 fh=7c8ed813e1e6936b vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltasrv.exe.vir"
sh=FB8A6ECDF69B10D3BC91BEDF318EF2FB9157FEF5 ft=1 fh=91bb9b20d40695a2 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll.vir"
sh=6FA24D6B224C7ABA9882E29822A9671FA732895B ft=1 fh=58b846ad6f97dcfd vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\uninstall.exe.vir"
sh=1098A866901B7BF47609156BDED0356E468E7DFB ft=1 fh=df33ed2a9d79ec7b vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll.vir"
sh=34622C0C9B0F72AB2F67AE3BD7CF94EF76B2B54D ft=1 fh=422f90d5b5335443 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll.vir"
sh=80C8F13A1918FAEEAB9673C1CCF96E52325EE695 ft=1 fh=0aefb751d92be997 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll.vir"
sh=4400797578E17E511E6164469770A80E828DDA3A ft=1 fh=56dbbea16253a143 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe.vir"
sh=610CDC3A03DA21A83EB90193BACF1347AAA39A0F ft=1 fh=6544723ffe1f3f66 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll.vir"
sh=AFD5B25F86CFD3045CCFF940A249A1DA89DEDE5D ft=1 fh=c55a3c08e5709f9a vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe.vir"
sh=66AE7973E507FF0471DECFFF3BF7FFD40EA4D00D ft=1 fh=1b697967a44eb4e0 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll.vir"
sh=774A5FE9B0CCB453431BA154CDC8D0672F25FE8E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\38532.crx.vir"
sh=DBD6FBE08CE9C6D9174CD59F4480FC22635A140E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\38532.xpi.vir"
sh=BEC687A4FF8A76808156FE6CDC7533A5D3814E4F ft=1 fh=22f7bc9a54f0b8ae vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-bg.exe.vir"
sh=3B1BAE218B69118B9FB91A26CF1B4985EAD02A14 ft=1 fh=280405b14fb8c5d7 vn="Win32/Toolbar.CrossRider.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-bho.dll.vir"
sh=981E3BED34EE33F1E9E7680B84188AE7E9F5D985 ft=1 fh=8c61e48ddda3e654 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-bho64.dll.vir"
sh=E0439C5A6DADBBC7C4F2F3B1449640D11DB4FD2F ft=1 fh=bbde8c02e6040589 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil.dll.vir"
sh=60B747328126ED0A52A18C71AAA62D903945141B ft=1 fh=099352a3ebc0f81c vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil.exe.vir"
sh=801227B2287B0B4B814C8E6B894D538CF9245AC0 ft=1 fh=ccb4c4d1a5e788c8 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil64.dll.vir"
sh=07005CC07DD28894BEBD668AC05B1811FF6AB1BE ft=1 fh=2fdfa3c388578c6f vn="Variante von Win64/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil64.exe.vir"
sh=A388C7B4532ACE0CA0F7B350A4F2D7A48B1D7EE6 ft=1 fh=f97b94f10569cc9f vn="Variante von Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe.vir"
sh=D67637A1E12B0C2DFEAF8AAB72566642D4997661 ft=1 fh=a5c09ac618c2e927 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe.vir"
sh=09007316B893C9C9DC2367A00ADD49C33024280A ft=1 fh=3e8fb5c196a9fe63 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe.vir"
sh=20EA56010CE5759BE1B727B93002FE2C2BAB7AD8 ft=1 fh=531bb2ae4ba36dc5 vn="Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe.vir"
sh=340A841E9A7A411F56262A9C762E508F1CAFAD17 ft=1 fh=021aa3714b4d25b1 vn="Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-helper.exe.vir"
sh=58B8C618AA84D6D06FFF0A508059F5E46A0F8570 ft=1 fh=a6296e4f6738729e vn="Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe.vir"
sh=10BB7701EC857C7DCBC1F2190E789CAD6C09C745 ft=1 fh=63146a86a64b4bbf vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Uninstall.exe.vir"
sh=8EC6137D1A7E340081F505A04D8ADF471FE0AD20 ft=1 fh=2dc92d65a22afcdc vn="Win32/Toolbar.CrossRider.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\utils.exe.vir"
sh=F93836EB3EA8B104AB8400F1D3848ED5FD7BD03F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\41868.crx.vir"
sh=5A622FF09BF18D9735FA538CBF84F92592F5B107 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\41868.xpi.vir"
sh=A9444254663E8C3685AF75257403C8376123F8EF ft=1 fh=97d439143ab78456 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-bg.exe.vir"
sh=658494825C6D0E4B144A4E48DA7D68A4806F9211 ft=1 fh=c71c00113eef2777 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-bho.dll.vir"
sh=272B773C094F6B98E1D60DDF390C7F66ADCDAC64 ft=1 fh=3966826d47bc5a39 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-bho64.dll.vir"
sh=BD88481E457C4CD22FAB10F95CDB023FCE87F38F ft=1 fh=c71c00113f60402f vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-buttonutil.dll.vir"
sh=F236E196F4F43CBED4527431B9A2C25B8BF72452 ft=1 fh=aed1d9e9c5ecb309 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-buttonutil.exe.vir"
sh=23136481480C67D543E679B704923194090F6D94 ft=1 fh=f3fd0242b69965f6 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-buttonutil64.dll.vir"
sh=CEB94C09A043D1ECD509589601FF41800CC916A4 ft=1 fh=aed1d9e9cd6bcbc4 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-buttonutil64.exe.vir"
sh=8C5A158C464240FAC518BF38BEA82ACFFAD21429 ft=1 fh=c170f1f706a6b0cd vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-chromeinstaller.exe.vir"
sh=50A9049BA9128BBE261D062FC480FFA7A813A2F6 ft=1 fh=f9b7aabd90318296 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-codedownloader.exe.vir"
sh=A08A85BC15744EC016A46047A37C8F2A2164CAEB ft=1 fh=c408c3397584feae vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-enabler.exe.vir"
sh=1954A89CB78F1F181105F0A1D1250387279C7E11 ft=1 fh=339ac047a13dbe46 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-firefoxinstaller.exe.vir"
sh=50C2603A6BAB9D01208CF9D2AE63DE44EF7576C0 ft=1 fh=e982e12c695e76ed vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-helper.exe.vir"
sh=86841249CC2BDA8184373F7547CBE54E350FBCC2 ft=1 fh=2ce71fd0fd8064b1 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-updater.exe.vir"
sh=A63FD7B090A7018722DE42C5CF6E363F0109F29B ft=1 fh=df979d1672471d9f vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsBuddy-1\utils.exe.vir"
sh=BCDB1B43447D5F46ECAC18D5A6FFE04DBF4ACED6 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker\126.crx.vir"
sh=28EBB178FF15ADA2BCEBC3084B3A43D4BC681D42 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker\126.xpi.vir"
