Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojanische Pferd TR/Matsnu.A.296 gefunden (https://www.trojaner-board.de/167350-trojanische-pferd-tr-matsnu-a-296-gefunden.html)

hugo-goch 28.05.2015 19:20
Trojanische Pferd TR/Matsnu.A.296 gefunden
 
Hallo, ich habe von der Telekom per eMail einen Hinweis erhalten, daß über meinem Rechner Spam-Mails versendet werden.

Daraufhin habe ich mehrmals den Virenscanner (Avira) laufen lassen und jedesmal den Trojaner "TR/Matsnu.A.296" gefunden. Er wurde in Quarantäne geschickt und tauchte aber immer wieder auf.

Nun versuche ich, diesen Quälgeist auf diesem Wege loszuwerden.

Für baldige Hilfe wäre ich dankbar.

Hugo

schrauber 28.05.2015 19:28
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


hugo-goch 29.05.2015 17:12
Trojanische Pferd TR/Matsnu.A.296 gefunden
 
Zunächst Danke für die Hilfe.

Hier nun die gewünschten Log-Dateien.

FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by WIN7 (administrator) on WIN7-PC on 28-05-2015 23:14:06
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: WIN7 (Available Profiles: WIN7)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fontview.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dvdplay.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3496448 2010-04-12] (Daniel Manger Software)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [appointmentrepair] => C:\Users\WIN7\AppData\Roaming\Appointmentslice\appointment-tie.exe [150528 2015-05-28] ()
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [machine-rest] => C:\Users\WIN7\AppData\Local\Temp\Machine-exact\machineground.exe [149504 2015-05-28] () <===== ATTENTION
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\RunOnce: [machine-rest] => C:\Users\WIN7\AppData\Local\Temp\Machine-exact\machineground.exe [149504 2015-05-28] () <===== ATTENTION
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\RunOnce: [digital_fan_control] => C:\ProgramData\Avira\My Avira\apps\icons\low_dropout_linear\boost.exe [203776 2012-11-29] (Faronics Corporation)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\MountPoints2: {9d3249ab-f970-11df-b587-6cf0491de88d} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=7dec7f32-869b-4f3c-a34d-8103faaa85b5&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-10.html
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_3&babsrc=HP_ss&mntrId=2c8b7b390000000000006cf0491de88d
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-10.html
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
URLSearchHook: HKU\S-1-5-21-345712177-510059219-1754512985-1000 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
URLSearchHook: HKU\S-1-5-21-345712177-510059219-1754512985-1000 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKLM-x32 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={A4980F3C-F5D5-11E1-8734-6CF0491DE88D}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> DefaultScope {DC4AFCA5-A592-4EA8-AC48-2E59AEE2F3BA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN25659818373513242&UM=2
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0030B613-25D0-4322-93B4-849CDB18B45E} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=7dec7f32-869b-4f3c-a34d-8103faaa85b5&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0C518C99-9F22-4438-852F-7EB722ED8006} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=drive&s={searchTerms}&f=4
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_11_3912_3&babsrc=SP_ss&mntrId=2c8b7b390000000000006cf0491de88d
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=ea756056-1093-476b-8056-dd96c209b9b8&apn_sauid=A1D61160-BCD3-48E4-A23E-08141E46765A
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2ABAF584-1961-4369-8DB7-2C08247D97E2} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2BC3BBA1-A50E-4DD8-900B-D383965A6CC6} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-10&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {47B93365-C152-494D-AA6D-59F2285021A8} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {4A727733-5822-4CBA-95C7-2559F67B27F4} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {5B979127-71E7-4D90-9009-35201FDDCD65} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {7C66A6E9-9BAF-461D-B581-23BD5EF35D51} URL = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {87906159-0460-43EB-AEA0-0B79E875004A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={10BE4872-70EE-49FC-86AA-0F2F1360022B}&mid=f045cfa13c0b76c045ad781eced62143-846581bf513b7a9a55a88236e9233d99cf33c081&lang=de&ds=AVG&pr=fr&d=2012-09-29 09:51:48&v=12.2.5.34&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {9C85D5A4-9E27-458F-BF1F-ACCC9CD659F9} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {A338C870-FFF9-4684-964E-E3F43BDE2A92} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {AF6F0DDA-4DF5-4666-A98B-B7C6D3793F5B} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {C7501728-BE38-408D-AD62-10C9D517B710} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {D538DCC3-9A32-47C6-9054-428C6DD8EB2D} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {DC4AFCA5-A592-4EA8-AC48-2E59AEE2F3BA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN25659818373513242&UM=2
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {E954692D-1151-4996-97C1-F99203664D81} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={A4980F3C-F5D5-11E1-8734-6CF0491DE88D}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: No Name -> {11111111-1111-1111-1111-110411591114} ->  No File
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKLM-x32 - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> No Name - {9D81AF43-DE53-48D0-A199-42C2A226B24C} -  No File
Toolbar: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} -  No File
Toolbar: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default
FF DefaultSearchEngine: Wikipedia (de)
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN13136816885280933&UM=2&SearchSource=3&q={searchTerms}&sspv=S41A
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-03-24] ()
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2011-09-23] (Nero AG)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-345712177-510059219-1754512985-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF user.js: detected! => C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js [2013-11-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2012-01-18] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\ask-search.xml [2014-04-24]
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\BrowserDefender.xml [2013-06-21]
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\delta.xml [2013-06-21]
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\sweetim.xml [2012-09-03]
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\ude---suche.xml [2012-07-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2014-03-10]
FF Extension: Avira Browser Safety - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\abs@avira.com [2015-05-28]
FF Extension: Firefox Synchronisation Extension - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\synchronize@nokia.suite [2014-12-17]
FF Extension: YouTube Unblocker - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-20]
FF Extension: WOT - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: {002e960c-bfcf-43f1-a710-c60fd2e6ba92} - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{002e960c-bfcf-43f1-a710-c60fd2e6ba92}.xpi [2013-11-01]
FF Extension: Stop Autoplay - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2012-07-30]
FF Extension: NoScript - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Video HTML5 Updater Light - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{d39d7d7b-7423-4441-832d-e0694b76c353}.xpi [2013-11-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-05-28]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 AllShare; D:\Programme\PC Share Manager (Samsung)\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576272 2011-10-03] (Hauppauge Computer Works)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 FreemiumSelfUpdateService; "C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe" [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2013-02-28] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116096 2010-06-01] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2010-05-30] () [File not signed]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Total Commander 5.0\PLUGINS\Media\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43152 2010-06-25] (Oracle Corporation)
S4 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation)
S3 cpuz134; \??\C:\Users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:13 - 2015-05-28 23:14 - 00000000 ____D () C:\FRST
2015-05-28 15:47 - 2015-05-28 15:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HateML
2015-05-28 13:26 - 2015-05-28 13:26 - 00599663 _____ () C:\Users\WIN7\2015.05.28.bookcook
2015-05-28 13:14 - 2015-05-28 13:14 - 00000786 _____ () C:\Windows\PFRO.log
2015-05-28 12:43 - 2015-05-28 12:43 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Appointmentslice
2015-05-28 11:14 - 2015-05-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-26 18:14 - 2015-05-27 17:39 - 00000000 ____D () C:\ProgramData\jxparsm
2015-05-26 10:32 - 2015-05-28 19:48 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Consideration-appeal
2015-05-24 10:54 - 2015-05-28 07:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine_network
2015-05-23 16:41 - 2015-05-24 00:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-23 10:17 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Weekend-display
2015-05-23 07:48 - 2015-05-28 13:14 - 00001008 _____ () C:\Windows\setupact.log
2015-05-23 07:48 - 2015-05-23 07:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 11:00 - 2015-05-24 00:14 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Consideration-hear
2015-05-22 09:28 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Appointmentrace
2015-05-20 17:20 - 2015-05-23 18:01 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Error-kiss
2015-05-17 19:08 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-17 15:47 - 2015-05-19 07:28 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machinedetail
2015-05-15 10:41 - 2015-05-15 10:41 - 00031922 _____ () C:\Users\WIN7\ESt2014_Urselmans_Hugo_und_Gabriele.elfo
2015-05-15 09:33 - 2015-05-15 09:33 - 00000000 ____D () C:\Users\WIN7\AppData\Local\elfopatch
2015-05-15 09:21 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Appointment-discuss
2015-05-14 18:55 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:55 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:26 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Considerationserve
2015-05-13 15:58 - 2015-05-17 09:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine-assist
2015-05-13 13:47 - 2015-05-15 09:13 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Weekend_slide
2015-05-13 13:18 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:18 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:18 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 13:18 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:18 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 13:18 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 13:18 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 13:18 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 13:18 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 13:18 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:18 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 13:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 13:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 13:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:18 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 13:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 13:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:18 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 13:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 13:18 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:18 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:13 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:13 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:13 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:13 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:12 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:12 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 22:34 - 2015-03-08 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 21:04 - 2009-07-14 19:58 - 00759582 _____ () C:\Windows\system32\perfh007.dat
2015-05-28 21:04 - 2009-07-14 19:58 - 00172890 _____ () C:\Windows\system32\perfc007.dat
2015-05-28 21:04 - 2009-07-14 07:13 - 01768660 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 19:18 - 2012-01-31 18:38 - 01720192 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 18:52 - 2010-06-07 21:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\TV-Browser
2015-05-28 17:57 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 17:57 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 15:49 - 2010-07-30 17:26 - 00000000 ____D () C:\Users\WIN7\.VirtualBox
2015-05-28 13:26 - 2010-05-20 10:04 - 00000000 ____D () C:\Users\WIN7
2015-05-28 13:14 - 2012-04-27 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 13:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 10:05 - 2011-07-18 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-05-28 10:02 - 2011-03-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Tapin Radio
2015-05-28 09:58 - 2012-02-06 16:43 - 00000000 ____D () C:\Users\WIN7\Calibre Bibliothek
2015-05-28 09:46 - 2014-10-22 12:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 09:11 - 2010-05-27 20:44 - 00000000 ____D () C:\Program Files (x86)\PRMT8
2015-05-28 09:06 - 2012-11-17 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
2015-05-27 18:05 - 2011-02-12 15:48 - 00000000 ____D () C:\Windows\pss
2015-05-26 23:50 - 2011-11-03 23:39 - 00000000 ____D () C:\Users\WIN7\AppData\Local\CrashDumps
2015-05-23 18:01 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\WIN7\AppData\Local\DownloadGuide
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-17 19:10 - 2011-05-27 13:50 - 01742004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 18:33 - 2012-09-25 10:42 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\PhotoScape
2015-05-15 09:35 - 2011-01-15 23:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-05-15 09:34 - 2015-01-27 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-05-15 09:18 - 2010-05-26 23:55 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 08:58 - 2009-07-14 06:45 - 00253232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 19:29 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 19:26 - 2013-07-25 14:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 19:04 - 2010-05-20 14:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 19:01 - 2010-05-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 18:55 - 2014-07-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:20 - 2013-05-23 11:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-05 13:50 - 2015-03-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:48 - 2013-04-01 16:31 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:48 - 2013-04-01 16:31 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-29 15:08 - 2010-05-26 23:36 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Kalenderchen

==================== Files in the root of some directories =======

2012-07-13 10:22 - 2012-07-13 10:22 - 0000288 _____ () C:\Users\WIN7\AppData\Roaming\.backup.dm
2010-06-06 21:08 - 2010-11-08 16:04 - 0000000 _____ () C:\Users\WIN7\AppData\Roaming\AVSDVDPlayer.m3u
2011-06-26 10:25 - 2013-11-26 15:51 - 0000040 _____ () C:\Users\WIN7\AppData\Roaming\cdr.ini
2005-11-02 12:41 - 2005-11-02 12:41 - 0003029 ____H () C:\Users\WIN7\AppData\Roaming\cglogs.dat
2012-10-17 11:16 - 2012-10-17 11:16 - 0000000 __RSH () C:\Users\WIN7\AppData\Roaming\CoreXPSP.dll
2010-05-30 11:36 - 2014-10-11 16:22 - 0221696 _____ () C:\Users\WIN7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-26 22:35 - 2013-05-19 18:46 - 0007607 _____ () C:\Users\WIN7\AppData\Local\Resmon.ResmonCfg
2010-06-14 14:43 - 2011-12-05 23:30 - 0015463 _____ () C:\ProgramData\hpzinstall.log
2011-08-28 10:24 - 2011-08-28 10:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-10-27 12:08 - 2011-10-27 12:33 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-07 11:59 - 2012-05-07 11:59 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\WIN7\AppData\Local\Temp\Machine-exact\machineground.exe
C:\Users\Public\AlexaNSISPlugin.4964.dll
C:\Users\WIN7\scribus-1.4.3-windows-x64.exe


Some files in TEMP:
====================
C:\Users\WIN7\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-05-04 08:39

==================== End of log ============================

hugo-goch 29.05.2015 17:13
Trojanische Pferd TR/Matsnu.A.296 gefunden
 
Und hier jetzt die Addition.txt da sie für einen Post zu groß waren.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by WIN7 at 2015-05-28 23:15:22
Running from D:\Eigene Dateien\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-345712177-510059219-1754512985-500 - Administrator - Disabled)
Gast (S-1-5-21-345712177-510059219-1754512985-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-345712177-510059219-1754512985-1002 - Limited - Enabled)
WIN7 (S-1-5-21-345712177-510059219-1754512985-1000 - Administrator - Enabled) => C:\Users\WIN7

