Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7/ Virusentfernung mit div. Antivirenprogrammen nur teilw. geglückt/Virus im Hintergrund (https://www.trojaner-board.de/168738-windows-7-virusentfernung-div-antivirenprogrammen-nur-teilw-geglueckt-virus-hintergrund.html)

forestgump 16.07.2015 00:59
Windows 7/ Virusentfernung mit div. Antivirenprogrammen nur teilw. geglückt/Virus im Hintergrund
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo lieber Helfer,
ich kämpfe nun schon länger gegen einen hartnäckigen Virus. Der hat mir einfach Programme aus dem Internet runtergeladen und jede Menge Werbung.
Ich habe ca. 6-7 verschiedene Antivirenprogramme eingesetzt (G-data, Ad-Aware,Spybot etc.)
Aber laut "Security-Reciever" habe ich immer noch 91 Infektionen in der Systemregistrierung
und laut Microsoft Scanner habe ich eine "variant of Adwere.multiplug" der Virus wäre in fogender Website = admin.archivemagnon.com.

Ich persönliche merke nur das der PC erhebliche länger beim Hoch und auch runterfahren braucht und auch langsamer geworden ist.
Es scheint so als ob im Hintergrund ein Programm geöffnet wird. Ich muß nämlich beim runterfahren das Schließen erzwingen und da taucht ganz kurz der unbekannte Name auf=
TASK HOST WINDOWS
Ich habe Ihre Anleitung befolgt und versuche die Infos anzuhängen.
Gruß Jörg

schrauber 16.07.2015 06:24
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

forestgump 17.07.2015 01:48
Hallo Schrauber, hier sind die 3 Anhänge umgewandelt
 
Hallo, ich hab die 3 Anhänge kopiert und versuche die auf mehrere Nachrichten zu verteilen.
Besten Dank schon mal im voraus für die Hilfe.
Viele Grüße
Jörg

Code:
GMER Logfile:

       
Code:

       
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-28 01:20:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\JRXS~1\AppData\Local\Temp\fwloypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe[2992] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes  0000000076e608b0 14 bytes {JMP QWORD [RIP+0x0]}
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000075231401 2 bytes JMP 75a0b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000075231419 2 bytes JMP 75a0b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000075231431 2 bytes JMP 75a88f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    000000007523144a 2 bytes CALL 759e489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       00000000752314dd 2 bytes JMP 75a88822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000752314f5 2 bytes JMP 75a889f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       000000007523150d 2 bytes JMP 75a88718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000075231525 2 bytes JMP 75a88ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      000000007523153d 2 bytes JMP 759ffca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           0000000075231555 2 bytes JMP 75a068ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    000000007523156d 2 bytes JMP 75a88fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000075231585 2 bytes JMP 75a88b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         000000007523159d 2 bytes JMP 75a886dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000752315b5 2 bytes JMP 759ffd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000752315cd 2 bytes JMP 75a0b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000752316b2 2 bytes JMP 75a88ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000752316bd 2 bytes JMP 75a88671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe[3508] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes                     0000000075a5b35e 5 bytes JMP 00000001100078e0
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                           0000000075a5b35e 5 bytes JMP 0000000100c278e0
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                       0000000075231401 2 bytes JMP 75a0b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                         0000000075231419 2 bytes JMP 75a0b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                       0000000075231431 2 bytes JMP 75a88f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                       000000007523144a 2 bytes CALL 759e489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                          00000000752314dd 2 bytes JMP 75a88822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                   00000000752314f5 2 bytes JMP 75a889f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                          000000007523150d 2 bytes JMP 75a88718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                   0000000075231525 2 bytes JMP 75a88ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                         000000007523153d 2 bytes JMP 759ffca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                              0000000075231555 2 bytes JMP 75a068ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                       000000007523156d 2 bytes JMP 75a88fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                         0000000075231585 2 bytes JMP 75a88b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                            000000007523159d 2 bytes JMP 75a886dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                         00000000752315b5 2 bytes JMP 759ffd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                       00000000752315cd 2 bytes JMP 75a0b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                   00000000752316b2 2 bytes JMP 75a88ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                   00000000752316bd 2 bytes JMP 75a88671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe[3756] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                     0000000075a5b35e 5 bytes JMP 00000001072578e0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[5728] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                             0000000076e608b0 14 bytes {JMP QWORD [RIP+0x0]}

---- EOF - GMER 2.1 ----

--- --- ---
hallo schrauber hier noch ein Teil von den aufgeteilten Anhängen. Gruß Jörg
[CODE]
Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by jörxs at 2015-06-28 00:50:53
Running from C:\Users\jörxs\Documents\Handy-rechnungen S3 - MTV-Mobil
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2946636422-4155816413-4096824531-500 - Administrator - Disabled)
Gast (S-1-5-21-2946636422-4155816413-4096824531-501 - Limited - Disabled)
jörxs (S-1-5-21-2946636422-4155816413-4096824531-1000 - Administrator - Enabled) => C:\Users\jörxs