sh=9B28F35A352DE4C5512BC252EBC813DBEB26BC61 ft=1 fh=d37c366403454630 vn="MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=52B38E1A55F28BD0B4BDDAE7B0876BEDEB523D20 ft=1 fh=a4d2a5adfb2731cb vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\Uninstall_PCSpeedUp.exe.vir"
sh=79C6228FCE9A7450A64E19C2CE258B4B4146D6CB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\32154.crx.vir"
sh=503C031AA875E916AC42F79E8A60A5F0080D722A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\32154.xpi.vir"
sh=D5358A63A463B1A07AE083806B1D052E2B9BC95F ft=1 fh=8792a147876d71a0 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-bho.dll.vir"
sh=AADD1C7517C3875D8564456ED89BAA0A0A691F6E ft=1 fh=161e317f5c2d7662 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-bho64.dll.vir"
sh=D803152B284C942D92492473BC2255BC577123AA ft=1 fh=6ee674c35de3c9e6 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-buttonutil.dll.vir"
sh=DA0EFEC8AC09C048606D3C804EEB0E954B389205 ft=1 fh=75e6412d710efa52 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-buttonutil.exe.vir"
sh=4092C7B782CB697822A40AE61EFFB185E02A15A8 ft=1 fh=82fcd880464c44e3 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-buttonutil64.dll.vir"
sh=02FF413E589A1288B93DE4DDD8E5F6D4988C15A8 ft=1 fh=6c4e669fc9c2f39e vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-buttonutil64.exe.vir"
sh=42E80B4B05BEA09B7B1B73145D9191DE90202093 ft=1 fh=79583fa2810d9c33 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-chromeinstaller.exe.vir"
sh=4BB66A1ED9B1B92AE91179847BB832B9ED939DB5 ft=1 fh=20bca986097ca44f vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-codedownloader.exe.vir"
sh=D0EBA6B46F01624B7C6CF542A97D311538EAAADF ft=1 fh=fbdd1922137c1127 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-enabler.exe.vir"
sh=92FD6D3CF8BD31CC3936AFD641C63639CC0AA33F ft=1 fh=40a74137259a8770 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-firefoxinstaller.exe.vir"
sh=CAB717E7AE65CF139C862A93B9E589666E87B532 ft=1 fh=e865babef2504594 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\Plus-HD-1.7-helper.exe.vir"
sh=9CC2623A397DE019C571937D81AA8E8CA2A17EA6 ft=1 fh=6b92639de0909991 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.7\utils.exe.vir"
sh=179A38CB5FCC203BB630E31D2C87E2E73FAD83DC ft=1 fh=3fe2c91236d4ce82 vn="Variante von MSIL/Vittalia.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater (2).exe.vir"
sh=DB6DEA29D29C692538AB3585B11C07D7405D8598 ft=1 fh=4eb08afd2476d2b2 vn="MSIL/Vittalia.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir"
sh=6D337B7209C2E4837F4075D44D5928D0F4BC54E6 ft=1 fh=c71c0011cc6930ff vn="Win32/Vittalia.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen (2).dll.vir"
sh=6D337B7209C2E4837F4075D44D5928D0F4BC54E6 ft=1 fh=c71c0011cc6930ff vn="Win32/Vittalia.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen.dll.vir"
sh=4D904021D1559BFC9470F79D90EBBC0576D76B32 ft=1 fh=ffbaddd60bb8c4c7 vn="Win32/Vittalia.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\uninstall.exe.vir"
sh=AB596CD590257A8192E2BBCFA281922D673D0A5A ft=1 fh=485b979e272e1ea7 vn="Variante von MSIL/Vittalia.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService (2).exe.vir"
sh=D45C6C4DA01BDC3927E6446B13C3545CDC7580EB ft=1 fh=67f9311d165235d3 vn="Variante von MSIL/Vittalia.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe.vir"
sh=50420193C44EA1F9E69FFD740275916C9F057B2F ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\mfkamignjaneflbgdjegpidckhjdiibj.crx.vir"
sh=3822DEEE9D3D5126E53324527E8CF1D824BC7965 ft=1 fh=acdbc87bd530b6a1 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\StorimboBHO.dll.vir"
sh=7B548703AC8D7C26F721A2CFD23388AFE9046B16 ft=1 fh=bf4a0f3bc0e88ce5 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\StorimboUninstall.exe.vir"
sh=FE1D3846650D168E6C33A41B903BC9F9BD0AB224 ft=1 fh=cc6c43464fc78ad6 vn="Variante von Win32/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\updateStorimbo.exe.vir"
sh=FE1D3846650D168E6C33A41B903BC9F9BD0AB224 ft=1 fh=cc6c43464fc78ad6 vn="Variante von Win32/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\bin\utilStorimbo.exe.vir"
sh=7C689593FAD08C0921319CEE48D0EA64E2C71D83 ft=1 fh=b8935309d6ad24f8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\bin\plugins\Storimbo.FFUpdate.dll.vir"
sh=B8095C5C3DF5D15E7848C40C9DDA946598E93B7D ft=1 fh=21c33acec258ed6a vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\bin\plugins\Storimbo.GCUpdate.dll.vir"
sh=77573F3D2207D480079E67BB177CA072B17FA810 ft=1 fh=285b0511b47eade0 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Storimbo\bin\plugins\Storimbo.IEUpdate.dll.vir"
sh=CB2D31909EF1595B7CF4BCB394378C2DF587005A ft=1 fh=8bf5548297afdfaa vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WaInterEnhance\uninstall.exe.vir"
sh=9BAA717577DEE29F4E8F69F313810F5BE6D3B83D ft=1 fh=a40299ee8acfa7a2 vn="Variante von MSIL/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe.vir"
sh=C6179C86227B7210848629C84C5A9A7DAEC84E4F ft=1 fh=c71c001150b0878a vn="Variante von Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=0C9A08B5ADD21D4140312B82FB77DA525540781F ft=1 fh=c85f1c8d2521187b vn="Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=CE87EDC0C5583B0B982AD7C423695AB0A58EFD85 ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\background.html.vir"
sh=91CB9169E0737E8327B3B35A4D5508B37EE10A62 ft=1 fh=c727d0485e856df0 vn="Variante von Win32/Skintrim.LU Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\lollipop\lollipop_12240918.exe.vir"