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
7-PDF Printer 7.1.0.1262 (HKLM\...\7-PDF Printer_is1) (Version: 7.1.0.1262 - 7-PDF, Germany - Th. Hodes)
7-PDF Printer 7.1.0.1262 (HKLM-x32\...\7-PDF Printer_is1) (Version: 7.1.0.1262 - 7-PDF, Germany - Th. Hodes)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.3411 - ABBYY Software House)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Ahnenblatt 2.86 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.86.0.1 - Dirk Böttcher)
Ashampoo Burning Studio 2012 CBE v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 2012 CBE_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 5 (HKLM-x32\...\Ashampoo Photo Commander 5) (Version:  - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 5 FREE (HKLM-x32\...\Ashampoo Photo Commander 5 FREE_is1) (Version: 5.4.1 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 8 v.8.4.0 (HKLM-x32\...\Ashampoo Photo Commander 8_is1) (Version: 8.4.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 9 v.9.4.3 (HKLM-x32\...\{C92AB6F1-6A1B-F954-7C68-B44BA8E357A4}_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 6.60 (HKLM-x32\...\Ashampoo WinOptimizer 6_is1) (Version: 6.6.0 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (x32 Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{89A32D1D-70AB-547D-E9A1-2AC724BD3163}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
ATI Catalyst Install Manager (HKLM-x32\...\{89A32D1D-70AB-547D-E9A1-2AC724BD3163}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.762.0 - ATI Technologies) Hidden
ATI Problem Report Wizard (x32 Version: 3.0.762.0 - ATI Technologies) Hidden
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
Autostart ok-s 2.0 (HKLM-x32\...\{83832C13-FE26-4058-9BEB-89C422F569B3}) (Version: 1.0 - Olaf Koch)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\f018cf21c0452c64) (Version: 2.1.0.20 - FRITZ!Box)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BOOKcook Bücherverwaltung 1.37.1 (HKLM-x32\...\BOOKcook Bücherverwaltung_is1) (Version:  - XLM Software Axel Meierhöfer)
BrickStore (HKLM-x32\...\{07EA0F88-8E8F-11D9-8BDE-F66BAD1E3F3A}) (Version: 1.1.16 - softforge.de)
calibre (HKLM-x32\...\{3806764C-0AA7-4082-908D-C3671372C1E8}) (Version: 0.8.64 - Kovid Goyal)
ccc-core-static (x32 Version: 2010.0113.2208.39662 - Ihr Firmenname) Hidden
ccc-utility64 (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Defraggler (HKLM-x32\...\Defraggler) (Version: 2.14 - Piriform)
Document Express DjVu Plug-in (HKLM-x32\...\{A437447F-76CB-472E-A16D-B4DB22E326CE}) (Version: 6.1.27999 - Caminova, Inc.)
DriveScan Plus 2006 für Windows, Version 3.5 (HKLM-x32\...\DriveScan Plus_is1) (Version:  - diginvent)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX525WD Series Handbuch (HKLM-x32\...\EPSON SX525WD Series Manual) (Version:  - )
EPSON SX525WD Series Netzwerk-Handbuch (HKLM-x32\...\EPSON SX525WD Series Network Guide) (Version:  - )
EPSON SX525WD Series Printer Uninstall (HKLM\...\EPSON SX525WD Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
Fifi 98 (HKLM-x32\...\ST5UNST #1) (Version:  - )
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Franzis PDF goes Word 1.10 (HKLM-x32\...\Franzis PDF goes Word_is1) (Version: 1.10 - Franzis)
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version:  - )
Free YouTube Download version 3.2.3.610 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.3.610 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.29275 (CD 2.4c) - Hauppauge Computer Works)
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
Hitbase 2005 (HKLM-x32\...\{0029A01A-65E5-4918-BC41-3297F35371E4}) (Version: 10.0.0 - Big 3 Software)
HydraVision (x32 Version: 4.2.142.0 - ATI Technologies Inc.) Hidden
InfraRecorder 0.52 (x64 edition) (HKLM-x32\...\{2C22EA92-CB30-4932-0052-000001000000}) (Version: 0.52.00.00 - Christian Kindahl)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version:  - Daniel Manger)
KETTLER WORLD TOURS Common (HKLM-x32\...\{FF9A5D82-900E-4D16-B549-B8F0BB8D1BD2}) (Version: 1.01.0009 - MagicMaps GmbH)
KETTLER WORLD TOURS DEMO (HKLM-x32\...\{9A0280D9-FC68-492B-B6E4-B0569467A06C}) (Version: 1.1.3 - MagicMaps)
KETTLER WORLD TOURS DEMO (x32 Version: 1.0.6 - MagicMaps) Hidden
KETTLER WORLD TOURS DEMO (x32 Version: 1.1.3 - MagicMaps) Hidden
LDraw All-In-One-Installer 2013-01 (HKLM-x32\...\LDraw2013-01) (Version: 2013-01 - LDraw.org)
LibreOffice 3.5 Help Pack (German) (HKLM-x32\...\{3641CF63-7FB5-45CA-98D3-FB7D08F63056}) (Version: 3.5.0.13 - The Document Foundation)
LibreOffice 3.6 (HKLM-x32\...\{C2F438B6-7010-453B-93EC-B2FC053AA97B}) (Version: 3.6.1.2 - The Document Foundation)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version:  - )
Lotus SmartSuite Version 9 (HKLM-x32\...\SmartSuite V98.0) (Version:  - )
MagicMaps Support und Update Tool (HKLM-x32\...\{0CA1C412-6716-40E8-B033-006002E7F7EC}) (Version: 1.1.3 - MagicMaps)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (HKLM-x32\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 International Character Toolbar (HKLM-x32\...\{B6828215-1469-43A2-8BEE-F5A970F98161}) (Version: 11.0.0024.0 - Microsoft Office)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM-x32\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM-x32\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM-x32\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM-x32\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM-x32\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM-x32\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM-x32\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mp3tag v2.50 (HKLM-x32\...\Mp3tag) (Version: v2.50 - Florian Heidenreich)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x64_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x64 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Free Mahjong (HKLM-x32\...\My Free Mahjong_is1) (Version: 1.0 - MyPlayCity, Inc.)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7105 - MyHeritage.com)
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nero Backup Drivers (HKLM-x32\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
O&O Defrag Free Edition (HKLM-x32\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Oracle VM VirtualBox 4.1.12 (HKLM-x32\...\{7492BCA7-9F62-4265-A727-DC26A9E3DF10}) (Version: 4.1.12 - Oracle Corporation)
Oracle VM VirtualBox 4.3.8 (HKLM\...\{5D328A41-BFF8-4B78-B45E-5BEE1D133EF5}) (Version: 4.3.8 - Oracle Corporation)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}) (Version: 3.58.0 - dotPDN LLC)
Paint.NET v3.5.8 (HKLM-x32\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}) (Version: 3.58.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.02.0.0 - Avanquest Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Personal Backup 5.4 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Readiris Pro 11 (HKLM-x32\...\{8CE0B1C5-15E9-4027-92F4-F63C57FEFD87}) (Version: 11.00.4763 - I.R.I.S.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SamLogic CD-Menu Creator 2012 X (HKLM-x32\...\SamLogic CD-Menu Creator 2012 X) (Version: 7.0 - SamLogic Software)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 4.0 - SAMSUNG) Hidden
Schriftenbibliothek (HKLM-x32\...\Schriftenbibliothek_is1) (Version:  - )
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
SolSuite 2010 v10.4 (HKLM-x32\...\SolSuite_is1) (Version:  - TreeCardGames.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Tool zum Entfernen verborgener Daten (HKLM-x32\...\{90F80407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Total Commander Ultima Prime 5.0.0.0 (HKLM-x32\...\TC UP) (Version: 5.0.0.0 - ULTIMA PRIME)
TubeBox (HKLM-x32\...\{556e97d3-dfe2-4841-b3e5-169f7ee83716}) (Version: 1.0.0.0 - Freetec)
TubeBox (x32 Version: 4.0.0.0 - Freetec) Hidden
TV-Browser 3.4.0.1 (HKLM-x32\...\tvbrowser) (Version: 3.4.0.1 - TV-Browser Team)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM-x32\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM-x32\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM-x32\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM-x32\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XnView 1.99.1 (HKLM-x32\...\XnView_is1) (Version: 1.99.1 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-05-2015 19:00:21 Windows-Sicherung
17-05-2015 19:08:22 Windows Update
21-05-2015 02:05:14 Windows Update
24-05-2015 19:00:15 Windows-Sicherung
25-05-2015 13:00:46 Windows Update
28-05-2015 09:03:54 Removed InfraRecorder 0.52 (x64 edition)
28-05-2015 09:04:55 Removed Google Earth.
28-05-2015 09:07:31 Removed LibreOffice 3.6
28-05-2015 09:09:46 OpenOffice.org 3.4.1 wird entfernt
28-05-2015 09:10:48 Removed PROMT Translation Agent.
28-05-2015 17:56:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2011-07-25 22:18 - 00436154 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F0FD921-B37D-4B94-B788-FE5CA396049E} - System32\Tasks\{242BB3FE-124D-4F56-915A-213960A1BE5C} => pcalua.exe -a E:\GERMAN\INSTALL.EXE -d E:\GERMAN
Task: {23012A2F-4922-4E59-9B9F-21CA017040C5} - System32\Tasks\{979A6307-BA78-4321-8416-F9B004116086} => pcalua.exe -a E:\Software\printer\install.exe -d E:\Software\printer
Task: {278835DE-9422-4385-AF8E-336A07B5C4DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {2915688B-B19F-4273-940F-3F2D66850FF2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2ED03E78-B215-43C2-8480-9BB5F2D6542E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {346AEF1C-93A1-4FBC-8028-AD62E0AD2F4C} - System32\Tasks\{41AFE9BA-5B6D-44E4-BCEE-EAFF5003CC3F} => D:\Eigene Dateien\Hobby\Ahnenforschung\WinElke1\WINELKE.EXE
Task: {34D6B89E-CDBA-444A-9A21-78DB7C36AACB} - System32\Tasks\EPUpdater => C:\Users\WIN7\AppData\Roaming\BabSolution\Shared\BabMaint.exe <==== ATTENTION
Task: {3DDE3407-5BAF-4C52-B1EF-4163FBF892A7} - System32\Tasks\{91675B17-AC4F-40F4-B3E6-E9B40E2A33A0} => pcalua.exe -a "C:\Hauppauge\WinTV 7 CD 1.3d\Setup\WinTV7_CD_1.3d.exe" -d "C:\Hauppauge\WinTV 7 CD 1.3d\Setup"
Task: {43D52A59-1383-4C85-B724-57CA56D52E6F} - System32\Tasks\{655ECB49-D9A9-4BA1-A925-FE041E4C9F20} => pcalua.exe -a "C:\Program Files (x86)\Gimp 2.6\Setup\gimp-help-2-0.13-setup.exe" -d "C:\Program Files (x86)\Gimp 2.6\Setup"
Task: {4BA445E9-8E0A-467F-9AAB-EF790FE78306} - System32\Tasks\{D3552E21-9DE8-465D-BC35-8A461A2D780F} => pcalua.exe -a "C:\Program Files (x86)\Total Commander 5.0\TC UP.exe" -d "C:\Program Files (x86)\Total Commander 5.0"
Task: {4DCA8019-9DA0-4011-952E-4AD7634DB741} - System32\Tasks\{94893A33-76EE-431A-9DF7-E1BD5F1D0536} => D:\Eigene Dateien\Hobby\Ahnenforschung\WinElke1\WINELKE.EXE
Task: {541635EE-FB3F-4EBE-97E2-B4622C1161FB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7316125E-73A4-4DE9-A4F4-FE0D903DAC9F} - System32\Tasks\GlaryInitialize => D:\Programme\Glary Utilies\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {8C1FC31D-FFA8-44A3-98C8-F324C7471B5C} - System32\Tasks\{2076F7C2-FA24-4921-9857-C5EBDAA6CE3C} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {A91C5E14-D1FC-4526-ACA6-D5A39FED4499} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {ABF3B935-1AB8-4268-9016-90C1F470190A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {AF45C70A-A6FB-4CBC-87D0-64C75730A65F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {B3758B02-B2D4-42CC-960B-CE5B3B22E97E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {C39CE308-EB46-4ED9-8E11-B01FE13C6536} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CCAB402E-3C44-4E3A-97E1-3F8FD4DE9F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D2E93428-8EDE-4B3A-B2FE-AB99E206A6AA} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {D3CF0930-7996-43BF-956A-D94214D1D7EA} - System32\Tasks\{935C74BD-C6A3-41CB-90D8-F65517C1DA98} => pcalua.exe -a "C:\Program Files (x86)\O&amp;O Erase\Setup\OOSE32_GER.exe" -d "C:\Program Files (x86)\O&amp;O Erase\Setup"
Task: {D6ADB7C5-9033-4776-B7AE-B0BB9EEAE961} - System32\Tasks\{96172788-FD4D-411B-924E-8F6C6032064F} => pcalua.exe -a E:\PROGRAMM\VOLL\LOTUS\setup.exe -d E:\PROGRAMM\VOLL\LOTUS
Task: {F7FDD1EA-7D3C-4F4C-AB98-66F4DF79CDDC} - System32\Tasks\{DF13CC02-4308-49A6-A736-53EF680C110A} => pcalua.exe -a C:\Medion\MD6190.exe -d C:\Medion
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => D:\Programme\Glary Utilies\initialize.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-21 04:06 - 2015-01-21 04:06 - 00057344 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1031.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GV6PYM54U3M96HFNXH553Y8VPHKL606FVGEG1P6ERPVRDVT8JL9JJMPYV0PRUEF39P8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVV1VTVVTVMVV7
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LBP6VPVFLVGVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GV6PYM54U3M96HFNXH553Y8VPHKL606FVGEG1P6ERPVRDVT8JL9JJMPYV0PRUEF39P8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVV1VTVVTVMVV7
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_LBP6VPVFLVGVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GV6PYM54U3M96HFNXH553Y8VPHKL606FVGEG1P6ERPVRDVT8JL9JJMPYV0PRUEF39P8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVV1VTVVTVMVV7
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LBP6VPVFLVGVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GV6PYM54U3M96HFNXH553Y8VPHKL606FVGEG1P6ERPVRDVT8JL9JJMPYV0PRUEF39P8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVV1VTVVTVMVV7
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:8331D35A
AlternateDataStreams: C:\ProgramData\TEMP:C1DF2E66