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G*DATA INTERNET*SECURITY CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: G*DATA INTERNET*SECURITY CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.36 beta (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{EA4954FD-C685-1C7D-16F3-9BC2FD5E6BD3}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4017 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disketch CD-Beschriftungssoftware (HKLM-x32\...\Disketch) (Version: 3.34 - NCH Software)
DSL Soforthilfe (HKLM-x32\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.55.113 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.55.113 - DVDVideoSoft Ltd.)
Free SystemUtilities (x32 Version: 1.1.0.95 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.44.922 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.922 - DVDVideoSoft Ltd.)
G*DATA INTERNET*SECURITY CBE (HKLM-x32\...\{6E9D1CB6-A9BF-4F47-8BA2-F34ECBE49C86}) (Version: 25.1.0.4 - G DATA Software AG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome Packages (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Google Chrome Packages) (Version:  - ) <==== ATTENTION
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Ice Age(TM) 4 - Voll Verschoben! Die arktischen Spiele demo (HKLM-x32\...\InstallShield_{F7A7D9B3-A142-4957-AC8E-530D1DE1A91A}) (Version: 1.00.0000 - Activision)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Image Editor Packages) (Version:  - ) <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 19.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0 (x86 de)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
PDF Reader (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\PDF Reader) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qtrax Connection Manager (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Qtrax Connection Manager) (Version: 20.13.07.02 - Qtrax Inc)
Qtrax Player (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\1570102368.portal.qtrax.com) (Version:  - portal.qtrax.com)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RarmaRadio 2.68.3 (HKLM-x32\...\RarmaRadio_is1) (Version:  - RaimerSoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Update_DealPly (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\DealPly) (Version:  - )
Updater Service (HKLM-x32\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION
Video Converter (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Video Converter) (Version:  - )
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-06-2015 01:05:16 AA11
18-06-2015 01:10:26 LavasoftWeCompanion
22-06-2015 02:56:01 Windows-Sicherung
24-06-2015 01:35:35 Removed AVG 2015
24-06-2015 01:38:06 Removed AVG 2015
24-06-2015 01:44:33 Removed Visual Studio 2012 x64 Redistributables
24-06-2015 01:46:12 Removed Visual Studio 2012 x86 Redistributables
24-06-2015 15:04:10 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019D92E0-D591-4B9F-BAFB-D5CE6F28E8A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {04FFD90A-8778-4DE2-B847-2305C40C9451} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {0ED63B16-3574-4C2E-ABB5-55F18E319DF0} - System32\Tasks\DriverMgr => C:\Users\jörxs\AppData\Roaming\jellylam\rinti.exe
Task: {13327C53-335E-4367-A250-5ACBF2CF0487} - System32\Tasks\{A5967512-98C4-4BE5-A528-D4020E6C5AA8} => Firefox.exe
Task: {276054F9-6271-4123-8C57-91E86F8BA5E5} - System32\Tasks\{58D12E97-22DE-45E9-83CF-66224BBECA83} => pcalua.exe -a C:\Users\jörxs\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {2C738AF8-B185-4EC2-9780-C3DBE9C701B1} - System32\Tasks\{791C3874-0478-4254-A61B-6D0BBE010DAD} => Firefox.exe
Task: {32F681F3-27E7-4180-A232-620A95502C56} - \WinKit No Task File <==== ATTENTION
Task: {3DE195D4-EB79-4A99-8B11-57E8FD7E0D9C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {4020241D-F9E0-43C0-BC80-4B5E3BBE4581} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4E20A411-0250-4198-94DE-F09F633CEB92} - System32\Tasks\Google Updater and Installer => C:\Users\jörxs\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {4E391E09-1DF7-46C5-BCCE-5ECFB62696E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {5899D2AE-875E-41B7-9606-760BE40F1C59} - System32\Tasks\Convertor => C:\Users\jörxs\AppData\Roaming\Convertor\Convertor.exe
Task: {7200256C-7040-4010-A826-2739B77ABAC8} - \ReimageUpdater No Task File <==== ATTENTION
Task: {72FDE30D-DE5E-4E3D-8D3C-FF94B1428472} - \Winsta Update No Task File <==== ATTENTION
Task: {75B514AB-0A28-4031-BE54-2FBAF681AFEE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7A4954B1-807B-4C9C-A3F0-BF484DE1CB75} - System32\Tasks\Freemium1ClickMaint => C:\Users\jörxs\Downloads\1Click.exe
Task: {849CE547-BCCF-49E4-9FC3-B4ABE5F72F31} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {8E5D4494-D818-42ED-B730-647C7B3E1726} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {91AFC99B-B757-45C5-9561-12CC0C2BB2A0} - System32\Tasks\keepup => C:\Users\jörxs\AppData\Roaming\jellylam\rinti.exe
Task: {91B5399C-AA64-4DCC-8AEF-343B381E98E2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {939A347C-C65F-4AC6-805D-AFFE492DFF5D} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {A7B9D903-499A-4EBE-939B-66163FB23B51} - System32\Tasks\{C1102D74-77E0-4E21-BE46-A11B38DDF3AC} => pcalua.exe -a "C:\Program Files (x86)\XSManager\InstallWTGService.exe" -d "C:\Program Files (x86)\XSManager" -c install
Task: {B23A2FE0-F7BD-4705-BFE7-03EF48E2AF64} - System32\Tasks\{A3EE770D-8B14-4033-A524-778485F380D8} => pcalua.exe -a C:\Users\jörxs\Downloads\GMX_Firefox_Setup.exe -d "C:\Program Files (x86)\congstar\Internetmanager\Bin"
Task: {B6551B4F-8C87-43ED-844C-CFB1392DCDC2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C8771C51-6A5D-4F8B-B09E-2BA596EF81D0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D5338460-C66E-4292-9AD2-D09F9B1D917E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {D5C7B224-FE4B-4AAE-9E85-6E962B3D3B71} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-10-22] () <==== ATTENTION
Task: {D7C80F8C-43B0-4AED-847A-5C9C7E578095} - System32\Tasks\{9FC6150D-DD6B-4517-9CE4-8D05A0A367E5} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.22.0.107&amp;LastError=12007
Task: {DD64FA44-CA45-46F8-A80D-D710620CF7E7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DF3E9FE2-E296-4205-8FF6-830F381BCE6A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DFD0905C-7E9F-4A97-9C35-CC7615D356BA} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe <==== ATTENTION
Task: {EA2AA992-768B-45DC-9F84-7C6DD980B9EA} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATTENTION
Task: {F0725CB3-6D2A-4958-8694-436D7D234CE5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F437CCC8-027A-4454-84C7-753C8F849613} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JmR8cY6D9Fuplw8Gw.job => C:\Users\jýÿrxs\AppData\Roaming\JmR8cY6D9Fuplw8Gw.exe <==== ATTENTION
Task: C:\Windows\Tasks\tQxHjP0Pg.job => C:\Users\jýÿrxs\AppData\Roaming\tQxHjP0Pg.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2011-10-20 11:00 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00019816 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-06-08 14:12 - 2015-06-08 14:12 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00034664 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-23 12:54 - 2013-11-21 22:57 - 20585888 ____N () C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe
2011-10-13 07:52 - 2011-10-13 07:52 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2015-06-27 15:51 - 2015-06-27 15:51 - 00050477 _____ () C:\Users\jörxs\Documents\Handy-rechnungen S3 - MTV-Mobil\Defogger.exe
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00078656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00184680 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00123736 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-06-08 14:13 - 2015-06-08 14:13 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-06-08 14:11 - 2015-06-08 14:11 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2014-10-16 03:43 - 2014-10-16 03:43 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-10-20 10:18 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-06-23 18:49 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 18:48 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-23 18:49 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jörxs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56FD1BD5-F6D0-4AFE-A412-15BEBDCEB113}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8AC469C7-FB13-4AF2-9FBD-41373226DD28}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DE312465-1B28-42EB-A3C2-BC11CA863D1A}] => (Allow) LPort=2869
FirewallRules: [{F6B33FAD-DE9D-46DA-9878-3D2D9228C87C}] => (Allow) LPort=1900
FirewallRules: [{66B0C3D7-6A90-416C-AB88-FDB6C51642FE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{33F5DFC4-ECDC-4533-91C1-07FEB8B2C61B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{151B7C73-A258-4D89-9C33-5787BF21834D}] => (Allow) D:\o2CD.exe
FirewallRules: [{C45A16EB-6D1D-45E4-BA71-C70400DEAE39}] => (Allow) D:\o2CD.exe
FirewallRules: [{E8FBE2B1-1833-42FB-8F2D-08CEDCA23F86}] => (Allow) C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe
FirewallRules: [{24DE3351-7B72-4341-B964-133A86D25F46}] => (Allow) C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe
FirewallRules: [{098602F9-31FD-4B33-92E5-5EFBA41C50DF}] => (Allow) D:\fsetup.exe
FirewallRules: [{12E3DFA8-1D9F-41D1-8DC5-6C64B407D333}] => (Allow) D:\fsetup.exe
FirewallRules: [{C603BE5C-C6C9-461B-AADA-CD7DF0BEF91A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CB5EDFB1-9A90-4C44-9E2A-8277166FA123}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1E8C404D-03AE-41E6-98BD-FE20EB236128}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2015 00:24:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2015 03:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 05:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 03:54:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 03:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 03:11:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.1.2.0, Zeitstempel: 0x5450097e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xc88
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (06/26/2015 03:10:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.2.929 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2464