sh=1493DA207C28A525CCD5AB665733C177C88DDCB0 ft=1 fh=f97699e24228a886 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=67E89970CD52774E5991538C33361C05C1BBE2BF ft=1 fh=20c0457aab187439 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=17E233B631700710C15AD57713E60CBEE8803DE8 ft=1 fh=7c8f1593bfdf04df vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=451E309EAE8AEC7F850172E62FF90EB582967B1B ft=1 fh=1c0c4c1f06250d12 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=A3E9EA74038218829140D492B8F10023AE873DA2 ft=1 fh=2941d7c20cde698d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=0EAA4B3D3D8F4A4CFCA8883D6E9B2484BEDFDBD2 ft=1 fh=23618466d4794d2b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=B356041758A4C2880C7FDE2F47ECA295D33E40ED ft=1 fh=d0c39fa5e21f9ae6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=B356041758A4C2880C7FDE2F47ECA295D33E40ED ft=1 fh=d0c39fa5e21f9ae6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=6D1DCB77DDC4E921DFBC32AD391F509EBEA5DDCE ft=1 fh=fa8504656eefa91e vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=6D1DCB77DDC4E921DFBC32AD391F509EBEA5DDCE ft=1 fh=fa8504656eefa91e vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=404C9F0A2840BE848050FB479D0024A1B5143831 ft=1 fh=f9f266f9de3c3fec vn="MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=8380DAF81C94AE222990E0CA469222ADCF186A3A ft=1 fh=bbefab25a404c65d vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\SnapDo.exe.vir"
sh=80FE47C943A8EE31A40E13E2A2A69A042C289513 ft=1 fh=798866b98b8a4527 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=2E7DB0B6EE2DBF551986DA8DB194CDDFBF2844BF ft=1 fh=2c45aa2033d1b143 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=F5788FCB99941D13F27D719ECAEEAB9EE9553D95 ft=1 fh=8069ae44858ae0b8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=6950E5640411DD4BACFA35A1ACC1D76728B00E87 ft=1 fh=b92a1e6e82ab867d vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=713C5B42CB2F6E4780F3AAB728B0089CEB8EA2E5 ft=1 fh=82b749b9bf13fb03 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\srprl.dll.vir"
sh=4664FFEF467D9DED0489244C0F553E07FE4E348B ft=1 fh=39f8a3e1c6f16616 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=5F81FF2493F5CC60FD5011674A1D34AF78C4A385 ft=1 fh=de3fceea826af835 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=167DA54A58C8ACD7EA401CEB06124E5DF3076F89 ft=1 fh=0b83cb408c3eeb51 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=4BCD4FCF6D7ADA8832B04CE67E851A790495E0F1 ft=1 fh=42d41b84838bf69f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=D58DEC216DFF7E4AF3644BA00DD35F277F438966 ft=1 fh=e93e103ffbbdb45c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=BE5CBB5A2440315E06EB7EB87E6F7EAB83BAF41E ft=1 fh=49957a13ea4c044d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=3EAF328724D6745936FB9F60F32DA66C6DA6A5CD ft=1 fh=be5cde2dd7c6d0be vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=EE05B70CFB365796A6DBDBB21AD4C6D5BD413441 ft=1 fh=c337274bd39781af vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=910F7FD69AC7EDC1C678325F6D6B7D05CA5C0115 ft=1 fh=9d866fb08f861004 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=E87358831C4609DDD96F75312D09A5F989F7DCD6 ft=1 fh=9be0a33f0d29d3d8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=26A54A6884AB290CA514D44CD48B0215324A9EB8 ft=1 fh=c6c765d8772a58b7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=6E02BB1CA3334815AAF6CFBAC3467C21403FCAEF ft=1 fh=bc3e33c41f0bc63a vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=C0F127D4F8A7A68E622A35401B8107A8F29D3BBF ft=1 fh=c71c0011b1f3dbd1 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Roaming\BabSolution\Shared\NTRedirect.dll.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\karin\AppData\Roaming\OpenCandy\4F7897B114DE41D0ABA2F495086AD428\sp-downloader.exe.vir"
sh=EDCE79800DF07E9F4613C058DE572DEC9A64A2EA ft=1 fh=275018b11834a7d4 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\avayvaxvaa\avayvaxvaa.exe.vir"
sh=9CD3CA5C0E3ED36995F0637ABE14CD260904BFFD ft=1 fh=40787ef770acdf2d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\avayvaxvaa\pbqrmvbub.vir"
sh=F1AD8D1A515416F4A9CD288CF89309253B7E6F22 ft=1 fh=cd8d8ac6fdd37d8e vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\agembgempdmebanhogdjbpcmppdmklbe\10.15.2.23_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\102_dealply_m.js.vir"
sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\120_luck_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\191_ciuvo_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=5F25813D57A67DE3D622192979961AA8AFE7D723 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.26.74_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=72E78E27CE1534CDC8B7B8965F671247B2267BED ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Extensions\feignjcdbggijogkdpeljgllgehempia\1.24.10_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\102_dealply_m.js.vir"
sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\120_luck_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=075CCE375A95F47C55CE0FF0FFACA5A5156008FF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=5F25813D57A67DE3D622192979961AA8AFE7D723 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\101_cortica_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\108_icm_m.js.vir"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\129_widdit_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=631D51C0D12FBED68BBF95F6E6505F2CE3692BAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\92_superfish_m.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\102_dealply_m.js.vir"
sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\105_corticas_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\120_luck_m.js.vir"
sh=6376FE6DF3E7E394FAE45C47A1FDE1CF41CAFBFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=97C406784CD0DEA751BE4E02EB82633F1F88CA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=8D569DDCE3A3E2CB97D920A1744F1AE16C2CE3B3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\189_active_sanity.js.vir"
sh=6B3C17F9D4BD40BFCF87831196C40DBA3C4DB14C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=CE36251B85631AF0D145BF086D14272593AB253A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=71B07387F9271CF80E8CC3C65ACB4873025E47BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=0A113BDC19C5B96609992E6C9D972B814B918109 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\197_kreapixel_pops_m.js.vir"
sh=9A67AB016B12405F2FF8E65A64A035E46421F243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js.vir"
sh=6DF0914CB2A51AA8E7F1BDDEC414B8969C38A6F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js.vir"