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7669 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-345712177-510059219-1754512985-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: EpsonBidirectionalService => 2
MSCONFIG\Services: FreemiumSelfUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HauppaugeTVServer => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NitroReaderDriverReadSpool2 => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: Soda PDF 2012 Helper Service => 3
MSCONFIG\Services: Soda PDF 2012 Service => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\Services: vToolbarUpdater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1418459865
MSCONFIG\startupreg: appointmentrepair => C:\Users\WIN7\AppData\Local\Temp\Appointment-pass\appointmentconsult.exe
MSCONFIG\startupreg: consideration-change => C:\Users\WIN7\AppData\Roaming\Consideration-appeal\consideration_disagree.exe
MSCONFIG\startupreg: Family Tree Builder Update => C:\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: machine-rest => C:\Users\WIN7\AppData\Roaming\Machine_network\machine-rush.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: PDFPrint => D:\Programme\Test\PDF24\pdf24.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: smartphones => C:\ProgramData\AVG2013\Cfg\thermoelectric_cooler\optical_network_terminator.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: vspdfprsrv.exe => C:\Program Files (x86)\PDF Experte 9 Professional\vspdfprsrv.exe --background
MSCONFIG\startupreg: weekendaddress => C:\Users\WIN7\AppData\Local\Temp\Weekend-hate\weekend-recover.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A1BBF5CA-3B5C-423B-8AE7-F1EAC1F63F21}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{DA2F2C56-5C58-40A3-BE9D-1298EF26E661}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [TCP Query User{2F3AA371-6E59-409F-9147-941A07F11E60}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [UDP Query User{2CD0B44D-CCD0-4A80-A1F5-B2470C6DA108}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [{07E0F345-3483-4100-BD4E-1A38C1F5840D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{84497029-DF2A-45BD-BDBC-068FA11AD21F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{EC1924C6-9155-47E2-BAB4-D2BB9A1EFB99}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C5BD9BCD-2BA5-4E15-B660-7AF5B5FC502B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F4207C52-6069-41DD-B64C-6F2E6B58294F}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3EBF6358-3E2F-4980-B5F8-FFC8BA49C4EA}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{48D4F23C-8587-44F5-9A5F-D72589D80A46}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
FirewallRules: [UDP Query User{D0F28308-1476-4193-A9A4-AE9EE42499F8}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
FirewallRules: [TCP Query User{4BCD6C58-371E-4E63-BF37-67575358D820}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Block) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [UDP Query User{BD70B992-9299-404B-9051-84C233ED8E29}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Block) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [TCP Query User{1EB94A85-E14F-473E-8D29-6270215B88E8}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{6F8BD30B-7FC3-40B3-BD89-3E8F9969E91D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{930CACD9-69ED-42D1-A0A6-B520B0AA9A39}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{5F2375B1-1295-46D8-8DA4-D08177CDD6D1}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{D5DD0DA0-D21B-484E-A877-597B95E187EA}] => (Allow) D:\Programme\PC Share Manager (Samsung)\WiselinkPro.exe
FirewallRules: [{33BCED20-7434-44E8-9D77-A5759F6A5285}] => (Allow) D:\Programme\PC Share Manager (Samsung)\WiselinkPro.exe
FirewallRules: [{B348B1D2-A6A9-4220-8943-51501DABEFD8}] => (Allow) D:\Programme\PC Share Manager (Samsung)\http_ss_win_pro.exe
FirewallRules: [{3C3F542D-DBE9-4F99-AB88-08BAC2778296}] => (Allow) D:\Programme\PC Share Manager (Samsung)\http_ss_win_pro.exe
FirewallRules: [{C028B270-F27B-4914-AF80-B1B5962D7070}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{AA83BE3F-838E-4EF6-94AC-107E6E71F787}C:\program files (x86)\java\jre6\launch4j-tmp\atunes.exe] => (Block) C:\program files (x86)\java\jre6\launch4j-tmp\atunes.exe
FirewallRules: [UDP Query User{B333F4F9-BCD3-475C-83BC-9697380A0D14}C:\program files (x86)\java\jre6\launch4j-tmp\atunes.exe] => (Block) C:\program files (x86)\java\jre6\launch4j-tmp\atunes.exe
FirewallRules: [{050E0A6F-2CDA-4329-80E3-1F1EB4A58C7C}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{30ABEE27-7DC2-4974-93C3-2EA5DD21334B}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{6461AB5D-4AE3-4D64-A9B7-8663699A4DFB}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{FB9AF16E-ADE9-43DC-B6AC-FBA6FA2FE59B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{8A279A63-6D28-4E76-ACE2-23D73C264541}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [{C8AEBAF0-70E0-4536-B753-52D5C67C3359}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{1DC3BC1B-9D7A-4121-B8F5-002C6BEA25EC}] => (Allow) LPort=80
FirewallRules: [TCP Query User{42BD8D11-27F5-463D-A48E-F42902920675}C:\program files\oo software\defrag\oodag.exe] => (Allow) C:\program files\oo software\defrag\oodag.exe
FirewallRules: [UDP Query User{BFF460BB-991A-448F-9768-2E83BC6767EE}C:\program files\oo software\defrag\oodag.exe] => (Allow) C:\program files\oo software\defrag\oodag.exe
FirewallRules: [{D9300EF8-5CE6-4575-B373-3199E32D6162}] => (Block) C:\program files\oo software\defrag\oodag.exe
FirewallRules: [{E8905ABB-FE7A-448F-A4AC-488D30B0F33E}] => (Block) C:\program files\oo software\defrag\oodag.exe
FirewallRules: [{2743C2AB-7C74-4A59-9624-88A866540D10}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4E8D62D2-9088-432E-B745-4EABE44A28B1}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{D23E8C56-F58C-4DC0-9241-6BC0076F3371}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{7095862B-E64C-4543-9E6A-0B8256807D32}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{11001074-D3FE-4A68-8C48-24C059F277A0}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{14A1BBC7-BE13-408A-98A7-0409120031DA}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{503D63DC-12A9-494B-A6C9-635CDD543BF5}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{A1255C4D-025C-4A72-9ECA-AF340C38FB08}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{8E7603A2-79A2-4156-8028-D72BB5BCB807}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{EFEAC40B-F55A-45EE-BD12-24048E25C368}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{3E30B1B1-F186-4C7E-A979-6EFB7BEA02B1}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{AE8B86D5-1B58-4400-B357-BC5F18AC5331}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{63200228-A4E2-403A-90CF-8FBA342B3BD2}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{0CC42869-881B-4611-8FEE-08959ED00E44}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{67B4093D-65DA-4011-A0C6-AA4A59326D19}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3ADC84BE-A953-49B8-9889-16CAB8EAEB55}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{E21B88BA-178B-4FCC-BB15-F5A023CF2E2F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{04B8C804-5502-40ED-97C9-48DDB86AA289}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{FD64C223-970A-4C7D-95E6-FE00D63D7D6E}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{8C90CD0C-8209-4CE4-A3DA-03B53E13F093}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{6D4D0E60-DF9C-4EDB-A809-EA143C9A36A1}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{1109C65F-0FC1-4BB1-B42C-CBE3D416453C}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{161907AD-776B-4845-819C-32353D4D1B5D}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{060FC279-53CB-4811-A6B5-29A264A239A8}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{46FC9117-10E8-4812-808B-7B66B7B5AB78}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{7D118ED5-3441-4B65-81B1-B5D68FAC3270}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{8FEACDDF-A305-42B5-82B9-4180DAE4AFC5}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{C1C4FFF5-9B7F-4DFA-85E3-1F72159CCAE6}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{C4984B14-F4A7-4705-BF90-849102BE9E8D}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{B504BEE6-B238-419E-A7FC-5697260C3EBC}] => (Allow) C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{DF820DF8-0A99-44C8-A396-6ADBFB28B682}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{DD25D84F-E300-4B7A-A054-57D0934005AD}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{224A87D0-9142-4F33-ACB3-997CD3E6882B}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{64BB1BCA-6E57-4353-BAC7-CF6211DB3D22}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{D668BD15-98A4-4DDE-B26B-5080E95FB929}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{4A28AE05-0905-42D0-A218-7584F3F4B706}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{07707949-3872-4BEF-946F-7928B4E16D62}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD55A68D-FBF8-4DFD-B4EE-401446B9184E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7E388E47-9B32-4360-9280-2B9803171380}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{50E5956C-7F03-463D-8EF0-0F302A136C44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D8B57D5-0E17-491F-965A-38F39AF01D39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Disabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 09:10:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: WIN7-PC)
Description: Produkt: OpenOffice.org 3.4.1 -- Bitte benutzen Sie die Datei setup.exe, um die Installation zu starten.

Error: (05/27/2015 03:57:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.7132.5000, Zeitstempel: 0x53ec9d06
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02690013
ID des fehlerhaften Prozesses: 0x10e0
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3

Error: (05/27/2015 03:55:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.7132.5000, Zeitstempel: 0x53ec9d06
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08160013
ID des fehlerhaften Prozesses: 0xce4
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3

Error: (05/27/2015 00:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7134.5000, Zeitstempel: 0x541c2dcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08260013
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (05/26/2015 11:59:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7134.5000, Zeitstempel: 0x541c2dcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08040013
ID des fehlerhaften Prozesses: 0x148c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (05/26/2015 11:51:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7134.5000, Zeitstempel: 0x541c2dcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x06780013
ID des fehlerhaften Prozesses: 0x17c0
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (05/26/2015 11:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7134.5000, Zeitstempel: 0x541c2dcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08c10013
ID des fehlerhaften Prozesses: 0x142c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (05/26/2015 11:49:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7134.5000, Zeitstempel: 0x541c2dcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x091a0013
ID des fehlerhaften Prozesses: 0x15c0
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (05/26/2015 11:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7134.5000, Zeitstempel: 0x541c2dcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x037e0013
ID des fehlerhaften Prozesses: 0x69c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (05/26/2015 05:51:53 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet


System errors:
=============
Error: (05/28/2015 07:50:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/28/2015 07:34:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/28/2015 07:06:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/28/2015 06:01:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.199.739.0)

Error: (05/28/2015 05:57:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (05/28/2015 05:16:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (05/28/2015 05:16:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (05/28/2015 05:16:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (05/28/2015 05:16:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (05/28/2015 05:13:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office:
=========================
Error: (05/28/2015 09:10:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: WIN7-PC)
Description: Produkt: OpenOffice.org 3.4.1 -- Bitte benutzen Sie die Datei setup.exe, um die Installation zu starten. (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/27/2015 03:57:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.7132.500053ec9d06unknown0.0.0.000000000c00000050269001310e001d098851269d370C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEunknown550d7c90-0478-11e5-b14a-6cf0491de88d

Error: (05/27/2015 03:55:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.7132.500053ec9d06unknown0.0.0.000000000c000000508160013ce401d09884b2467f70C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEunknown0aeee090-0478-11e5-b14a-6cf0491de88d

Error: (05/27/2015 00:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7134.5000541c2dccunknown0.0.0.000000000c00000050826001368c01d097ff58f15ce0C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown9ba0ece0-03f2-11e5-8fa5-6cf0491de88d

Error: (05/26/2015 11:59:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7134.5000541c2dccunknown0.0.0.000000000c000000508040013148c01d097ff2fd81f60C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown7cf8d780-03f2-11e5-8fa5-6cf0491de88d

Error: (05/26/2015 11:51:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7134.5000541c2dccunknown0.0.0.000000000c00000050678001317c001d097fe0ae1c540C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown52861220-03f1-11e5-8fa5-6cf0491de88d

Error: (05/26/2015 11:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7134.5000541c2dccunknown0.0.0.000000000c000000508c10013142c01d097fdf6b6bee0C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown3a923c20-03f1-11e5-8fa5-6cf0491de88d

Error: (05/26/2015 11:49:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7134.5000541c2dccunknown0.0.0.000000000c0000005091a001315c001d097fdbcfd66e0C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown2658ed80-03f1-11e5-8fa5-6cf0491de88d

Error: (05/26/2015 11:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7134.5000541c2dccunknown0.0.0.000000000c0000005037e001369c01d097fce4c7aba0C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown31770c20-03f0-11e5-8fa5-6cf0491de88d

Error: (05/26/2015 05:51:53 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet


CodeIntegrity Errors:
===================================
  Date: 2015-05-28 13:14:02.342
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-28 13:14:02.249
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-28 07:56:58.591
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-28 07:56:58.528
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-28 07:41:43.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-28 07:41:43.202
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-27 18:06:11.519
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-27 18:06:11.457
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-27 17:38:55.380
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-27 17:38:55.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 36%
Total physical RAM: 4094.55 MB
Available physical RAM: 2605.78 MB
Total Pagefile: 8187.32 MB
Available Pagefile: 6136.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:270.35 GB) (Free:127.57 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:195.31 GB) (Free:48.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7EB9B437)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of log ============================

schrauber 30.05.2015 13:22
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    FilesFrog Update Checker