Startzeit: 01d0af7c2f427d27

Endzeit: 9

Anwendungspfad: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Berichts-ID: fdf73e27-1b9f-11e5-8702-08edb91379df

Error: (06/25/2015 08:37:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2015 00:19:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6c0

Startzeit: 01d0af23a8c2644a

Endzeit: 1825

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: acba3cba-1b23-11e5-a165-08edb91379df

Error: (06/25/2015 10:49:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/28/2015 00:25:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
pankw

Error: (06/27/2015 03:43:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
pankw

Error: (06/27/2015 00:56:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst GREGService erreicht.

Error: (06/26/2015 05:49:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
pankw

Error: (06/26/2015 03:55:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
pankw

Error: (06/26/2015 03:46:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
pankw

Error: (06/26/2015 03:44:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2

Error: (06/26/2015 03:44:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/26/2015 03:11:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (06/26/2015 03:10:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.


Microsoft Office:
=========================
Error: (06/28/2015 00:24:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2015 03:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 05:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 03:54:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 03:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 03:11:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.1.2.05450097eunknown0.0.0.000000000c000000500000000c8801d0af75d71d9c2bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeunknown36e3ea27-1ba0-11e5-8702-08edb91379df

Error: (06/26/2015 03:10:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.2.929246401d0af7c2f427d279C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exefdf73e27-1b9f-11e5-8702-08edb91379df

Error: (06/25/2015 08:37:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2015 00:19:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175676c001d0af23a8c2644a1825C:\Windows\Explorer.EXEacba3cba-1b23-11e5-a165-08edb91379df

Error: (06/25/2015 10:49:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-03-11 00:47:31.183
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 00:47:31.181
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 00:47:31.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 00:47:13.681
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 00:47:13.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 00:47:13.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-09 22:18:15.844
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-09 22:18:15.844
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-09 22:18:15.844
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-09 22:17:56.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 3947.86 MB
Available physical RAM: 1626.08 MB
Total Pagefile: 7893.93 MB
Available Pagefile: 4439.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:321.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 26DB4B40)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

forestgump 17.07.2015 01:51
Hallo schrauber, hier sind die nächsten Teile von meiner zu langen Antwort (die 3 Anhänge)
Gruß Jörg