sh=61DB672F16D1D9053F6B8D591E51C53BA3165770 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\200_foxydeal_m.js.vir"
sh=392B3EB529AF22E57C2AC4076E7702176010694C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\204_pricedetect_m.js.vir"
sh=CEFE3720E5F8912F0E75E7966BA64F23C0DAA130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophia\AppData\Roaming\Mozilla\Firefox\Profiles\tom1khdk.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=3CDB0690A360AE9C725D642E890D16005AD72D30 ft=1 fh=db21275f6a7eaec5 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoPlayer\VAFChecker.exe"
sh=4D6CE326786726EB02E34ACE6E69C19F810DC0B6 ft=1 fh=98cf790a2d31e50f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\karin\Downloads\EU-Ueberweisung - CHIP-Installer.exe"
sh=5AEF1E5E23D6E45CCD4617A9138E53322FEB95A9 ft=1 fh=f9e96334bca1e78e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\karin\Downloads\Hauppauge-WinTV-Treiber-lnstall.exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\karin\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\karin\Downloads\ReimageRepair (2).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\karin\Downloads\ReimageRepair.exe"
sh=7361EDCDAD5A7E120079217DD03A75168FE398AD ft=1 fh=be963c492617bfd2 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\karin\Downloads\setup.exe"
sh=45FCE453799F5C9325959AC55FFD442A714AD0DC ft=1 fh=9ec8e296cce51c5e vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\karin\Downloads\vlc-2.0.3-win32.exe"
sh=3F513781A6CB8C80184D5A95E64600118300C37C ft=1 fh=fda506df3b28589b vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Sophia\Downloads\barbie_und_die_verzauberten_balletschuhe.exe"
sh=C97B5E49B2EFDB459F564DC56D4ED10D488D5327 ft=1 fh=41fd55604115792a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sophia\Downloads\setup(1).exe"
sh=C97B5E49B2EFDB459F564DC56D4ED10D488D5327 ft=1 fh=41fd55604115792a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sophia\Downloads\setup.exe"
sh=62CABBD725FE73410A0C21374FEA8F5580D0AAD5 ft=1 fh=da5f91123f5db6fe vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\All Users\Desktop\Downloads\GoldRushTreasureHuntDE-dm[1].exe"
sh=A00ED19D5D1BDF7DE2AED403623696AADBD6C8E3 ft=1 fh=1b1927b878ab41fc vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\All Users\Desktop\Downloads\YahtzeeDESetup-dm[1].exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\mama\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2613550\ZoneAlarm-SicherheitAutoUpdateHelper.exe"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\mama\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZone.dll"
sh=3803074FE242DCDB843A75F6A057AC1650AA5623 ft=1 fh=b98be267fa595ad1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\mama\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZone.dll"
sh=DDCBA2A5B180BCE98CDAB9E06234DD44DABC1FDD ft=1 fh=8c9bbaeb601930e1 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\mama\Lokale Einstellungen\Temp\081511220818\ZAFFSetup.exe"
sh=FBC0982D267B06E29ED1745722328B8AAF1C064B ft=1 fh=26f5d9a5f420a494 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\mama\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OMCJJ7Q3\SoftonicDownloader24680[1].exe"
sh=CEF15C32411F0B5FBFB676DF08CDEED478AE5AE2 ft=1 fh=6d423fabafbec39a vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\CheckPoint\ZAForceField\TBI.exe"
sh=1670BA69124E9B584AE4D068E6770DF33A97ED0A ft=1 fh=445bf9fd42033e60 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Conduit\Community Alerts\Alert.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Conduit\Community Alerts\Alert0.dll"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ZoneAlarm-Sicherheit\ldrtbZone.dll"
sh=3803074FE242DCDB843A75F6A057AC1650AA5623 ft=1 fh=b98be267fa595ad1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ZoneAlarm-Sicherheit\tbZone.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ZoneAlarm-Sicherheit\ZoneAlarm-SicherheitToolbarHelper.exe"
sh=FBC0982D267B06E29ED1745722328B8AAF1C064B ft=1 fh=26f5d9a5f420a494 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\SoftonicDownloader24680.exe"
sh=3F513781A6CB8C80184D5A95E64600118300C37C ft=1 fh=fda506df3b28589b vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\barbie_und_die_verzauberten_balletschuhe.exe"
sh=68E577FD39824B633B32E4604027E1D938B87DAE ft=1 fh=d70b2fe217421b85 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\iLividSetup.exe"
sh=1F1CA24305AE68E667EAA912CFF064399391B559 ft=1 fh=d839f7207ef20aa0 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\iLividSetup-r484-n-bf.exe"
sh=D08BD350E0531B2DDDC4E81A69B001B2D0550003 ft=1 fh=f6585e7df79a84bc vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\iLividSetup-r559-n-bf(1).exe"
sh=D08BD350E0531B2DDDC4E81A69B001B2D0550003 ft=1 fh=f6585e7df79a84bc vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\iLividSetup-r559-n-bf.exe"
sh=CBD3FCCC8DBFF53570655C59975D6D15D38AF5E0 ft=1 fh=9679f4fbe83bae2c vn="Variante von Win32/Vittalia.H evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\installer_minecraft_Deutsch.exe"
sh=EF7BAC4654645E71A78881B1AF68DE3C5FFA2B59 ft=1 fh=5c7642097aba87fd vn="MSIL/DomaIQ.M evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\Player_Setup(1).exe"
sh=AE1F0763C2CD11C8BF6615B1EAF799E05A2AA175 ft=1 fh=59fc6d937aba87fd vn="MSIL/DomaIQ.M evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\Player_Setup.exe"
sh=C97B5E49B2EFDB459F564DC56D4ED10D488D5327 ft=1 fh=41fd55604115792a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\setup(1).exe"
sh=C97B5E49B2EFDB459F564DC56D4ED10D488D5327 ft=1 fh=41fd55604115792a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\mama\knödel\Eigene Dateien\EA Games\Die Sims 2\Collections\setup.exe"
Code:
Results of screen317's Security Check version 0.99.99 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player 16.0.0.305 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (36.0.4)
 Mozilla Thunderbird (31.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Online Games Manager ogmservice.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 07.04.2015 16:37
Servus,