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

hugo-goch 30.05.2015 14:33
Hier die Combofix-txt

Code:
ComboFix 15-05-28.01 - WIN7 30.05.2015  15:08:33.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.2632 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\users\Public\AlexaNSISPlugin.4964.dll
c:\users\WIN7\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\WIN7\AppData\Roaming\1&1
c:\users\WIN7\AppData\Roaming\Adobe\Flash Player\install_flash_player.exe
c:\users\WIN7\AppData\Roaming\cglogs.dat
c:\users\WIN7\AppData\Roaming\SearchProtect
c:\users\WIN7\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\winhelp.ini
d:\eigene dateien\Eigene Dokumente\Readiris.DUS
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-28 bis 2015-05-30  ))))))))))))))))))))))))))))))
.
.
2015-05-30 13:18 . 2015-05-18 02:57        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7395252D-8DED-4146-8DE2-E928EB2A368E}\mpengine.dll
2015-05-28 21:13 . 2015-05-28 21:16        --------        d-----w-        C:\FRST
2015-05-28 13:47 . 2015-05-28 13:47        --------        d-----w-        c:\users\WIN7\AppData\Roaming\HateML
2015-05-26 16:14 . 2015-05-27 15:39        --------        d-----w-        c:\programdata\jxparsm
2015-05-26 08:32 . 2015-05-28 17:48        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Consideration-appeal
2015-05-24 08:54 . 2015-05-28 05:55        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Machine_network
2015-05-23 14:41 . 2015-05-23 22:16        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2015-05-23 08:17 . 2015-05-24 22:06        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Weekend-display
2015-05-22 09:00 . 2015-05-23 22:14        --------        d--h--w-        c:\users\WIN7\AppData\Local\Consideration-hear
2015-05-22 07:28 . 2015-05-24 22:06        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Appointmentrace
2015-05-20 15:20 . 2015-05-23 16:01        --------        d--h--w-        c:\users\WIN7\AppData\Local\Error-kiss
2015-05-17 17:08 . 2015-03-14 03:21        82944        ----a-w-        c:\windows\system32\dwmapi.dll
2015-05-17 17:08 . 2015-03-14 03:21        1632768        ----a-w-        c:\windows\system32\dwmcore.dll
2015-05-17 17:08 . 2015-03-14 03:04        67584        ----a-w-        c:\windows\SysWow64\dwmapi.dll
2015-05-17 17:08 . 2015-03-14 03:04        1372160        ----a-w-        c:\windows\SysWow64\dwmcore.dll
2015-05-17 13:47 . 2015-05-19 05:28        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Machinedetail
2015-05-15 07:33 . 2015-05-15 07:33        --------        d-----w-        c:\users\WIN7\AppData\Local\elfopatch
2015-05-15 07:21 . 2015-05-17 12:51        --------        d--h--w-        c:\users\WIN7\AppData\Local\Appointment-discuss
2015-05-14 16:55 . 2015-05-01 13:17        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:55 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:26 . 2015-05-17 12:51        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Considerationserve
2015-05-13 13:58 . 2015-05-17 07:55        --------        d--h--w-        c:\users\WIN7\AppData\Roaming\Machine-assist
2015-05-13 11:47 . 2015-05-15 07:13        --------        d--h--w-        c:\users\WIN7\AppData\Local\Weekend_slide
2015-05-13 11:13 . 2015-04-20 03:17        1647104        ----a-w-        c:\windows\system32\DWrite.dll
2015-05-13 11:12 . 2015-02-18 07:06        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe
2015-05-13 11:12 . 2015-02-18 07:04        142336        ----a-w-        c:\windows\system32\poqexec.exe
2015-05-13 11:12 . 2015-03-04 04:41        342016        ----a-w-        c:\windows\system32\apphelp.dll
2015-05-13 11:12 . 2015-03-04 04:10        295936        ----a-w-        c:\windows\SysWow64\apphelp.dll
2015-05-13 11:12 . 2015-03-04 04:41        6656        ----a-w-        c:\windows\system32\shimeng.dll
2015-05-13 11:12 . 2015-03-04 04:41        72192        ----a-w-        c:\windows\system32\aelupsvc.dll
2015-05-13 11:12 . 2015-03-04 04:41        23552        ----a-w-        c:\windows\system32\sdbinst.exe
2015-05-13 11:12 . 2015-03-04 04:11        5120        ----a-w-        c:\windows\SysWow64\shimeng.dll
2015-05-13 11:12 . 2015-03-04 04:10        20992        ----a-w-        c:\windows\SysWow64\sdbinst.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-18 02:57 . 2015-05-30 13:20        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1CA44C9-368B-423F-AEFA-781B16A6BE20}\mpengine.dll
2015-05-14 17:04 . 2010-05-20 12:33        140425016        ----a-w-        c:\windows\system32\MRT.exe
2015-05-05 11:48 . 2013-04-01 14:31        152744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-05-05 11:48 . 2013-04-01 14:31        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-04-27 19:04 . 2015-05-13 11:18        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-04-15 00:34 . 2015-03-08 09:47        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 00:34 . 2015-03-08 09:47        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-25 03:24 . 2015-04-15 06:25        3298816        ----a-w-        c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 06:25        98304        ----a-w-        c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 06:25        37376        ----a-w-        c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 06:25        35328        ----a-w-        c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 06:25        2553856        ----a-w-        c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 06:25        191488        ----a-w-        c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 06:25        696320        ----a-w-        c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 06:25        60416        ----a-w-        c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 06:25        12288        ----a-w-        c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 06:25        36864        ----a-w-        c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 06:25        135168        ----a-w-        c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 06:25        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 06:25        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 06:25        29696        ----a-w-        c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 06:25        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 06:25        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 06:25        726528        ----a-w-        c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 06:25        769536        ----a-w-        c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 06:25        419840        ----a-w-        c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 06:25        957952        ----a-w-        c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 06:25        30720        ----a-w-        c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 06:25        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 06:25        192000        ----a-w-        c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 06:25        1111552        ----a-w-        c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 06:20        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 06:20        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 06:20        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 06:20        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 06:25        404480        ----a-w-        c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 06:25        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2015-03-04 13:16 . 2013-05-07 12:26        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-03-04 04:55 . 2015-04-15 06:15        367552        ----a-w-        c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 06:15        79360        ----a-w-        c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 11:12        309248        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 11:12        103424        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 06:15        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 11:12        470528        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 11:12        2178560        ----a-w-        c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 11:12        2560        ----a-w-        c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMS-Kalenderchen"="c:\program files (x86)\Kalenderchen\Kalenderchen.exe" [2010-04-12 3496448]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^WIN7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48        1022152        ----a-w-        c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2013-11-12 14:11        2532864        ----a-w-        c:\myheritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-01-25 09:45        3942216        ----a-w-        c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-18 11:17        8067616        ----a-w-        c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-20 16:13        74752        ----a-w-        c:\program files (x86)\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DriveScan Plus"=c:\program files (x86)\DriveScan Plus\DriveScan.exe /SmartStart
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
"Family Tree Builder Update"=c:\myheritage\Bin\FTBCheckUpdates.exe
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
.
R1 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys;c:\windows\SYSNATIVE\drivers\acedrv06.sys [x]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz134;cpuz134;c:\users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OV550I;35mm Film Scanner;c:\windows\system32\Drivers\FilmScan.sys;c:\windows\SYSNATIVE\Drivers\FilmScan.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AllShare;SAMSUNG AllShare Service;d:\programme\PC Share Manager (Samsung)\WiselinkPro.exe;d:\programme\PC Share Manager (Samsung)\WiselinkPro.exe [x]
R4 FreemiumSelfUpdateService;Freemium Self Update Service;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe [x]
R4 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 VD_FileDisk;VD_FileDisk; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys;c:\windows\SYSNATIVE\drivers\hcw88bda.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys;c:\windows\SYSNATIVE\drivers\hcw88tse.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys;c:\windows\SYSNATIVE\drivers\hcw88vid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
defragsvc        REG_MULTI_SZ          defragsvc
WerSvcGroup        REG_MULTI_SZ          wersvc
termsvcs        REG_MULTI_SZ          TermService
swprv        REG_MULTI_SZ          swprv
LocalServicePeerNet        REG_MULTI_SZ          PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation        REG_MULTI_SZ          KtmRm
regsvc        REG_MULTI_SZ          RemoteRegistry
NetworkServiceNetworkRestricted        REG_MULTI_SZ          PolicyAgent
sdrsvc        REG_MULTI_SZ          sdrsvc
WbioSvcGroup        REG_MULTI_SZ          WbioSrvc
AxInstSVGroup        REG_MULTI_SZ          AxInstSV
secsvcs        REG_MULTI_SZ          WinDefend
bthsvcs        REG_MULTI_SZ          bthserv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-08 00:34]
.
2014-12-14 c:\windows\Tasks\GlaryInitialize.job
- d:\programme\Glary Utilies\initialize.exe [2013-07-03 14:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 3942216]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/cpm-redir/ie-10.html
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=7dec7f32-869b-4f3c-a34d-8103faaa85b5&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
mSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN13136816885280933&UM=2&SearchSource=3&q={searchTerms}&sspv=S41A
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 2c8b7b390000000000006cf0491de88d
FF - user.js: extensions.funmoods_i.instlDay - 15391
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:06
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyIU3vpDc&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2c8b7b390000000000006cf0491de88d
FF - user.js: extensions.incredibar_i.instlDay - 15545
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1412:38
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyIU3vpDc
FF - user.js: extensions.incredibar_i.upn2n - 92261810019057178
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10662
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2c8b7b390000000000006cf0491de88d&q=
FF - user.js: extensions.BabylonToolbar.id - 2c8b7b390000000000006cf0491de88d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15610
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.723:22
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110823&tt=270912_11_3912_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 2c8b7b390000000000006cf0491de88d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15877
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:10
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tt=180613_ndt6&tsp=4920
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.shownSelectionUI - true
.
.
------- Dateityp-Verknüpfung -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=c:\windows\SysWow64\WScript.exe "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
Toolbar-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
Toolbar-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
SafeBoot-SolutoService
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-DriveScan Plus - c:\program files (x86)\DriveScan\DriveScan.exe
MSConfigStartUp-HP Software Update - c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-LanguageShortcut - c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-UpdatePPShortCut - c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\System32\ie4uinit.exe
BHO-{11111111-1111-1111-1111-110411591114} - (Wert nicht festgelegt)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{9D81AF43-DE53-48D0-A199-42C2A226B24C} - (no file)
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*%*֋H\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="59CF34AE006037263039EF325BF3FCFD22184C6C9D47F015C51CD7CA327824F83836F4872FEE5876DB4F275CC0A5299969209AC2DEFD89B65487164957299385F57CA272A99B20498F8D9C282719360F1EEB7DC374434773F50E09164C453980355AB916980A471906EA8A075E03ABEEAD530DC5737B1B936B08C6148783948C2CC9EA7EF9DFF9008921E0CC889A80EF18711208C390EB888C141609D51C9670A8081D1B1F48D73DFAB140329C9C24EAF3A88E2B20EF93614313739DD94E2A978718E8BE2FF17437CE5F015365C774DA6B1B36351A085FD58EA810E207DA27903D401C21A28E58F30D30AC31815F4A613A32ED8F13CE93FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB34529DB7CE019D40AA5CA8C53DA5136A957B6443DC99F75385F5531A20641EF7C4BCBD32119F9F5707B0911135F535985540DEE4E5B400436469E16A2631D4C8FA7F1C9596FE27DCE9CD021C70F1729F90FD32BD17F24392F4D8426736A5C5646AD21927EC5B6E85C366D7E78EDCA1972341D4807273821D44BFA79D525B3C8A6F3E41E6B56EE696E42F9807F1AB80E8EB8AE4F83B8BE312638C6629BFA5E3D06C3C41665725EA299E4F6C23C20AAED54ED0A382F8C0EFF5651F783D0788D09EC6BB6E4FFBA034ABC7E29D786B5531EDB3FA749078CF16A0E34FFD20743B79B268A0BEDA913762DF3A7A9E579B22EE9905E661264928253CFB67B62C1B2B399CBFC0CCD84B7278DB57990024C5353693356597DD40EC534A4DA3884FCFF74C41BC67572D1E0F5E887E38FCD5220A3669B53C6763F4763B9D7C377E8B2AF757D956D341CDC37EDE2519C2EFFAABCE04FE7D24C5FAC3CED8DE3348C5778932DD7305B912483CE72AC18F1958B12065198C8AC9CBF6CD360F891EF0AFBD8DE2CD6D473F74B9C7235345510FD92F84E4CE1A5BCEB542F5A0A1EB6CBEB31D9B7B737E9E80B6566E3FD169D16C3EBA9E98E707F247655AE3B53AAB54B3EA66DC2180AD110BCC65787B81BB076EEF337AFD8787593C5FCF865067400DC613803EAB0D5827E24CC2F44FA01D6BC3FE0666C838A01CABCCC70A001AF4D4DF8EE672A613AFEFFD725B3664D2447D129F3A76DC63AF4886F97B6689276A6BDF62A56C54F0B8FC491B35D297213BC1EFAA6501D7DBE072B058B85161C89295963A60E6A768CA62A14CE623F8F4DFBB6999B4A20754B63284FB6047371BB71BCAE1CCDDCAA093BB5BA91A47D01F63797E0E6938EBE68A23CE1F680967A0734AB6CB369318A31425BD01102096524B07244B5666BE0E86654F1DD99B07BEB673088F790D23E0214183BE1CD4F825F27742BAE594E82C279C3DF850C4DC3F45E9E0640A922DA8E3B4DAF7"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-30  15:25:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-30 13:25
.
Vor Suchlauf: 25 Verzeichnis(se), 136.044.462.080 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 135.742.939.136 Bytes frei
.
- - End Of File - - BB26AB233C9EF2377043B9B18B9F36EE
A36C5E4F47E84449FF07ED3517B43A31

schrauber 31.05.2015 05:48
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

hugo-goch 31.05.2015 11:33
Trojanische Pferd TR/Matsnu.A.296 gefunden
 
Einen schönen Sonntagmittag.