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by jörxs (administrator) on JÖRXS-PC on 28-06-2015 00:49:24
Running from C:\Users\jörxs\Documents\Handy-rechnungen S3 - MTV-Mobil
Loaded Profiles: jörxs (Available Profiles: jörxs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\jörxs\Documents\Handy-rechnungen S3 - MTV-Mobil\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [DSL Soforthilfe] => C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe [20585888 2013-11-21] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-06-08] (Lavasoft)
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: {14475706-e790-11e1-92c1-08edb91379df} - E:\AutoRun.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: {532235f7-efcb-11e1-91ec-08edb91379df} - E:\AutoRun.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: {a002343b-3d5d-11e2-98e7-08edb91379df} - F:\autorun.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: {a0d6c5a1-a94c-11e1-92f7-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: {c8474575-e788-11e1-99fe-08edb91379df} - E:\AutoRun.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\MountPoints2: {c8474581-e788-11e1-99fe-08edb91379df} - E:\AutoRun.exe
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-14] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1475&systemid=406&v=n12281-319&apn_uid=0143155351654524&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1475&systemid=406&v=n12281-319&apn_uid=0143155351654524&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> {556DB1BF-9C79-4B8D-BF16-08CEF0AB262F} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> {71391EAD-C0A9-4F5E-9663-3FCB7E9A4BAC} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=7ebc2256de194cce9831a5c7e4383a7e&tu=10GXy00B01C01g0&sku=&tstsId=&ver=&&r=329
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=170&systemid=102&v=r12203-309&apn_uid=7033303412884354&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1475&systemid=406&v=n12281-319&apn_uid=0143155351654524&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://search.lavasoft.com/results.php?search={searchTerms}&category=web&partner=WCYID10140&campaign=adaware&d=150612
Toolbar: HKU\S-1-5-21-2946636422-4155816413-4096824531-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-12] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-12] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default
FF Homepage: about:blank
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\searchplugins\securesearch.xml [2015-06-12]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-12-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml [2014-04-27]
FF Extension: broWsEAndsoHop - C:\Users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\Extensions\4RLc4@8.com [2015-06-09]
FF Extension: DSL Soforthilfe - C:\Users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\Extensions\{95E05177-EA09-4386-8B79-FEB1EAC063E6} [2015-06-08]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2015-06-10]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-22]
FF HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR Profile: C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-10]
CHR Extension: (YouTube) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-27]
CHR Extension: (Google Search) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-27]
CHR Extension: (TankBillig.Info) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkhbefffgedhmmnccfjohojeoojpdh [2014-11-30]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-11-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Quick Scroll) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-06-10]
CHR Extension: (Gmail) - C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-27]
CHR HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\jörxs\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-04-07] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-06-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-12-03] (Mobile Connector) [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-06-09] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-06-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230400 2015-06-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [75776 2015-06-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-06-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-06-09] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-06-09] (G Data Software AG)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S0 pankw; No ImagePath
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\JRXS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 00:20 - 2015-06-28 00:49 - 00000000 ____D C:\FRST
2015-06-28 00:18 - 2015-06-28 00:18 - 00000000 _____ C:\Users\jörxs\defogger_reenable
2015-06-27 02:15 - 2015-06-27 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-06-27 02:15 - 2015-06-27 02:15 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-06-27 02:08 - 2015-06-27 02:13 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\ReviverSoft
2015-06-25 00:11 - 2015-06-25 00:11 - 00000000 ____D C:\Users\jörxs\AppData\Local\{D2737306-2EC6-44D0-9D3C-DE141B36F2E5}
2015-06-25 00:10 - 2015-06-25 00:10 - 00000000 ____D C:\Users\jörxs\AppData\Local\{1EBDBB6E-BE1E-45E3-9F9B-2E6CA99D6AA3}
2015-06-24 22:30 - 2015-06-28 00:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 22:30 - 2015-06-24 22:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 22:30 - 2015-06-24 22:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 22:30 - 2015-06-24 22:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 22:25 - 2015-06-24 22:25 - 00000000 ____D C:\Users\jörxs\Downloads\install_flash_player194
2015-06-24 22:23 - 2015-06-24 22:24 - 35464439 _____ C:\Users\jörxs\Downloads\install_flash_player194.zip
2015-06-24 12:52 - 2015-06-25 23:03 - 00000270 _____ C:\Windows\SysWOW64\debug.log
2015-06-24 01:40 - 2015-06-28 00:23 - 00013172 _____ C:\Windows\PFRO.log
2015-06-23 18:28 - 2015-06-23 18:28 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-06-23 18:28 - 2015-06-23 18:28 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-06-23 18:25 - 2015-06-23 18:25 - 00000000 ____D C:\Users\jörxs\AppData\Local\Avg
2015-06-22 18:09 - 2015-06-22 18:09 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\SECRV
2015-06-22 18:08 - 2015-06-22 18:08 - 04697400 _____ (ReviverSoft ) C:\Users\jörxs\Downloads\SecurityReviverSetup_ppc.exe
2015-06-22 17:56 - 2015-06-28 00:23 - 00000896 _____ C:\Windows\setupact.log
2015-06-22 17:56 - 2015-06-22 17:56 - 00000000 _____ C:\Windows\setuperr.log
2015-06-19 10:00 - 2015-06-19 10:01 - 00000000 ____D C:\Users\jörxs\AppData\Local\{51FC66CC-2A22-4CDE-ABF2-2695DB3ABAD9}
2015-06-18 01:12 - 2015-06-18 01:12 - 00000000 ____D C:\Users\jörxs\AppData\Local\Lavasoft
2015-06-18 01:11 - 2015-06-18 01:11 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-06-18 01:09 - 2015-06-28 00:25 - 00002285 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-06-18 01:08 - 2015-06-18 01:08 - 00000000 ____D C:\Program Files\Lavasoft
2015-06-18 01:06 - 2015-06-18 01:10 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\Lavasoft
2015-06-18 01:06 - 2015-06-18 01:06 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-06-18 01:05 - 2015-06-18 01:10 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-17 03:56 - 2015-06-28 00:21 - 00000000 ____D C:\Users\jörxs\Documents\A-Berufssuche
2015-06-13 00:19 - 2015-06-24 01:38 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-13 00:14 - 2015-06-24 01:40 - 00000000 ____D C:\ProgramData\MFAData