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
C:\Program Files (x86)\VideoPlayer
C:\Users\karin\Downloads\*.exe
C:\Users\Sophia\Downloads\setu*.exe
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.








Schritt 2
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.








Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von FSS,
  • die beiden neuen Logdateien von FRST.

midimuc 08.04.2015 19:57
das hört ja nie auf :-)
 
Hallo M-K-D-B,
hier die neuen logdateien wie gefordert
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by karin at 2015-04-08 20:38:38 Run:4
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin (Available profiles: UpdatusUser & karin & Sophia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\VideoPlayer
C:\Users\karin\Downloads\*.exe
C:\Users\Sophia\Downloads\setu*.exe
EmptyTemp:
end
       
*****************

Processes closed successfully.
C:\Program Files (x86)\VideoPlayer => Moved successfully.
C:\Users\karin\Downloads\*.exe => Moved successfully.
C:\Users\Sophia\Downloads\setu*.exe => Moved successfully.
EmptyTemp: => Removed 972.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:38:44 ====
Code:
Farbar Service Scanner Version: 17-01-2015
Ran by karin (administrator) on 08-04-2015 at 20:42:49
Running from "C:\Users\karin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by karin (administrator) on KITT on 08-04-2015 20:44:02
Running from C:\Users\karin\Desktop
Loaded Profiles: UpdatusUser & karin (Available profiles: UpdatusUser & karin & Sophia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [2610672 2011-04-06] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default
FF SearchEngineOrder.1:
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-20] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\f2rvw7w9.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-26]
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 Origin Client Service; C:\Users\Sophia\Downloads\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-15] (Avira Operations GmbH & Co. KG)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-06] ()
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                          )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [191984 2011-04-06] (SpyShelter) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 20:42 - 2015-04-08 20:42 - 00002979 _____ () C:\Users\karin\Desktop\FSS.txt
2015-04-08 20:41 - 2015-04-08 20:41 - 00415232 _____ (Farbar) C:\Users\karin\Desktop\FSS.exe
2015-04-08 17:43 - 2015-04-08 17:43 - 00001530 _____ () C:\Users\karin\Downloads\URLLink(37).acsm
2015-04-08 17:42 - 2015-04-08 17:42 - 00001519 _____ () C:\Users\karin\Downloads\URLLink(36).acsm
2015-04-06 19:19 - 2015-04-06 20:55 - 00000000 ____D () C:\Users\karin\FLAC
2015-04-06 19:10 - 2015-04-06 19:10 - 00852607 _____ () C:\Users\karin\Desktop\SecurityCheck.exe
2015-04-06 18:35 - 2015-04-06 18:35 - 00001465 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2015-04-06 18:35 - 2015-04-06 18:35 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2015-04-06 18:35 - 2015-04-06 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2015-04-06 18:35 - 2015-04-06 18:35 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2015-04-06 12:28 - 2015-04-06 12:28 - 02347384 _____ (ESET) C:\Users\karin\Desktop\esetsmartinstaller_deu.exe
2015-04-06 12:22 - 2015-04-06 12:22 - 00032922 _____ () C:\Users\karin\Desktop\HitmanPro_20150406_1222.log
2015-04-06 12:21 - 2015-04-06 12:21 - 00005240 _____ () C:\Windows\system32\.crusader
2015-04-06 12:09 - 2015-04-06 12:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-04-06 12:06 - 2015-04-06 12:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 12:05 - 2015-04-06 12:06 - 11028616 _____ (SurfRight B.V.) C:\Users\karin\Desktop\HitmanPro_x64.exe
2015-04-05 20:36 - 2015-04-05 20:40 - 00097578 _____ () C:\Users\karin\Desktop\SystemLook.txt
2015-04-05 20:35 - 2015-04-05 20:35 - 00165376 _____ () C:\Users\karin\Desktop\SystemLook_x64.exe
2015-04-05 00:59 - 2015-04-05 00:59 - 00000000 ____D () C:\Users\karin\Documents\Outlook-Dateien
2015-04-04 18:39 - 2015-04-04 18:39 - 00001764 _____ () C:\Users\karin\Desktop\JRT.txt
2015-04-04 18:35 - 2015-04-04 18:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KITT-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 18:35 - 2015-04-04 18:35 - 00000000 ____D () C:\RegBackup
2015-04-04 18:34 - 2015-04-04 18:34 - 00022838 _____ () C:\Users\karin\Desktop\MBAM.txt
2015-04-04 18:05 - 2015-04-04 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 18:04 - 2015-04-04 18:04 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 18:04 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 18:04 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 17:59 - 2015-04-04 18:00 - 00011272 _____ () C:\Users\karin\Desktop\AdwCleaner[S1].txt
2015-04-04 17:55 - 2015-04-04 17:55 - 02690981 _____ (Thisisu) C:\Users\karin\Desktop\JRT.exe
2015-04-04 17:54 - 2015-04-04 17:55 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\karin\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-04 17:53 - 2015-04-04 17:53 - 02208768 _____ () C:\Users\karin\Desktop\AdwCleaner_4.200.exe
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:42 - 2015-04-04 13:42 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 13:15 - 2015-04-04 13:15 - 00008531 _____ () C:\Users\karin\Desktop\Gmer.txt
2015-04-04 13:00 - 2015-04-05 21:44 - 00027238 _____ () C:\Users\karin\Desktop\Addition.txt
2015-04-04 12:57 - 2015-04-08 20:44 - 00019152 _____ () C:\Users\karin\Desktop\FRST.txt
2015-04-04 12:56 - 2015-04-08 20:44 - 00000000 ____D () C:\FRST
2015-04-04 12:55 - 2015-04-04 12:55 - 00000472 _____ () C:\Users\karin\Desktop\defogger_disable.log
2015-04-04 12:55 - 2015-04-04 12:55 - 00000000 _____ () C:\Users\karin\defogger_reenable
2015-04-04 12:52 - 2015-04-04 12:52 - 02095616 _____ (Farbar) C:\Users\karin\Desktop\FRST64.exe
2015-04-04 12:52 - 2015-04-04 12:52 - 00380416 _____ () C:\Users\karin\Desktop\Gmer-19357.exe