Hier folgt meine "Hausaufgabe"
mbam.txt
AdwCleaner[S0].txt
JRT.txt und
FRST.txt

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.05.2015
Suchlauf-Zeit: 11:06:22
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.30.06
Rootkit Datenbank: v2015.05.24.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: WIN7

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 488107
Verstrichene Zeit: 34 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 1
PUP.Optional.BProtector, HKU\S-1-5-21-345712177-510059219-1754512985-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, www.google.com, In Quarantäne, [b915f3a6d1b9979f8852ed66f015fc04]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 61
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[bf0f1980aedc92a43ed06d03c3437a86]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (e changes to this file while twritten when the application exits.
 *
 * To make a man), Ersetzt,[6a64f1a8afdbfb3bdb3389e766a057a9]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (tten when the application exits.
 *
 * To make a manual), Ersetzt,[e8e6e8b1107a181ecf3f026ee026fe02]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (hanges to this file while twritten when the applicati), Ersetzt,[ede15049622852e4ca441c54729452ae]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (ke changes to this file while twritten when the applic), Ersetzt,[e7e7cdcc860470c641cde98729dd9070]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (e changes to this file while twritten when the application exits.
 *
 * To m), Ersetzt,[626cfa9fff8b0e28ab632f41a2649c64]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (hile twritten when the application exits.
 *
 * To make), Ersetzt,[b11d06938cfe43f3c34b9dd343c349b7]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (hanges to this file while twritten when the application), Ersetzt,[fed09efbbcce83b32ce22a4647bf6997]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( changes to this file while twritten when the application exits), Ersetzt,[5b73badfa8e2f541ba5485ebfe08be42]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( to this file while twritten when the application exits.
), Ersetzt,[38966f2abad02c0aa36ba0d052b415eb]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (anges to this file while twritten when the applicatio), Ersetzt,[f2dc316887031d19ec2287e9eb1b728e]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (ke changes to this file while twritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL a), Ersetzt,[47874356a3e74fe72ce2cda356b0ff01]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (manual change to preferences, you can visit the URL abo), Ersetzt,[97371584e6a43105c747caa6986efc04]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( changes to this file while twritten when the applicatio), Ersetzt,[7b536f2a1d6dda5c2de1016fb0562dd3]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (changes to this file while twritten when the applica), Ersetzt,[e4eae2b702881224ae60d898f313b749]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (ake changes to this file while twritten when the application exits.
 *
 * To make a ), Ersetzt,[a52942571f6bb87ef11dc5abcb3b2ad6]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (itten when the application exits.
 *
 * To make a man), Ersetzt,[903e1b7edeac5cdac84698d80105f907]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( changes to this file while twritten when the application), Ersetzt,[23aba9f09eec2d09bb53c8a8ca3c57a9]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (hanges to this file while twritten when the applicatio), Ersetzt,[8a44aaef44463402e42aa2ce37cfc53b]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (e changes to this file while twritten when the application exits.
), Ersetzt,[ba1456439ded5bdbc846b0c063a36f91]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.incredibar_i.dfltLng", "");), Ersetzt,[ad216a2f12787db92fe4ee82cb3b4fb1]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (ke changes to this file while twritten when the ap), Ersetzt,[68666732c3c7ea4c40d3ea8611f5bf41]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (e changes to this file while twritten when the appli), Ersetzt,[448a3267bdcd48ee26ed98d8c046b848]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (changes to this file while twritten when the application exits.
 *
 * To m), Ersetzt,[cb03c2d71575ca6c65aeea8662a48e72]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (le twritten when the application exits.
 *
 * To make a manu), Ersetzt,[a7278e0b99f1c27440d3640c689ec23e]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( this file while twritten when the application exits.
), Ersetzt,[dfefe7b26525999dfd16da96b84e24dc]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (nges to this file while twritten when the applicat), Ersetzt,[547a30699eeccb6b15fe74fced1928d8]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (e changes to this file while twritten when the appl), Ersetzt,[923c8b0ec1c91b1bb2617cf435d1e020]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( changes to this file while twritten when the appli), Ersetzt,[cd01aaefc3c7092dee251c54759122de]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( changes to this file while twritten when the), Ersetzt,[f6d885144c3e2f07c64d5719af572cd4]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (Preake changes to this file while twritten when the appli), Ersetzt,[48868415187291a5bc57333d907609f7]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (es to this file while twritten when the application e), Ersetzt,[5a742574beccf54167acee823acc2ad6]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (hanges to this file while twritten when the application exi), Ersetzt,[eee012872f5b0c2a908396daf214748c]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: ( to this file while twritten when the application exi), Ersetzt,[aa2405944b3fd462bc578fe1ed19c63a]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (hanges to this file while twritten when the applicat), Ersetzt,[be10a7f234560c2ac152650b0204c63a]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (changes to this file while twritten when the application exits.
 *
 * To make a manual change to preferences, you can), Ersetzt,[834bf0a979117cbafe1507699b6b17e9]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (
 * To make a manual change to preferences, you can vis), Ersetzt,[c70704957911b58158bbd19fba4c14ec]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (ges to this file while twritten when the application exits.
 *
), Ersetzt,[3a94cacffb8f1e183dd6254b9472ef11]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (his file while twritten when the application exits.
 *), Ersetzt,[be104b4e3c4e9d99fc178ee218ee7f81]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (nges to this file while twritten when the application exits.
 *
), Ersetzt,[56784d4cfa90c96d8192adc3699d53ad]
PUP.Optional.Incredibar.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\prefs.js, Gut: (), Schlecht: (is file while twritten when the application exits.
 *
), Ersetzt,[a925e7b21b6fbb7bb16290e0bf4723dd]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", false);), Ersetzt,[616d257437534ee8a2148ae5cf379967]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (intrue);
user_pref("nglayouref("browser.urlbar.autoFill", false);
user_pref("browser.search.openintab", false);
user_pref("browser.tabs), Ersetzt,[6e606f2ab8d248ee397d09669a6c42be]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (ser.search.openintab", false);
user_pref("browser.tabs.closeButtons", 1);
us), Ersetzt,[b01e00992a6006303b7b323d57afd22e]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (layouref("browser.urlbar.autoFill", false);
user_pref("browser.search.openintab", fals), Ersetzt,[16b86d2c0f7b02341a9c73fc9a6c639d]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: ("browser.urlbar.autoFill", false);
user_pref("browser.se), Ersetzt,[5975336691f92016ded8d39c32d428d8]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (true);
user_pref("nglayouref("browser.urlbar.autoFill"), Ersetzt,[7955c3d6870371c514a2d59a8086c23e]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (intrue);
user_pref("nglayouref("browser.urlbar.autoFill), Ersetzt,[a826f0a9b2d83402467059163bcbb050]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (ntrue);
user_pref("nglayouref("browser.urlbar.autoFill", false);
), Ersetzt,[8b43e7b26c1e54e2b303aec123e3c43c]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (er_pref("nglayouref("browser.urlbar.autoFill", false);
us), Ersetzt,[af1f87125c2ea0966b4b93dc1cea8779]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (rue);
user_pref("nglayouref("browser.urlbar.autoFill", false);), Ersetzt,[03cb9405a0ea3ef8c3f3b8b7b551ad53]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (
user_pref("nglayouref("browser.urlbar.autoFill", fal), Ersetzt,[e4ea5f3aaddda5914076b4bb33d38878]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (lintrue);
user_pref("nglayouref("browser.urlbar.autoFill), Ersetzt,[0fbfe7b228623cfab600b1be6a9c9769]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (true);
user_pref("nglayouref("browser.urlbar.autoFil), Ersetzt,[8e402d6c6f1b60d69a1c82edd531b34d]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (blintrue);
user_pref("nglayouref("browser.urlbar.autoF), Ersetzt,[ebe391089feb70c64472d7989f6712ee]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (intrue);
user_pref("nglayouref("browser.urlbar.autoF), Ersetzt,[4f7f9504dbaf8fa7cde99ed150b6a35d]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (blintrue);
user_pref("nglayouref("browser.urlbar.auto), Ersetzt,[f0de5940f7930f2707afcea1cc3aa25e]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (lintrue);
user_pref("nglayouref("browser.urlbar.aut), Ersetzt,[3b930198800a86b0c2f4e6898d7916ea]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (.blintrue);
user_pref("nglayouref("browser.urlbar.autoFill", false);
user_pref("brow), Ersetzt,[329c851497f32c0a8234006fb94d5aa6]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (("browser.urlbar.autoFill", false);
user_pref("brow), Ersetzt,[656940591a7040f6d2e408678680e21e]
PUP.Optional.Babylon.A, C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js, Gut: (), Schlecht: (.blintrue);
user_pref("nglayouref("browser.urlbar.aut), Ersetzt,[f3db6336f89288aeeec8b2bd8680df21]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
hier AdwCleaner.txt

Code:
# AdwCleaner v4.205 - Bericht erstellt 31/05/2015 um 12:01:16
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : WIN7 - WIN7-PC
# Gestarted von : D:\Eigene Dateien\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SoftwareUpdater
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\driver whiz
Ordner Gelöscht : C:\Program Files (x86)\AVG\AVG10\Toolbar
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\WIN7\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\WIN7\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\WIN7\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\WIN7\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\WIN7\AppData\Local\FileViewPro
Ordner Gelöscht : C:\Users\WIN7\AppData\Local\pokki
Ordner Gelöscht : C:\Users\WIN7\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\WIN7\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\WIN7\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\WIN7\AppData\Roaming\SecureSearch
Ordner Gelöscht : C:\Users\WIN7\AppData\Roaming\WinZipper
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\AVSDVDPlayer.m3u
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\CoreXPSP.dll
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : EPUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKCU\Software\5955d68bb36eef48
Schlüssel Gelöscht : HKLM\SOFTWARE\5955d68bb36eef48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422592214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422592214}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AVG Secure Search
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)

[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.id", "2c8b7b390000000000006cf0491de88d");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15610");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2c8b7b390000000000006cf0491de88d&q=");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=270912_11_3912_3");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.723:22:02");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.aflt", "make");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.dfltLng", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.dfltSrch", true);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.dnsErr", true);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.excTlbr", false);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.hmpg", true);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.id", "2c8b7b390000000000006cf0491de88d");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.instlDay", "15391");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.instlRef", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.prdct", "funmoods");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.tlbrId", "base");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q=");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1618:06:32");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.did", "10662");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.id", "2c8b7b390000000000006cf0491de88d");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15545");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyIU3vpDc&loc=IB_TB&i=26&search=");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyIU3vpDc");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261810019057178");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:38:41");
[oxn6lj6n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

*************************

AdwCleaner[R0].txt - [31642 Bytes] - [31/05/2015 11:59:56]
AdwCleaner[S0].txt - [30696 Bytes] - [31/05/2015 12:01:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30756  Bytes] ##########
und hier JRT.txt

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by WIN7 on 31.05.2015 at 12:07:18,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D81AF43-DE53-48D0-A199-42C2A226B24C}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}



~~~ Files

Successfully deleted: [File] C:\Users\WIN7\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com



~~~ Folders

Successfully deleted: [Folder] C:\Users\WIN7\appdata\locallow\myashampoo
Successfully deleted: [Folder] C:\Users\WIN7\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\WIN7\AppData\Roaming\software informer