2015-06-13 00:14 - 2015-06-13 00:14 - 04578024 _____ (AVG Technologies) C:\Users\jörxs\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2015-06-13 00:14 - 2015-06-13 00:14 - 00000000 ____D C:\Users\jörxs\AppData\Local\MFAData
2015-06-12 04:39 - 2015-06-12 04:39 - 00000000 _____ C:\autoexec.bat
2015-06-12 04:36 - 2015-06-12 04:36 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\jörxs\Downloads\SpyHunter-Installer.exe
2015-06-12 03:20 - 2015-06-12 03:20 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\LavasoftStatistics
2015-06-12 03:19 - 2015-06-12 03:41 - 00002888 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-06-12 03:19 - 2015-06-12 03:41 - 00002888 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-06-12 03:19 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-06-12 03:19 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-06-12 03:17 - 2015-06-18 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-12 03:17 - 2015-06-12 03:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-06-12 03:13 - 2015-06-12 03:13 - 02071768 _____ C:\Users\jörxs\Downloads\AdAware116WebInstaller.exe
2015-06-12 03:01 - 2015-06-12 03:01 - 00173056 _____ C:\Windows\Providernew.dll
2015-06-12 01:58 - 2015-06-12 01:58 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\gjypu.sys
2015-06-12 01:26 - 2015-06-12 01:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-12 01:25 - 2015-06-12 01:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\jörxs\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-11 00:01 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 00:01 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 00:01 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 00:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 00:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 00:01 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-11 00:01 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-11 00:01 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-11 00:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-11 00:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-11 00:01 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-11 00:00 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-11 00:00 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-11 00:00 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-11 00:00 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-11 00:00 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-11 00:00 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-11 00:00 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-11 00:00 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-11 00:00 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-11 00:00 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-11 00:00 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-11 00:00 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-11 00:00 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-11 00:00 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-11 00:00 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-11 00:00 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-11 00:00 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-11 00:00 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-11 00:00 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-11 00:00 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-11 00:00 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-11 00:00 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-11 00:00 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-11 00:00 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-11 00:00 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-11 00:00 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-11 00:00 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-11 00:00 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 00:00 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-11 00:00 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-11 00:00 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 00:00 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-11 00:00 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 00:00 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-11 00:00 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 23:59 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 23:59 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 23:59 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 23:59 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 23:59 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 23:59 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 23:59 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 23:59 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 23:59 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 23:59 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 23:59 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 23:59 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 23:59 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 23:59 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 23:59 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 23:59 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 23:59 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 23:59 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 23:59 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 23:59 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 23:59 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 23:59 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 23:59 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 23:59 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 23:59 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 23:59 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 23:59 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 23:59 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 23:59 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 23:59 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 23:59 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 23:59 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 23:59 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 23:59 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 23:59 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 23:59 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 23:59 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 23:59 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 23:59 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 23:59 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 23:59 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 23:59 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 23:59 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 23:59 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 23:59 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 23:59 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 23:59 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 23:59 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 23:59 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 23:59 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 23:59 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 23:59 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 23:59 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 23:59 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 23:59 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 23:59 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 23:59 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 23:59 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 23:59 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 23:59 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 00:55 - 2015-06-24 14:19 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 00:55 - 2015-06-10 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 00:54 - 2015-06-28 00:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 00:54 - 2015-06-28 00:11 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 00:54 - 2015-06-12 03:06 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-10 00:34 - 2015-06-10 00:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-09 23:59 - 2015-06-10 00:18 - 00000000 ____D C:\ProgramData\WinZip