2015-04-04 12:51 - 2015-04-04 12:51 - 00050477 _____ () C:\Users\karin\Desktop\Defogger.exe
2015-03-23 22:43 - 2015-03-23 22:43 - 00001474 _____ () C:\Users\karin\Downloads\URLLink(35).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001484 _____ () C:\Users\karin\Downloads\URLLink(31).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001467 _____ () C:\Users\karin\Downloads\URLLink(33).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001465 _____ () C:\Users\karin\Downloads\URLLink(32).acsm
2015-03-22 22:47 - 2015-03-22 22:47 - 00001455 _____ () C:\Users\karin\Downloads\URLLink(34).acsm
2015-03-22 04:09 - 2015-03-22 04:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 22:57 - 2015-03-20 22:57 - 00002184 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-03-15 11:54 - 2015-03-15 11:54 - 00000000 ____D () C:\Users\Sophia\Downloads\female dress
2015-03-15 11:50 - 2015-03-15 11:56 - 00000000 ____D () C:\Users\Sophia\Downloads\romantic hair
2015-03-15 11:49 - 2015-03-15 11:49 - 00000000 ____D () C:\Users\Sophia\Downloads\käppi
2015-03-15 11:41 - 2015-03-15 11:41 - 00000000 ____D () C:\Users\Sophia\Downloads\woodpanels
2015-03-15 11:40 - 2015-03-15 11:40 - 00000000 ____D () C:\Users\Sophia\Downloads\Lidschatten
2015-03-15 11:39 - 2015-03-15 11:39 - 00000000 ____D () C:\Users\Sophia\Downloads\hochzeitskleid
2015-03-15 11:35 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\Weißes Kleid lang
2015-03-15 11:34 - 2015-03-15 11:34 - 00000000 ____D () C:\Users\Sophia\Downloads\Rokkoko
2015-03-15 11:31 - 2015-03-15 11:57 - 00000000 ____D () C:\Users\Sophia\Downloads\victoria secret
2015-03-14 19:47 - 2015-03-14 19:47 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Need for Speed World
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\Users\karin\AppData\Local\Electronic_Arts_Inc
2015-03-10 21:59 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:59 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:59 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:59 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 21:59 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 21:59 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 21:59 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 21:59 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 21:59 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 21:59 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:59 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:59 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:59 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:59 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:59 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:59 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:59 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 21:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 21:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 21:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 21:59 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:59 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:59 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:59 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:59 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:59 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:59 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:59 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:59 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:59 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:59 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:59 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:59 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:59 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:59 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:59 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:59 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:59 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:59 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:59 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:59 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:59 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:59 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:59 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:59 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:59 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:59 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:59 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:59 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:59 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:59 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 21:59 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:59 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 21:59 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:59 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 21:59 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:59 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 21:59 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 21:59 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 21:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 21:59 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 21:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 21:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 21:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 21:59 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 21:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:59 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:59 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 21:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:54 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:54 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:06 - 2015-03-10 17:06 - 00000000 ____D () C:\Windows\SysWOW64\㐶