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
Successfully deleted: [Folder] C:\Users\WIN7\AppData\Roaming\mozilla\firefox\profiles\oxn6lj6n.default\conduitcommon
Successfully deleted the following from C:\Users\WIN7\AppData\Roaming\mozilla\firefox\profiles\oxn6lj6n.default\prefs.js

user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, de);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 2c8b7b390000000000006cf0491de88d);
user_pref(extensions.delta.instlDay, 15877);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.21.5);
user_pref(extensions.delta.vrsnTs, 1.8.21.516:10:24);
user_pref(extensions.delta.vrsni, 1.8.21.5);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121562&tt=180613_ndt6&tsp=4920);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\WIN7\AppData\Roaming\mozilla\firefox\profiles\oxn6lj6n.default\minidumps [240 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2015 at 12:10:00,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und zum Schluss FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by WIN7 (administrator) on WIN7-PC on 31-05-2015 12:20:36
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: WIN7 (Available Profiles: WIN7)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3496448 2010-04-12] (Daniel Manger Software)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-345712177-510059219-1754512985-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-10.html
SearchScopes: HKLM-x32 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0030B613-25D0-4322-93B4-849CDB18B45E} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0C518C99-9F22-4438-852F-7EB722ED8006} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2ABAF584-1961-4369-8DB7-2C08247D97E2} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2BC3BBA1-A50E-4DD8-900B-D383965A6CC6} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {47B93365-C152-494D-AA6D-59F2285021A8} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {4A727733-5822-4CBA-95C7-2559F67B27F4} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {5B979127-71E7-4D90-9009-35201FDDCD65} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {7C66A6E9-9BAF-461D-B581-23BD5EF35D51} URL = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {87906159-0460-43EB-AEA0-0B79E875004A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {9C85D5A4-9E27-458F-BF1F-ACCC9CD659F9} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {AF6F0DDA-4DF5-4666-A98B-B7C6D3793F5B} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {C7501728-BE38-408D-AD62-10C9D517B710} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {D538DCC3-9A32-47C6-9054-428C6DD8EB2D} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {E954692D-1151-4996-97C1-F99203664D81} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default
FF DefaultSearchEngine: Wikipedia (de)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-03-24] ()
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2011-09-23] (Nero AG)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-345712177-510059219-1754512985-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2012-01-18] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\ude---suche.xml [2012-07-29]
FF Extension: Avira Browser Safety - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\abs@avira.com [2015-05-28]
FF Extension: Firefox Synchronisation Extension - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\synchronize@nokia.suite [2014-12-17]
FF Extension: YouTube Unblocker - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-20]
FF Extension: WOT - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: {002e960c-bfcf-43f1-a710-c60fd2e6ba92} - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{002e960c-bfcf-43f1-a710-c60fd2e6ba92}.xpi [2013-11-01]
FF Extension: Stop Autoplay - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2012-07-30]
FF Extension: NoScript - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Video HTML5 Updater Light - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{d39d7d7b-7423-4441-832d-e0694b76c353}.xpi [2013-11-06]
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 AllShare; D:\Programme\PC Share Manager (Samsung)\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576272 2011-10-03] (Hauppauge Computer Works)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 FreemiumSelfUpdateService; "C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2013-02-28] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116096 2010-06-01] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2010-05-30] () [File not signed]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43152 2010-06-25] (Oracle Corporation)
S4 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:10 - 2015-05-31 12:10 - 00003809 _____ () C:\Users\WIN7\Desktop\JRT.txt
2015-05-31 12:07 - 2015-05-31 12:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WIN7-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 12:07 - 2015-05-31 12:07 - 00000000 ____D () C:\RegBackup
2015-05-31 11:59 - 2015-05-31 12:01 - 00000000 ____D () C:\AdwCleaner
2015-05-31 10:20 - 2015-05-31 11:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 10:19 - 2015-05-31 10:19 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 10:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 10:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 10:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 15:25 - 2015-05-30 15:25 - 00037552 _____ () C:\ComboFix.txt
2015-05-30 15:06 - 2015-05-30 15:25 - 00000000 ____D () C:\Qoobox
2015-05-30 15:06 - 2015-05-30 15:23 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 15:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 15:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 15:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 23:13 - 2015-05-31 12:20 - 00000000 ____D () C:\FRST
2015-05-28 15:47 - 2015-05-28 15:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HateML
2015-05-28 13:26 - 2015-05-28 13:26 - 00599663 _____ () C:\Users\WIN7\2015.05.28.bookcook
2015-05-28 13:14 - 2015-05-31 11:44 - 00065316 _____ () C:\Windows\PFRO.log
2015-05-28 11:14 - 2015-05-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-26 18:14 - 2015-05-27 17:39 - 00000000 ____D () C:\ProgramData\jxparsm
2015-05-26 10:32 - 2015-05-28 19:48 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Consideration-appeal
2015-05-24 10:54 - 2015-05-28 07:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine_network
2015-05-23 16:41 - 2015-05-24 00:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-23 10:17 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Weekend-display
2015-05-23 07:48 - 2015-05-31 12:16 - 00001456 _____ () C:\Windows\setupact.log
2015-05-23 07:48 - 2015-05-23 07:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 11:00 - 2015-05-24 00:14 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Consideration-hear
2015-05-22 09:28 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Appointmentrace
2015-05-20 17:20 - 2015-05-23 18:01 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Error-kiss
2015-05-17 19:08 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-17 15:47 - 2015-05-19 07:28 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machinedetail
2015-05-15 10:41 - 2015-05-15 10:41 - 00031922 _____ () C:\Users\WIN7\ESt2014_Urselmans_Hugo_und_Gabriele.elfo
2015-05-15 09:33 - 2015-05-15 09:33 - 00000000 ____D () C:\Users\WIN7\AppData\Local\elfopatch
2015-05-15 09:21 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Appointment-discuss
2015-05-14 18:55 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:55 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:26 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Considerationserve
2015-05-13 15:58 - 2015-05-17 09:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine-assist
2015-05-13 13:47 - 2015-05-15 09:13 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Weekend_slide
2015-05-13 13:18 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:18 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:18 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 13:18 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:18 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 13:18 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 13:18 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 13:18 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 13:18 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 13:18 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:18 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 13:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 13:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 13:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:18 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 13:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 13:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:18 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 13:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 13:18 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:18 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:13 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:13 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:13 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:13 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:12 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:12 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:19 - 2012-01-31 18:38 - 01838348 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 12:14 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 12:14 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 11:34 - 2015-03-08 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 11:03 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-30 15:43 - 2010-06-07 21:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\TV-Browser
2015-05-30 15:25 - 2012-07-11 10:32 - 00000000 ____D () C:\Users\RJ
2015-05-30 15:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-30 15:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 21:04 - 2009-07-14 19:58 - 00759582 _____ () C:\Windows\system32\perfh007.dat
2015-05-28 21:04 - 2009-07-14 19:58 - 00172890 _____ () C:\Windows\system32\perfc007.dat
2015-05-28 21:04 - 2009-07-14 07:13 - 01768660 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 15:49 - 2010-07-30 17:26 - 00000000 ____D () C:\Users\WIN7\.VirtualBox
2015-05-28 13:26 - 2010-05-20 10:04 - 00000000 ____D () C:\Users\WIN7
2015-05-28 13:14 - 2012-04-27 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 10:05 - 2011-07-18 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-05-28 10:02 - 2011-03-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Tapin Radio
2015-05-28 09:58 - 2012-02-06 16:43 - 00000000 ____D () C:\Users\WIN7\Calibre Bibliothek
2015-05-28 09:46 - 2014-10-22 12:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 09:11 - 2010-05-27 20:44 - 00000000 ____D () C:\Program Files (x86)\PRMT8
2015-05-28 09:06 - 2012-11-17 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
2015-05-27 18:05 - 2011-02-12 15:48 - 00000000 ____D () C:\Windows\pss
2015-05-26 23:50 - 2011-11-03 23:39 - 00000000 ____D () C:\Users\WIN7\AppData\Local\CrashDumps
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-17 19:10 - 2011-05-27 13:50 - 01742004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 18:33 - 2012-09-25 10:42 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\PhotoScape
2015-05-15 09:35 - 2011-01-15 23:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-05-15 09:34 - 2015-01-27 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-05-15 09:18 - 2010-05-26 23:55 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 08:58 - 2009-07-14 06:45 - 00253232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 19:29 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 19:26 - 2013-07-25 14:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 19:04 - 2010-05-20 14:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 19:01 - 2010-05-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 18:55 - 2014-07-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:20 - 2013-05-23 11:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-05 13:50 - 2015-03-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:48 - 2013-04-01 16:31 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:48 - 2013-04-01 16:31 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2012-07-13 10:22 - 2012-07-13 10:22 - 0000288 _____ () C:\Users\WIN7\AppData\Roaming\.backup.dm
2011-06-26 10:25 - 2013-11-26 15:51 - 0000040 _____ () C:\Users\WIN7\AppData\Roaming\cdr.ini
2010-05-30 11:36 - 2014-10-11 16:22 - 0221696 _____ () C:\Users\WIN7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-26 22:35 - 2013-05-19 18:46 - 0007607 _____ () C:\Users\WIN7\AppData\Local\Resmon.ResmonCfg
2010-06-14 14:43 - 2011-12-05 23:30 - 0015463 _____ () C:\ProgramData\hpzinstall.log
2011-08-28 10:24 - 2011-08-28 10:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-10-27 12:08 - 2011-10-27 12:33 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-07 11:59 - 2012-05-07 11:59 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\WIN7\scribus-1.4.3-windows-x64.exe


Some files in TEMP:
====================
C:\Users\WIN7\AppData\Local\Temp\avgnt.exe
C:\Users\WIN7\AppData\Local\Temp\Quarantine.exe
C:\Users\WIN7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-05-04 08:39

==================== End of log ============================

hugo-goch 31.05.2015 11:34
und zum Schluss FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by WIN7 (administrator) on WIN7-PC on 31-05-2015 12:20:36
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: WIN7 (Available Profiles: WIN7)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3496448 2010-04-12] (Daniel Manger Software)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-345712177-510059219-1754512985-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-10.html
SearchScopes: HKLM-x32 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0030B613-25D0-4322-93B4-849CDB18B45E} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0C518C99-9F22-4438-852F-7EB722ED8006} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2ABAF584-1961-4369-8DB7-2C08247D97E2} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2BC3BBA1-A50E-4DD8-900B-D383965A6CC6} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {47B93365-C152-494D-AA6D-59F2285021A8} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {4A727733-5822-4CBA-95C7-2559F67B27F4} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {5B979127-71E7-4D90-9009-35201FDDCD65} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {7C66A6E9-9BAF-461D-B581-23BD5EF35D51} URL = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {87906159-0460-43EB-AEA0-0B79E875004A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {9C85D5A4-9E27-458F-BF1F-ACCC9CD659F9} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {AF6F0DDA-4DF5-4666-A98B-B7C6D3793F5B} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {C7501728-BE38-408D-AD62-10C9D517B710} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {D538DCC3-9A32-47C6-9054-428C6DD8EB2D} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {E954692D-1151-4996-97C1-F99203664D81} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default
FF DefaultSearchEngine: Wikipedia (de)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-03-24] ()
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2011-09-23] (Nero AG)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-345712177-510059219-1754512985-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2012-01-18] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\ude---suche.xml [2012-07-29]
FF Extension: Avira Browser Safety - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\abs@avira.com [2015-05-28]
FF Extension: Firefox Synchronisation Extension - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\synchronize@nokia.suite [2014-12-17]
FF Extension: YouTube Unblocker - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-20]
FF Extension: WOT - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: {002e960c-bfcf-43f1-a710-c60fd2e6ba92} - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{002e960c-bfcf-43f1-a710-c60fd2e6ba92}.xpi [2013-11-01]
FF Extension: Stop Autoplay - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2012-07-30]
FF Extension: NoScript - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Video HTML5 Updater Light - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{d39d7d7b-7423-4441-832d-e0694b76c353}.xpi [2013-11-06]
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 AllShare; D:\Programme\PC Share Manager (Samsung)\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576272 2011-10-03] (Hauppauge Computer Works)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 FreemiumSelfUpdateService; "C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2013-02-28] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116096 2010-06-01] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2010-05-30] () [File not signed]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43152 2010-06-25] (Oracle Corporation)
S4 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:10 - 2015-05-31 12:10 - 00003809 _____ () C:\Users\WIN7\Desktop\JRT.txt
2015-05-31 12:07 - 2015-05-31 12:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WIN7-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 12:07 - 2015-05-31 12:07 - 00000000 ____D () C:\RegBackup
2015-05-31 11:59 - 2015-05-31 12:01 - 00000000 ____D () C:\AdwCleaner
2015-05-31 10:20 - 2015-05-31 11:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 10:19 - 2015-05-31 10:19 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 10:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 10:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 10:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 15:25 - 2015-05-30 15:25 - 00037552 _____ () C:\ComboFix.txt
2015-05-30 15:06 - 2015-05-30 15:25 - 00000000 ____D () C:\Qoobox
2015-05-30 15:06 - 2015-05-30 15:23 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 15:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 15:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 15:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 23:13 - 2015-05-31 12:20 - 00000000 ____D () C:\FRST
2015-05-28 15:47 - 2015-05-28 15:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HateML
2015-05-28 13:26 - 2015-05-28 13:26 - 00599663 _____ () C:\Users\WIN7\2015.05.28.bookcook
2015-05-28 13:14 - 2015-05-31 11:44 - 00065316 _____ () C:\Windows\PFRO.log
2015-05-28 11:14 - 2015-05-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-26 18:14 - 2015-05-27 17:39 - 00000000 ____D () C:\ProgramData\jxparsm
2015-05-26 10:32 - 2015-05-28 19:48 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Consideration-appeal
2015-05-24 10:54 - 2015-05-28 07:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine_network
2015-05-23 16:41 - 2015-05-24 00:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-23 10:17 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Weekend-display
2015-05-23 07:48 - 2015-05-31 12:16 - 00001456 _____ () C:\Windows\setupact.log
2015-05-23 07:48 - 2015-05-23 07:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 11:00 - 2015-05-24 00:14 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Consideration-hear
2015-05-22 09:28 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Appointmentrace
2015-05-20 17:20 - 2015-05-23 18:01 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Error-kiss
2015-05-17 19:08 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-17 15:47 - 2015-05-19 07:28 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machinedetail
2015-05-15 10:41 - 2015-05-15 10:41 - 00031922 _____ () C:\Users\WIN7\ESt2014_Urselmans_Hugo_und_Gabriele.elfo
2015-05-15 09:33 - 2015-05-15 09:33 - 00000000 ____D () C:\Users\WIN7\AppData\Local\elfopatch
2015-05-15 09:21 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Appointment-discuss
2015-05-14 18:55 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:55 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:26 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Considerationserve
2015-05-13 15:58 - 2015-05-17 09:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine-assist
2015-05-13 13:47 - 2015-05-15 09:13 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Weekend_slide
2015-05-13 13:18 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:18 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:18 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 13:18 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:18 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 13:18 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 13:18 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 13:18 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 13:18 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 13:18 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:18 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 13:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 13:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 13:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:18 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 13:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 13:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:18 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 13:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 13:18 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:18 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:13 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:13 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:13 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:13 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:12 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:12 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:19 - 2012-01-31 18:38 - 01838348 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 12:14 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 12:14 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 11:34 - 2015-03-08 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 11:03 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-30 15:43 - 2010-06-07 21:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\TV-Browser
2015-05-30 15:25 - 2012-07-11 10:32 - 00000000 ____D () C:\Users\RJ
2015-05-30 15:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-30 15:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 21:04 - 2009-07-14 19:58 - 00759582 _____ () C:\Windows\system32\perfh007.dat
2015-05-28 21:04 - 2009-07-14 19:58 - 00172890 _____ () C:\Windows\system32\perfc007.dat
2015-05-28 21:04 - 2009-07-14 07:13 - 01768660 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 15:49 - 2010-07-30 17:26 - 00000000 ____D () C:\Users\WIN7\.VirtualBox
2015-05-28 13:26 - 2010-05-20 10:04 - 00000000 ____D () C:\Users\WIN7
2015-05-28 13:14 - 2012-04-27 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 10:05 - 2011-07-18 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-05-28 10:02 - 2011-03-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Tapin Radio
2015-05-28 09:58 - 2012-02-06 16:43 - 00000000 ____D () C:\Users\WIN7\Calibre Bibliothek
2015-05-28 09:46 - 2014-10-22 12:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 09:11 - 2010-05-27 20:44 - 00000000 ____D () C:\Program Files (x86)\PRMT8
2015-05-28 09:06 - 2012-11-17 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
2015-05-27 18:05 - 2011-02-12 15:48 - 00000000 ____D () C:\Windows\pss
2015-05-26 23:50 - 2011-11-03 23:39 - 00000000 ____D () C:\Users\WIN7\AppData\Local\CrashDumps
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-17 19:10 - 2011-05-27 13:50 - 01742004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 18:33 - 2012-09-25 10:42 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\PhotoScape
2015-05-15 09:35 - 2011-01-15 23:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-05-15 09:34 - 2015-01-27 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-05-15 09:18 - 2010-05-26 23:55 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 08:58 - 2009-07-14 06:45 - 00253232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 19:29 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 19:26 - 2013-07-25 14:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 19:04 - 2010-05-20 14:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 19:01 - 2010-05-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 18:55 - 2014-07-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:20 - 2013-05-23 11:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-05 13:50 - 2015-03-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:48 - 2013-04-01 16:31 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:48 - 2013-04-01 16:31 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2012-07-13 10:22 - 2012-07-13 10:22 - 0000288 _____ () C:\Users\WIN7\AppData\Roaming\.backup.dm
2011-06-26 10:25 - 2013-11-26 15:51 - 0000040 _____ () C:\Users\WIN7\AppData\Roaming\cdr.ini
2010-05-30 11:36 - 2014-10-11 16:22 - 0221696 _____ () C:\Users\WIN7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-26 22:35 - 2013-05-19 18:46 - 0007607 _____ () C:\Users\WIN7\AppData\Local\Resmon.ResmonCfg
2010-06-14 14:43 - 2011-12-05 23:30 - 0015463 _____ () C:\ProgramData\hpzinstall.log
2011-08-28 10:24 - 2011-08-28 10:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-10-27 12:08 - 2011-10-27 12:33 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-07 11:59 - 2012-05-07 11:59 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\WIN7\scribus-1.4.3-windows-x64.exe