2015-06-09 23:57 - 2015-06-09 23:57 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\QuickScan
2015-06-09 23:55 - 2015-06-09 23:54 - 00880784 _____ (Google Inc.) C:\Users\jörxs\Downloads\79787-678360-google-chrome.exe
2015-06-09 23:33 - 2015-06-09 23:33 - 00002966 _____ C:\Windows\System32\Tasks\{A5967512-98C4-4BE5-A528-D4020E6C5AA8}
2015-06-09 23:33 - 2015-06-09 23:33 - 00002966 _____ C:\Windows\System32\Tasks\{791C3874-0478-4254-A61B-6D0BBE010DAD}
2015-06-09 21:08 - 2015-06-23 20:06 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-09 20:04 - 2015-06-09 20:04 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-06-09 20:04 - 2015-06-09 20:04 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-06-09 19:52 - 2015-06-09 19:52 - 00075776 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-06-09 19:52 - 2015-06-09 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G*DATA INTERNET*SECURITY CBE
2015-06-09 19:51 - 2015-06-09 19:51 - 00230400 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-06-09 19:51 - 2015-06-09 19:51 - 00150016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-06-09 19:51 - 2015-06-09 19:51 - 00124928 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-06-09 19:51 - 2015-06-09 19:51 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-06-09 19:51 - 2015-06-09 19:51 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2015-06-09 19:51 - 2015-06-09 19:51 - 00002058 _____ C:\Users\Public\Desktop\G*DATA INTERNET*SECURITY CBE.lnk
2015-06-09 19:51 - 2015-06-09 19:51 - 00000779 _____ C:\Users\jörxs\AppData\Roaming\gdscan.log
2015-06-09 19:51 - 2015-06-09 19:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_GDKBB64_01007.Wdf
2015-06-09 19:51 - 2015-06-09 19:51 - 00000000 _____ C:\Users\jörxs\AppData\Roaming\gdfw.log
2015-06-09 19:48 - 2015-06-09 19:48 - 00000000 ____D C:\Program Files (x86)\G DATA
2015-06-08 22:18 - 2015-06-08 22:18 - 00000000 ____D C:\Program Files (x86)\predm
2015-06-08 21:32 - 2015-06-08 21:37 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-08 21:32 - 2015-06-08 21:32 - 00001006 _____ C:\Windows\Tasks\JmR8cY6D9Fuplw8Gw.job
2015-06-08 21:32 - 2015-06-08 21:32 - 00000990 _____ C:\Windows\Tasks\tQxHjP0Pg.job
2015-06-08 21:32 - 2015-06-08 21:32 - 00000000 ____D C:\Users\jörxs\AppData\Local\globalUpdate
2015-06-08 21:24 - 2015-06-09 21:57 - 00000000 ____D C:\Users\jörxs\AppData\Local\SmartWeb
2015-06-08 20:51 - 2015-06-08 20:52 - 00001070 _____ C:\Users\jörxs\Documents\cc_20150608_205158.reg
2015-06-08 20:51 - 2015-06-08 20:51 - 00024916 _____ C:\Users\jörxs\Documents\cc_20150608_205109.reg
2015-06-08 20:51 - 2015-06-08 20:51 - 00003910 _____ C:\Users\jörxs\Documents\cc_20150608_205136.reg
2015-06-08 20:48 - 2015-06-08 20:49 - 00098300 _____ C:\Users\jörxs\Documents\Sicherung der Registry Bereinigt von Cclean 08.06.2015.reg
2015-06-08 20:40 - 2015-06-08 20:40 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-08 20:40 - 2015-06-08 20:40 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-08 20:40 - 2015-06-08 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-08 20:40 - 2015-06-08 20:40 - 00000000 ____D C:\Program Files\CCleaner
2015-06-08 19:46 - 2015-06-08 19:46 - 00000000 ____D C:\Program Files (x86)\faReedEeliveriyy
2015-06-06 00:14 - 2015-06-21 12:45 - 00000000 ____D C:\Users\jörxs\Documents\Fritz Box Tel.Buch
2015-06-06 00:10 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-06 00:10 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-06 00:10 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-06 00:10 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-06 00:10 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-06 00:10 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-06 00:10 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-06 00:10 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 22:00 - 2015-06-12 03:01 - 00000000 ____D C:\Windows\Provider32
2015-06-05 22:00 - 2015-06-05 22:00 - 00000012 _____ C:\Windows\SysWOW64\0
2015-06-05 22:00 - 2015-06-05 22:00 - 00000000 ____D C:\Program Files (x86)\Bin
2015-06-05 19:07 - 2015-06-10 00:27 - 00000000 ____D C:\ProgramData\G Data
2015-06-05 12:37 - 2015-06-09 20:19 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\jellylam
2015-06-05 12:37 - 2015-06-09 20:15 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\Winsta
2015-06-05 12:37 - 2015-06-05 12:37 - 00003756 _____ C:\Windows\System32\Tasks\keepup
2015-06-05 12:37 - 2015-06-05 12:37 - 00003232 _____ C:\Windows\System32\Tasks\DriverMgr
2015-06-05 12:37 - 2015-06-05 12:37 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-06-05 12:37 - 2015-06-05 12:37 - 00000106 _____ C:\Windows\SysWOW64\sn.txt
2015-06-03 18:41 - 2015-06-08 00:19 - 00000000 ____D C:\Program Files (x86)\RCP
2015-06-03 02:25 - 2015-06-03 02:25 - 00002052 _____ C:\Windows\epplauncher.mif
2015-06-01 22:31 - 2015-06-01 22:31 - 00000000 ____D C:\Users\jörxs\AppData\Local\GWX
2015-06-01 22:17 - 2015-06-01 22:17 - 00000000 ____D C:\Program Files (x86)\SndLatr Beta for Gmail
2015-06-01 22:17 - 2015-06-01 22:17 - 00000000 ____D C:\Program Files (x86)\lowraite
2015-06-01 00:08 - 2015-06-20 02:04 - 00000000 ____D C:\ProgramData\10b8d69a00001b5a
2015-05-31 23:48 - 2015-06-05 12:37 - 00003768 _____ C:\Windows\System32\Tasks\Convertor
2015-05-31 23:48 - 2015-05-31 23:48 - 00000000 ____D C:\Program Files (x86)\Winsta
2015-05-31 23:48 - 2015-05-31 23:48 - 00000000 ____D C:\Program Files (x86)\Convertor
2015-05-31 04:25 - 2015-05-31 04:25 - 00000008 _____ C:\END
2015-05-31 04:15 - 2015-05-31 04:15 - 00003220 _____ C:\Windows\System32\Tasks\MaxComputerCleaner_Start
2015-05-31 04:15 - 2015-05-31 04:15 - 00000000 ____D C:\Users\jörxs\AppData\Local\Max_Computer_Cleaner
2015-05-31 01:57 - 2015-06-09 22:42 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\11B46681-1433030269-E111-98C3-DC0EA1A9CD37
2015-05-31 01:55 - 2015-06-09 21:54 - 00000000 ____D C:\8e9d3056-07f8-44f8-9436-ee04cfacb52c
2015-05-31 01:55 - 2015-05-31 01:55 - 00000000 _____ C:\LILAE96.tmp
2015-05-31 01:55 - 2015-05-31 01:55 - 00000000 _____ C:\LILAE19.tmp
2015-05-31 01:55 - 2015-05-31 01:55 - 00000000 _____ C:\LILADAC.tmp
2015-05-31 01:55 - 2015-05-31 01:55 - 00000000 _____ C:\LILAD3F.tmp
2015-05-31 01:51 - 2015-05-31 01:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-05-30 11:18 - 2015-05-30 11:18 - 00000000 ____D C:\Program Files (x86)\Live Earnings Checker for Google AdSense
2015-05-30 11:17 - 2015-06-10 00:20 - 00000024 _____ C:\Users\jörxs\AppData\Roaming\appdataFr25.bin
2015-05-30 11:17 - 2015-05-30 11:17 - 00000000 ____D C:\Program Files (x86)\broWsEAndsoHop