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 20:44 - 2011-05-07 01:46 - 01170663 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 20:43 - 2013-02-02 00:11 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C603C78-CC00-42DC-A30C-85E5A1B6871D}
2015-04-08 20:40 - 2013-12-18 20:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-08 20:40 - 2012-01-16 20:49 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-04-08 20:40 - 2011-06-25 22:53 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-08 20:40 - 2011-05-16 01:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 20:40 - 2010-11-21 05:47 - 00221404 _____ () C:\Windows\PFRO.log
2015-04-08 20:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 20:40 - 2009-07-14 06:51 - 00202584 _____ () C:\Windows\setupact.log
2015-04-08 20:38 - 2013-04-25 20:13 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for karin.job
2015-04-08 20:37 - 2012-03-31 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 17:44 - 2010-11-21 08:50 - 00700396 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 17:44 - 2010-11-21 08:50 - 00149192 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 17:44 - 2009-07-14 07:13 - 01622172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 19:19 - 2011-12-26 18:01 - 00000000 ____D () C:\Users\karin
2015-04-06 18:35 - 2013-04-25 20:13 - 00003602 _____ () C:\Windows\System32\Tasks\Norton Security Scan for karin
2015-04-06 18:35 - 2013-04-25 20:13 - 00000000 ____D () C:\ProgramData\Norton
2015-04-06 12:31 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 12:31 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 20:32 - 2011-12-28 15:36 - 00000008 __RSH () C:\Users\karin\ntuser.pol
2015-04-05 20:23 - 2011-12-28 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-05 20:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-05 01:25 - 2012-05-17 15:17 - 292062208 _____ () C:\Users\karin\Documents\Mails bis 2011.pst
2015-04-05 00:50 - 2013-12-25 14:05 - 00000000 ____D () C:\AdwCleaner
2015-04-04 18:00 - 2013-12-18 21:11 - 00001091 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 18:00 - 2013-04-30 13:53 - 00001061 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 18:00 - 2011-12-26 18:01 - 00001003 _____ () C:\Users\karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 12:45 - 2012-10-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 23:05 - 2015-02-25 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-19 01:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 00:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 00:17 - 2014-05-18 14:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-18 23:32 - 2011-12-26 19:08 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-18 23:30 - 2011-12-28 15:40 - 00000000 ____D () C:\Users\Sophia
2015-03-17 22:27 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 22:26 - 2012-03-31 13:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 12:05 - 2012-12-25 20:48 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 18:32 - 2012-08-06 16:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-14 12:07 - 2012-12-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-14 12:01 - 2012-05-07 09:07 - 00320620 _____ () C:\Windows\DirectX.log
2015-03-11 17:03 - 2012-10-16 16:13 - 00000000 ____D () C:\Users\Sophia\Documents\Sonstiges
2015-03-11 16:53 - 2009-07-14 06:45 - 00344024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:57 - 2013-04-30 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:52 - 2013-07-16 12:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:46 - 2011-12-31 16:55 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 00:45 - 2009-07-14 04:34 - 00000534 _____ () C:\Windows\win.ini
2015-03-10 17:06 - 2013-05-17 12:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 17:06 - 2013-05-17 12:05 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-02-11 09:35 - 2015-02-11 09:35 - 0184242 _____ () C:\Program Files (x86)\lizenzvertrag.pdf
2011-12-26 21:50 - 2011-12-26 22:46 - 0001749 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\karin\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:10

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by karin at 2015-04-08 20:45:03
Running from C:\Users\karin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.)
Die Sims™ Inselgeschichten (HKLM-x32\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Die Sims™ Lebensgeschichten (HKLM-x32\...\{DA932D71-E52A-43D5-009E-395A1AEC1474}) (Version:  - )
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Gold Rush - Treasure Hunt Deluxe (HKLM-x32\...\a43b5713e1c9daf9a348736c21961ee3) (Version:  - Zylom)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.32035 (CD 3.3) - Hauppauge Computer Works)
Hercules Link (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 4.0.2.1 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
LG USB Modem Drivers (HKLM-x32\...\{3E8DE1A6-B365-4FF6-B917-2892A34990E8}) (Version: 4.9.7 - LG Electronics)
M&Ms - Die Geheimformeln (HKLM-x32\...\M&Ms The Lost Formulas) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein eigenes Tierheim SE (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Mein eigenes Tierheim SE) (Version: V1.000000 - )
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpyShelter Premium 5.14 (HKLM\...\SpyShelter_is1) (Version: 5.14 - )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TouchCopy 12 (HKLM-x32\...\{22E2998A-081D-4FAA-9DFA-D5CA52F5C4EB}) (Version: 12.40 - Wide Angle Software)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wendy (HKLM-x32\...\{202BACA0-AA91-11D4-A5EE-004095501894}) (Version:  - )
Wendy 2 (HKLM-x32\...\{DFFCBCCE-3A43-11D5-AF42-000102B4CD2E}) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-04-2015 00:00:04 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A430C9-E3BB-4383-BAEC-EC5F749B69F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {25CC741E-CE7A-4708-BEF3-34044EFD86B4} - System32\Tasks\Norton Security Scan for karin => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe [2013-08-19] (Symantec Corporation)
Task: {6144813C-9A9F-4353-ADBD-0D7EFB90F31C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {81FAF565-8359-4678-9E7A-638E7DE2CEC6} - System32\Tasks\{30B32277-D4CB-4E4A-B780-13BEAF0062E7} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {94B45807-FDD6-42E2-875E-B9A5A2F2A48C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9AB8391C-A843-40ED-A035-3326823BF5DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {A420D813-CB30-4B9E-AB0A-8B43ED261F7D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BF619E14-AABE-47A2-93EF-2194D526FC7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC7194DB-AF6A-47B8-94BC-2946B38E25FC} - System32\Tasks\{E2F2D9B5-29D4-42DC-A408-DAFF68786AAF} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {F1662AEE-2FB8-466E-8970-DBBB0CF9C57C} - System32\Tasks\{EA3CD6AA-5512-4118-AF25-B39F3FD495FE} => pcalua.exe -a D:\MANUAL\WinTV6Man_deu.EXE -d D:\MANUAL
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Norton Security Scan for karin.job => C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0B7D62C0-4D4C-47C6-8340-49CCD4930FA6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-07 02:07 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-05-07 02:07 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-05-07 02:07 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-05-07 02:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00076192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00383904 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 00103328 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-05-07 02:06 - 2010-05-24 11:10 - 64641440 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-26 18:15 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2260964575-2753946872-1401531445-1003 - Limited - Enabled)
karin (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\karin
Sophia (S-1-5-21-2260964575-2753946872-1401531445-1004 - Limited - Enabled) => C:\Users\Sophia
UpdatusUser (S-1-5-21-2260964575-2753946872-1401531445-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 08:40:23 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, IntPtr eventData)