Some files in TEMP:
====================
C:\Users\WIN7\AppData\Local\Temp\avgnt.exe
C:\Users\WIN7\AppData\Local\Temp\Quarantine.exe
C:\Users\WIN7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-05-04 08:39

==================== End of log ============================

schrauber 31.05.2015 14:47

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

hugo-goch 01.06.2015 07:14
Trojanische Pferd TR/Matsnu.A.296 gefunden
 
Guten Morgen Schrauber,

nach langen 8 Stunden habe ich die Eset log.txt fertig.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e41c345cb0e360408ccbc4ff677f3d0f
# engine=24107
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-31 11:01:02
# local_time=2015-06-01 01:01:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 85 59634355 184743112 0 0
# scanned=477351
# found=65
# cleaned=61
# scan_time=29137
sh=1C85186FCB54F0D4D6E23470E03D9E2FC270C158 ft=1 fh=5fb10f05cd172e16 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\Adobe\ARM\Reader_11.0.09\29770\moment_of_inertia\scsi_terminator.exe"
sh=1C85186FCB54F0D4D6E23470E03D9E2FC270C158 ft=1 fh=5fb10f05cd172e16 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\ArcSoft\Global Deploy\CheckUpdate\a_weighting\acceleration.exe"
sh=1C85186FCB54F0D4D6E23470E03D9E2FC270C158 ft=1 fh=5fb10f05cd172e16 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\ATI\ACE\a_weighting\acceleration.exe"
sh=9C4F6AEF4A89FDB6D86B0AF1B3DFCC50A6DDE9C5 ft=1 fh=3c302de0805a11eb vn="Variante von Win32/Kryptik.DJUK Trojaner" ac=I fn="C:\Users\All Users\AVG2013\Cfg\thermoelectric_cooler\solid_solution_strengthening.exe"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3311336\UninstallerUI.exe.vir"
sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=88DBE5F113DF37C1780ED9B0D8FC144CA20600D8 ft=1 fh=ae439cb8cb701357 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio\Setup\ashampoo_burning_studio_2012_cbe_11.0.4_sd.exe"
sh=A0867E6C018019D4E76B0DA3E067413C1E9193D5 ft=1 fh=25de646db16c1e53 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio\Setup\ashampoo_burning_studio_6_free_6.83_4312.exe"
sh=A0867E6C018019D4E76B0DA3E067413C1E9193D5 ft=1 fh=25de646db16c1e53 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\ashampoo_burning_studio_6_free_6.83_4312.exe"
sh=5033F03511BFE34CB67C64871D7EAD795FF38D5D ft=1 fh=d6894d1c6b25087b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 5\Setup\ashampoo_photo_commander_7_7.31_7011.exe"
sh=5010BDDBEDDF9DF52905ECE13A54AD1831760CFC ft=1 fh=ae0f36ec463e8583 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 8\Setup\ashampoo_photo_commander_8_8.4.0_8416.exe"
sh=5B439B2DC9DA61396B932475A78D4DAFE1CA076E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 9\Setup\AshampooPhotoCommander9.zip"
sh=EA6B1C4CAB93BBD5BFFA2F6282A0E8F11089C1C3 ft=1 fh=137660bf5c5aa7c0 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 9\Setup\Setup.exe"
sh=A286C0831A97F92D5B02D4B93E86530036A8699D ft=1 fh=541a6d15877510a0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Setup\ashampoo_winoptimizer_6_6.60_7259.exe"
sh=D241974BE0F6F5F7ABF7788446CDC8893BE52B60 ft=1 fh=ec42522fe029b72e vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Audiograbber\Setup\agsetup183se.exe"
sh=EC55221366AAF436B43254919800106C591E838C ft=1 fh=fdc534f6fd142c5c vn="Variante von Win32/ELEX.AG evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FormatFactory\Setup\FFSetup280.exe"
sh=C401904EE0D8FBE62E9A921CEC17170F455CD021 ft=1 fh=78a55e9155d363e7 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FormatFactory\Setup\FFSetupNoDVDRip296.exe"
sh=13419407FBF6DB96C5107CBA1387898185C5B6E8 ft=1 fh=ff678d7888e6161c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FormatFactory\Setup\format-factory-250.exe"
sh=38C6F9F3570C2D84933B835BD57C78CF90E88424 ft=1 fh=1ae43e8ce99fc14e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FormatFactory\Setup\formatfactory245.exe"
sh=B22621B2E760AEB8EE8DC609D4BEB5476D4BDAA2 ft=1 fh=92f0fff0bbfcb40b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FormatFactory\Setup\format_factory260de.exe"
sh=9ADF67B37CC5C6262C37C32792E29D6D3A10A18C ft=1 fh=29c3d55a1381cd3a vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Spiele\SolSuite\Setup\SoftonicDownloader6600.exe"
sh=1C85186FCB54F0D4D6E23470E03D9E2FC270C158 ft=1 fh=5fb10f05cd172e16 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Adobe\ARM\Reader_11.0.09\29770\moment_of_inertia\scsi_terminator.exe"
sh=1C85186FCB54F0D4D6E23470E03D9E2FC270C158 ft=1 fh=5fb10f05cd172e16 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\ArcSoft\Global Deploy\CheckUpdate\a_weighting\acceleration.exe"
sh=1C85186FCB54F0D4D6E23470E03D9E2FC270C158 ft=1 fh=5fb10f05cd172e16 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\ATI\ACE\a_weighting\acceleration.exe"
sh=9C4F6AEF4A89FDB6D86B0AF1B3DFCC50A6DDE9C5 ft=1 fh=3c302de0805a11eb vn="Variante von Win32/Kryptik.DJUK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\AVG2013\Cfg\thermoelectric_cooler\solid_solution_strengthening.exe"
sh=808D325AF468EC98A52342496BFD0A9062A446B9 ft=1 fh=fba05f5f1f52c06c vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\00_Installation\Nero-9.4.12.3_free.exe"
sh=CB0FFB408870C6D10B9A1CB82FC4AC0A36312DD4 ft=1 fh=9dda181afbd8ec45 vn="Win32/Solvusoft.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Eigene Dateien\Downloads\Setup_FileViewPro_2015.exe"
sh=9ADF67B37CC5C6262C37C32792E29D6D3A10A18C ft=1 fh=29c3d55a1381cd3a vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Eigene Dateien\Eigene Dokumente\Documente\Annette\Spiele Setup\SoftonicDownloader6600.exe"
sh=77832EA8BA610AE9312CC0DCA5A0346DA7648120 ft=1 fh=d050806d57759f0c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Eigene Dateien\Eigene Dokumente\Downloads\Integrated_BrotherSoft_TB.exe"
sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\Free YouTube to MP3 Converter\Setup\FreeYouTubeToMP3Converter.exe"
sh=BEB2872C5EE9890C656B293C5EFBAD0220B4E538 ft=1 fh=3852d8d68dbe73c3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\Free YouTube to MP3 Converter\Setup\FreeYouTubeToMP3Converter31014.exe"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\Free YouTube to MP3 Converter\Setup\FreeYouTubeToMP3Converter31134.exe"
sh=768AB00622964AF093AE369C2098265984CA583C ft=1 fh=76149a3fdcd44d15 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\Free YouTube to MP3 Converter\Setup\FreeYouTubeToMP3Converter_3.11.25.exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\Test\2015.02.04\PDFCreator-2_0_2-setup.exe"
sh=EC455FF00A580DE68C400944C418C60ED16CA8AC ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2012-11-11 190001\Backup Files 2012-11-11 190001\Backup files 3.zip"
sh=2162F1FE74018447D7D4A292440CF1CCD6607F28 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2012-11-11 190001\Backup Files 2012-12-09 190001\Backup files 1.zip"
sh=0B9D21C9AA914141F0C2CF1EC448BDAEB9009357 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2012-11-11 190001\Backup Files 2013-01-13 190001\Backup files 1.zip"
sh=C0B2B4B7FC2900FEC084160488AA1C2BD4501A0B ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-01-27 190002\Backup Files 2013-01-27 190002\Backup files 3.zip"
sh=8BC2553927DD7293FFF8F6755AE26D0C5DA9F4FC ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-01-27 190002\Backup Files 2013-01-27 190002\Backup files 4.zip"
sh=5CC3008C86FF3D5430752A927E697301325A79D9 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-01-27 190002\Backup Files 2013-01-27 190002\Backup files 7.zip"
sh=DA1B689E0134160DA679B0DA07FE42E6C8234103 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-01-27 190002\Backup Files 2013-04-07 190003\Backup files 1.zip"
sh=EFDA34BD826C3291877E6DBF6C798C85B0ECB671 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-04-14 190002\Backup Files 2013-04-14 190002\Backup files 3.zip"
sh=BEAB65FC8F7A3FB89E0B9E0E4B3275466A3BF8E1 ft=0 fh=0000000000000000 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-04-14 190002\Backup Files 2013-05-14 152428\Backup files 1.zip"
sh=06D54C38D5CA7FD2EBB2139305E9A18631398962 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-04-14 190002\Backup Files 2013-05-19 190002\Backup files 1.zip"
sh=83A34B1DC99FD6672A5F2D0DAA56C6E87D550699 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-05-26 190002\Backup Files 2013-05-26 190002\Backup files 3.zip"
sh=7598F988B24DDFF676B2D147C11E7EA7079A98CF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-05-26 190002\Backup Files 2013-06-16 190003\Backup files 1.zip"
sh=494F95396BBDC237FE63035641D21CF5154ADD10 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-06-23 190002\Backup Files 2013-06-23 190002\Backup files 2.zip"
sh=0194579E3DB2787102094593238FEA50A47C6E1F ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-06-23 190002\Backup Files 2013-06-23 190002\Backup files 3.zip"
sh=FA9CBEB8BD994A681D6CD6EA9EF52FBED02EE89B ft=0 fh=0000000000000000 vn="Win32/AdInstaller evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-06-23 190002\Backup Files 2013-07-07 225813\Backup files 1.zip"
sh=4FAA639C8F9974FADF426A54B1F83C3EA3C8A80E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-06-23 190002\Backup Files 2013-08-11 190001\Backup files 1.zip"
sh=18EB2C040468D86DECD37DAD7365550F885F6D78 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-09-15 190001\Backup Files 2013-09-15 190001\Backup files 2.zip"
sh=D78EB0BC51235272F7F957CF841DA7FE6160C3AE ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-09-15 190001\Backup Files 2013-09-15 190001\Backup files 3.zip"
sh=BC8DDC3F5E092EB7BFD8C76A26FA5397D766FFA5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-09-15 190001\Backup Files 2013-12-01 190001\Backup files 1.zip"
sh=5246A9A7F796DE8A710269A1474749519BB0EE42 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-12-08 190002\Backup Files 2013-12-08 190002\Backup files 2.zip"
sh=CD7BE450C6CC0DE4E7A24B6C658707EEFE989C03 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-12-08 190002\Backup Files 2013-12-08 190002\Backup files 4.zip"
sh=BC2A8F828633705CAE78DDA0B1871AF917239A64 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2013-12-08 190002\Backup Files 2013-12-15 190001\Backup files 1.zip"
sh=119FF2B2682FBC88D52E0E7967CDBC1F2FD8853B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2014-03-02 190002\Backup Files 2014-03-02 190002\Backup files 2.zip"
sh=9B69CC8011BF45FE40FBD5F39D6C6DF4415F39AB ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2014-05-18 190002\Backup Files 2014-05-18 190002\Backup files 2.zip"
sh=BD89E84887C82AAA3783B355A64C5484458CDC97 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2014-08-24 190002\Backup Files 2014-08-24 190002\Backup files 2.zip"
sh=37F37EA16764D3E38D3F9A4D0F2827DCB65201D5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2014-11-09 190002\Backup Files 2014-11-09 190002\Backup files 2.zip"
sh=AB47F523032FBE81D7468EA0FC9BE4E16F5C599F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2014-12-07 190003\Backup Files 2014-12-07 190003\Backup files 2.zip"
sh=ABF2577EBE2BF2250A6BB505A8E7491F22C356E9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2015-02-15 190002\Backup Files 2015-02-15 190002\Backup files 2.zip"
sh=09ADA4031DF4FACA4E893A94B8E612E3456E5FA2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2015-03-15 190002\Backup Files 2015-03-15 190002\Backup files 2.zip"
sh=93EC554A85C30E869369C28914FFED42CBE5A45C ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WIN7-PC\Backup Set 2015-05-24 190002\Backup Files 2015-05-24 190002\Backup files 9.zip"
sh=9ADF67B37CC5C6262C37C32792E29D6D3A10A18C ft=1 fh=29c3d55a1381cd3a vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="N:\Sicherung\Eigene Dokumente\Documente\Annette\Spiele Setup\SoftonicDownloader6600.exe"
die checkup.txt folgt hier