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 00:46 - 2014-07-20 21:31 - 00000000 ____D C:\Users\jörxs\Documents\Handy-rechnungen S3 - MTV-Mobil
2015-06-28 00:33 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-28 00:33 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-28 00:30 - 2012-05-29 07:14 - 01057658 _____ C:\Windows\WindowsUpdate.log
2015-06-28 00:27 - 2013-08-12 02:17 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2015-06-28 00:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 00:21 - 2012-07-31 21:48 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\SoftGrid Client
2015-06-28 00:18 - 2012-07-26 17:31 - 00000000 ____D C:\Users\jörxs
2015-06-28 00:14 - 2013-11-10 12:51 - 00262144 _____ C:\Windows\system32\config\elam
2015-06-28 00:08 - 2014-12-04 03:20 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A53DE5B6-2E00-4DBC-91A0-56F00F03971B}
2015-06-26 00:09 - 2012-08-21 19:01 - 00000000 ____D C:\Users\jörxs\Documents\Arbeitsamt - Bewerbungen
2015-06-25 10:55 - 2012-05-29 17:05 - 00700126 _____ C:\Windows\system32\perfh007.dat
2015-06-25 10:55 - 2012-05-29 17:05 - 00149976 _____ C:\Windows\system32\perfc007.dat
2015-06-25 10:55 - 2009-07-14 07:13 - 00870926 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 19:22 - 2012-07-26 17:31 - 00062464 _____ C:\Users\jörxs\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-24 14:12 - 2012-07-26 17:41 - 00000000 ____D C:\Users\jörxs\AppData\Local\Adobe
2015-06-24 01:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-24 01:47 - 2014-12-24 14:37 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-22 17:53 - 2012-08-14 09:53 - 00000000 ____D C:\Users\jörxs\Documents\ForceField Shared Files
2015-06-22 16:33 - 2015-05-26 16:49 - 00000000 ____D C:\Users\jörxs\Documents\A-Wohnung
2015-06-16 14:10 - 2011-10-20 11:15 - 00000000 ____D C:\Windows\fi
2015-06-15 04:18 - 2011-10-20 11:29 - 00000000 ____D C:\Windows\Downloaded Installations
2015-06-14 23:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 00:20 - 2014-11-26 21:38 - 00000000 __SHD C:\Users\jörxs\AppData\Local\EmieBrowserModeList
2015-06-13 00:20 - 2014-04-16 23:15 - 00000000 __SHD C:\Users\jörxs\AppData\Local\EmieUserList
2015-06-13 00:20 - 2014-04-16 23:15 - 00000000 __SHD C:\Users\jörxs\AppData\Local\EmieSiteList
2015-06-12 03:06 - 2014-10-11 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-12 03:03 - 2011-10-20 11:15 - 00000000 ____D C:\Windows\nl
2015-06-12 03:02 - 2013-07-12 02:26 - 00000000 ____D C:\ProgramData\APN
2015-06-12 01:57 - 2013-08-14 02:20 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\DSite
2015-06-12 01:57 - 2013-03-09 05:18 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\BabSolution
2015-06-12 01:57 - 2012-12-08 01:02 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2015-06-12 01:57 - 2012-09-26 01:06 - 00000000 ____D C:\Users\jörxs\AppData\Local\CRE
2015-06-11 22:54 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 17:37 - 2009-07-14 06:45 - 00275040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 17:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 02:21 - 2013-08-15 12:36 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 02:14 - 2012-08-16 21:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 20:42 - 2012-07-26 17:33 - 00001429 _____ C:\Users\jörxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-10 20:42 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 20:41 - 2012-09-24 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-10 00:55 - 2012-08-16 20:23 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-10 00:07 - 2011-10-20 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-09 22:00 - 2015-04-14 18:28 - 00001171 _____ C:\Users\jörxs\AppData\Roaming\JmR8cY6D9Fuplw8Gw
2015-06-09 21:54 - 2015-04-22 21:41 - 00000000 ____D C:\ProgramData\b891d2ba00003f0c
2015-06-09 21:52 - 2012-08-16 21:10 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2015-06-09 20:07 - 2015-05-12 04:58 - 00000000 ____D C:\Program Files (x86)\PragmaEngine
2015-06-09 18:33 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-08 21:36 - 2011-10-20 10:35 - 00000000 ____D C:\Program Files (x86)\Acer Games
2015-06-08 20:42 - 2014-10-26 20:12 - 00000000 ____D C:\Windows\Minidump
2015-06-08 20:42 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2015-06-08 19:47 - 2015-05-13 13:38 - 00000000 ____D C:\ProgramData\4601372211897530546
2015-06-08 00:19 - 2012-12-08 22:04 - 00000000 ____D C:\Users\jörxs\AppData\Roaming\Systweak
2015-06-06 14:43 - 2012-08-21 23:58 - 00000000 ____D C:\Program Files\Recuva
2015-06-06 13:58 - 2014-12-11 11:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 13:58 - 2014-05-02 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 12:37 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-05 12:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-06-02 13:14 - 2015-02-02 21:08 - 00000000 ____D C:\Users\jörxs\Documents\HD +
2015-06-02 01:56 - 2015-04-27 01:05 - 00000165 _____ C:\Windows\Reimage.ini
2015-05-31 01:31 - 2013-08-12 02:25 - 00003656 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2015-05-31 01:26 - 2012-05-29 07:27 - 00000000 ____D C:\Dolby PCEE4
2015-05-29 00:16 - 2014-12-23 13:07 - 00000000 ____D C:\Users\jörxs\Documents\O2 Rechnungen incl. Einzelverbindungsnachweis