Error: (04/06/2015 07:08:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/06/2015 00:28:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/06/2015 00:28:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/06/2015 00:28:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000028c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000027EEE10.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000002f8,(null),0,REG_BINARY,000000000024E000.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f3c75dc4-64dd-413a-b3e3-88215159dc93}

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000a14,(null),0,REG_BINARY,0000000008E7DE30.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Generatorname: MSSearch Service Writer
  Generatorinstanz-ID: {1cd5f478-d69f-4a4d-82d5-82915e649c40}

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000660,(null),0,REG_BINARY,0000000002F6DD90.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Generatorname: WMI Writer
  Generatorinstanz-ID: {d36ffe15-1969-475e-82b3-0e5c373775aa}

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001b8,(null),0,REG_BINARY,000000000265EAE0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
  Generatorname: Registry Writer
  Generatorinstanz-ID: {6d667048-e3a2-4f15-9a68-d06a43de604a}


System errors:
=============
Error: (04/08/2015 08:40:04 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (04/08/2015 08:39:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (04/08/2015 08:38:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/08/2015 08:38:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/08/2015 08:38:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/08/2015 08:38:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/08/2015 08:38:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/08/2015 08:38:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/08/2015 08:38:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/08/2015 08:38:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/08/2015 08:40:23 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, IntPtr eventData)

Error: (04/06/2015 07:08:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/06/2015 00:28:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\karin\Desktop\esetsmartinstaller_deu.exe

Error: (04/06/2015 00:28:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\karin\Desktop\esetsmartinstaller_deu.exe

Error: (04/06/2015 00:28:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\karin\Desktop\esetsmartinstaller_deu.exe

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000028c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000027EEE10.72)0x80070005, Zugriff verweigert

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002f8,(null),0,REG_BINARY,000000000024E000.72)0x80070005, Zugriff verweigert


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f3c75dc4-64dd-413a-b3e3-88215159dc93}

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a14,(null),0,REG_BINARY,0000000008E7DE30.72)0x80070005, Zugriff verweigert


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Generatorname: MSSearch Service Writer
  Generatorinstanz-ID: {1cd5f478-d69f-4a4d-82d5-82915e649c40}

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000660,(null),0,REG_BINARY,0000000002F6DD90.72)0x80070005, Zugriff verweigert


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Generatorname: WMI Writer
  Generatorinstanz-ID: {d36ffe15-1969-475e-82b3-0e5c373775aa}

Error: (04/06/2015 00:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b8,(null),0,REG_BINARY,000000000265EAE0.72)0x80070005, Zugriff verweigert


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
  Generatorname: Registry Writer
  Generatorinstanz-ID: {6d667048-e3a2-4f15-9a68-d06a43de604a}


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 7918.12 MB
Available physical RAM: 5320.68 MB
Total Pagefile: 15834.42 MB
Available Pagefile: 13328.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:713.2 GB) NTFS
Drive d: () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive e: () (Fixed) (Total:64 GB) (Free:3.08 GB) NTFS
Drive f: (PROGRAMME) (Fixed) (Total:59.54 GB) (Free:23.41 GB) FAT32
Drive g: () (Fixed) (Total:25.47 GB) (Free:25.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11BB29FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1E0A1E09)
Partition 1: (Active) - (Size=8 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================
Hallo M-K-D-B,
am Montag wurde angeblich das "Norton Security Scan" installiert, das sich jetzt mit einem megamäßigen download der Online-Bedrohungen meldet.
Ich weiß davon nichts. Kann es sein, dass dieses Programm mit einem der Tools heruntergeladen und installiert wurde?
An dem Tag hatte ich unter anderem das "ESET" installiert, nach Anweisung.
Vielen Dank für die Aufklärung.
Mit freundlichen Grüßen
midimuc

M-K-D-B 09.04.2015 08:00
Servus,


Norton Security Scan kannst du wieder deinstallieren (über Systemsteuerung).


Gibt es aktuell noch Probleme, von denen du anfangs gesagt hast?

midimuc 10.04.2015 10:39
Hallo,
Norton habe ich wieder deinstalliert, ansonsten habe ich aktuell keine Probleme mehr.
Viele Grüße

M-K-D-B 10.04.2015 12:57
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55