Code:
Results of screen317's Security Check version 1.002 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 33 
 Java 7 Update 21 
 Java 7 Update 55 
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox (38.0.1)
 Mozilla Thunderbird (31.7.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
und zum Schluß die FRST.log

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by WIN7 (administrator) on WIN7-PC on 01-06-2015 08:06:54
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: WIN7 (Available Profiles: WIN7)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3496448 2010-04-12] (Daniel Manger Software)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-345712177-510059219-1754512985-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-345712177-510059219-1754512985-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-345712177-510059219-1754512985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-10.html
SearchScopes: HKLM-x32 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0030B613-25D0-4322-93B4-849CDB18B45E} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {0C518C99-9F22-4438-852F-7EB722ED8006} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2ABAF584-1961-4369-8DB7-2C08247D97E2} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {2BC3BBA1-A50E-4DD8-900B-D383965A6CC6} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {47B93365-C152-494D-AA6D-59F2285021A8} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {4A727733-5822-4CBA-95C7-2559F67B27F4} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {5B979127-71E7-4D90-9009-35201FDDCD65} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {7C66A6E9-9BAF-461D-B581-23BD5EF35D51} URL = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {87906159-0460-43EB-AEA0-0B79E875004A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {9C85D5A4-9E27-458F-BF1F-ACCC9CD659F9} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {AF6F0DDA-4DF5-4666-A98B-B7C6D3793F5B} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {C7501728-BE38-408D-AD62-10C9D517B710} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {D538DCC3-9A32-47C6-9054-428C6DD8EB2D} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> {E954692D-1151-4996-97C1-F99203664D81} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-345712177-510059219-1754512985-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default
FF DefaultSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2010-03-24] ()
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2011-09-23] (Nero AG)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-345712177-510059219-1754512985-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange Viewer Free\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2012-01-18] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\searchplugins\ude---suche.xml [2012-07-29]
FF Extension: Avira Browser Safety - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\abs@avira.com [2015-05-28]
FF Extension: Firefox Synchronisation Extension - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\synchronize@nokia.suite [2014-12-17]
FF Extension: YouTube Unblocker - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-20]
FF Extension: WOT - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: {002e960c-bfcf-43f1-a710-c60fd2e6ba92} - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{002e960c-bfcf-43f1-a710-c60fd2e6ba92}.xpi [2013-11-01]
FF Extension: Stop Autoplay - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2012-07-30]
FF Extension: NoScript - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Video HTML5 Updater Light - C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\Profiles\oxn6lj6n.default\Extensions\{d39d7d7b-7423-4441-832d-e0694b76c353}.xpi [2013-11-06]
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 AllShare; D:\Programme\PC Share Manager (Samsung)\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576272 2011-10-03] (Hauppauge Computer Works)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 FreemiumSelfUpdateService; "C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2013-02-28] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116096 2010-06-01] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2010-05-30] () [File not signed]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43152 2010-06-25] (Oracle Corporation)
S4 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:10 - 2015-05-31 12:10 - 00003809 _____ () C:\Users\WIN7\Desktop\JRT.txt
2015-05-31 12:07 - 2015-05-31 12:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WIN7-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 12:07 - 2015-05-31 12:07 - 00000000 ____D () C:\RegBackup
2015-05-31 11:59 - 2015-05-31 12:01 - 00000000 ____D () C:\AdwCleaner
2015-05-31 10:20 - 2015-05-31 11:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 10:19 - 2015-05-31 10:19 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 10:19 - 2015-05-31 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 10:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 10:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 10:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 15:25 - 2015-05-30 15:25 - 00037552 _____ () C:\ComboFix.txt
2015-05-30 15:06 - 2015-05-30 15:25 - 00000000 ____D () C:\Qoobox
2015-05-30 15:06 - 2015-05-30 15:23 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 15:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 15:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 15:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 15:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 23:13 - 2015-06-01 08:07 - 00000000 ____D () C:\FRST
2015-05-28 15:47 - 2015-05-28 15:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HateML
2015-05-28 13:26 - 2015-05-28 13:26 - 00599663 _____ () C:\Users\WIN7\2015.05.28.bookcook
2015-05-28 13:14 - 2015-06-01 08:04 - 00066126 _____ () C:\Windows\PFRO.log
2015-05-28 11:14 - 2015-05-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-26 18:14 - 2015-05-27 17:39 - 00000000 ____D () C:\ProgramData\jxparsm
2015-05-26 10:32 - 2015-05-28 19:48 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Consideration-appeal
2015-05-24 10:54 - 2015-05-28 07:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine_network
2015-05-23 16:41 - 2015-05-24 00:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-23 10:17 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Weekend-display
2015-05-23 07:48 - 2015-06-01 08:04 - 00001512 _____ () C:\Windows\setupact.log
2015-05-23 07:48 - 2015-05-23 07:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 11:00 - 2015-05-24 00:14 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Consideration-hear
2015-05-22 09:28 - 2015-05-25 00:06 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Appointmentrace
2015-05-20 17:20 - 2015-05-23 18:01 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Error-kiss
2015-05-17 19:08 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-17 19:08 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-17 15:47 - 2015-05-19 07:28 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machinedetail
2015-05-15 10:41 - 2015-05-15 10:41 - 00031922 _____ () C:\Users\WIN7\ESt2014_Urselmans_Hugo_und_Gabriele.elfo
2015-05-15 09:33 - 2015-05-15 09:33 - 00000000 ____D () C:\Users\WIN7\AppData\Local\elfopatch
2015-05-15 09:21 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Appointment-discuss
2015-05-14 18:55 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:55 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:26 - 2015-05-17 14:51 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Considerationserve
2015-05-13 15:58 - 2015-05-17 09:55 - 00000000 ___HD () C:\Users\WIN7\AppData\Roaming\Machine-assist
2015-05-13 13:47 - 2015-05-15 09:13 - 00000000 ___HD () C:\Users\WIN7\AppData\Local\Weekend_slide
2015-05-13 13:18 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:18 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:18 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 13:18 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:18 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 13:18 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 13:18 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 13:18 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 13:18 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 13:18 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 13:18 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 13:18 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 13:18 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 13:18 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 13:18 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 13:18 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 13:18 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 13:18 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:18 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:18 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 13:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 13:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 13:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 13:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 13:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 13:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:18 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 13:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 13:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 13:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 13:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 13:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 13:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 13:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:18 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 13:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 13:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 13:18 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:18 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:13 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:13 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:13 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:13 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:12 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:12 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:12 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 08:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 08:03 - 2012-01-31 18:38 - 01854511 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 07:34 - 2015-03-08 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 16:19 - 2009-07-14 19:58 - 00759582 _____ () C:\Windows\system32\perfh007.dat
2015-05-31 16:19 - 2009-07-14 19:58 - 00172890 _____ () C:\Windows\system32\perfc007.dat
2015-05-31 16:19 - 2009-07-14 07:13 - 01768660 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 12:24 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 12:24 - 2009-07-14 06:45 - 00015952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 11:03 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-30 15:43 - 2010-06-07 21:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\TV-Browser
2015-05-30 15:25 - 2012-07-11 10:32 - 00000000 ____D () C:\Users\RJ
2015-05-30 15:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-30 15:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 15:49 - 2010-07-30 17:26 - 00000000 ____D () C:\Users\WIN7\.VirtualBox
2015-05-28 13:26 - 2010-05-20 10:04 - 00000000 ____D () C:\Users\WIN7
2015-05-28 13:14 - 2012-04-27 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 10:05 - 2011-07-18 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-05-28 10:02 - 2011-03-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Tapin Radio
2015-05-28 09:58 - 2012-02-06 16:43 - 00000000 ____D () C:\Users\WIN7\Calibre Bibliothek
2015-05-28 09:46 - 2014-10-22 12:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 09:11 - 2010-05-27 20:44 - 00000000 ____D () C:\Program Files (x86)\PRMT8
2015-05-28 09:06 - 2012-11-17 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
2015-05-27 18:05 - 2011-02-12 15:48 - 00000000 ____D () C:\Windows\pss
2015-05-26 23:50 - 2011-11-03 23:39 - 00000000 ____D () C:\Users\WIN7\AppData\Local\CrashDumps
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 02:05 - 2015-04-04 08:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-17 19:10 - 2011-05-27 13:50 - 01742004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 18:33 - 2012-09-25 10:42 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\PhotoScape
2015-05-15 09:35 - 2011-01-15 23:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-05-15 09:34 - 2015-01-27 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-05-15 09:18 - 2010-05-26 23:55 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 08:58 - 2013-03-14 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 08:58 - 2009-07-14 06:45 - 00253232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 19:29 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 19:26 - 2013-07-25 14:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 19:04 - 2010-05-20 14:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 19:01 - 2010-05-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 18:55 - 2014-07-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:20 - 2013-05-23 11:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-05 13:50 - 2015-03-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:48 - 2013-04-01 16:31 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:48 - 2013-04-01 16:31 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2012-07-13 10:22 - 2012-07-13 10:22 - 0000288 _____ () C:\Users\WIN7\AppData\Roaming\.backup.dm
2011-06-26 10:25 - 2013-11-26 15:51 - 0000040 _____ () C:\Users\WIN7\AppData\Roaming\cdr.ini
2010-05-30 11:36 - 2014-10-11 16:22 - 0221696 _____ () C:\Users\WIN7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-26 22:35 - 2013-05-19 18:46 - 0007607 _____ () C:\Users\WIN7\AppData\Local\Resmon.ResmonCfg
2010-06-14 14:43 - 2011-12-05 23:30 - 0015463 _____ () C:\ProgramData\hpzinstall.log
2011-08-28 10:24 - 2011-08-28 10:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-10-27 12:08 - 2011-10-27 12:33 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-07 11:59 - 2012-05-07 11:59 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\WIN7\scribus-1.4.3-windows-x64.exe


Some files in TEMP:
====================
C:\Users\WIN7\AppData\Local\Temp\avgnt.exe
C:\Users\WIN7\AppData\Local\Temp\Quarantine.exe
C:\Users\WIN7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-05-04 08:39

==================== End of log ============================
Ich hoffe, daß der Rechner jetzt sauber ist.

Vielen Dank für die Mühe

Hugo

schrauber 01.06.2015 17:38
Java updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

hugo-goch 01.06.2015 19:31
Hallo Schrauber,
es folgt die Fixlog.txt

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by WIN7 at 2015-06-01 20:14:44 Run:1
Running from D:\Eigene Dateien\Desktop
Loaded Profiles: WIN7 (Available Profiles: WIN7)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Emptytemp:
       
*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value Removed successfully
EmptyTemp: => Removed 232.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:17:34 ====
Gruß Hugo

schrauber 02.06.2015 18:34
fertig :)

hugo-goch 02.06.2015 21:40
Trojanische Pferd TR/Matsnu.A.296 gefunden
 
Hallo Schrauber,

ich möchte mich für die außerordentliche Hilfe bedanken.

Evtl. hören wir mal wieder von einander. Nur nicht bei einem
so unliebsamen Thema.

Nochmals vielen Dank.

Hugo


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131