==================== Files in the root of some directories =======

2015-05-30 11:17 - 2015-06-10 00:20 - 0000024 _____ () C:\Users\jörxs\AppData\Roaming\appdataFr25.bin
2015-06-09 19:51 - 2015-06-09 19:51 - 0000000 _____ () C:\Users\jörxs\AppData\Roaming\gdfw.log
2015-06-09 19:51 - 2015-06-09 19:51 - 0000779 _____ () C:\Users\jörxs\AppData\Roaming\gdscan.log
2015-04-14 18:28 - 2015-06-09 22:00 - 0001171 _____ () C:\Users\jörxs\AppData\Roaming\JmR8cY6D9Fuplw8Gw
2015-01-22 02:02 - 2015-01-22 02:02 - 0074889 _____ () C:\Users\jörxs\AppData\Local\084AE95F_stp.CIS
2015-01-22 02:02 - 2015-01-22 02:26 - 0000265 _____ () C:\Users\jörxs\AppData\Local\084AE95F_stp.CIS.part
2015-01-22 02:01 - 2015-01-22 02:01 - 0138335 _____ () C:\Users\jörxs\AppData\Local\205CED23_stp.CIS
2015-01-22 02:01 - 2015-01-22 02:26 - 0000314 _____ () C:\Users\jörxs\AppData\Local\205CED23_stp.CIS.part
2015-01-22 02:02 - 2015-01-22 02:02 - 1517409 _____ () C:\Users\jörxs\AppData\Local\4461A4D8_stp.CIS
2015-01-22 02:02 - 2015-01-22 02:26 - 0000263 _____ () C:\Users\jörxs\AppData\Local\4461A4D8_stp.CIS.part
2015-01-22 02:01 - 2015-01-22 02:01 - 0103560 _____ () C:\Users\jörxs\AppData\Local\516B3EA5_stp.CIS
2015-01-22 02:01 - 2015-01-22 02:26 - 0000290 _____ () C:\Users\jörxs\AppData\Local\516B3EA5_stp.CIS.part
2015-01-22 02:01 - 2015-01-22 02:01 - 1331684 _____ () C:\Users\jörxs\AppData\Local\53E9472D_stp.CIS
2015-01-22 02:01 - 2015-01-22 02:25 - 0000126 _____ () C:\Users\jörxs\AppData\Local\53E9472D_stp.CIS.part
2015-01-22 02:01 - 2015-01-22 02:01 - 7764454 _____ () C:\Users\jörxs\AppData\Local\5D067DA4_stp.CIS
2015-01-22 02:01 - 2015-01-22 02:26 - 0000316 _____ () C:\Users\jörxs\AppData\Local\5D067DA4_stp.CIS.part
2015-01-22 02:02 - 2015-01-22 02:02 - 0092702 _____ () C:\Users\jörxs\AppData\Local\73A5D503_stp.CIS
2015-01-22 02:02 - 2015-01-22 02:26 - 0000289 _____ () C:\Users\jörxs\AppData\Local\73A5D503_stp.CIS.part
2013-08-13 01:54 - 2013-08-13 02:05 - 0004608 _____ () C:\Users\jörxs\AppData\Local\memopti.exe
2012-05-29 07:42 - 2012-05-29 07:45 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-09-03 04:26 - 2014-09-03 04:28 - 0000032 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
C:\Users\jörxs\AppData\Local\Temp\7b80efe2-4302-40fa-aaab-57fb054dd636.exe
C:\Users\jörxs\AppData\Local\Temp\d3f4dd61-5130-4e4d-af9e-18df2aef3f46.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 21:20

==================== End of log ============================
--- --- ---

schrauber 17.07.2015 10:58
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BabylonObjectInstaller

    Google Chrome Packages

    Image Editor Packages

    Updater Service


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

forestgump 18.07.2015 00:17
2 Programme sind nicht im Uninstallerfeld.
 
Hallo Schrauber,
ich habe mir den Revo uninstaller heruntergeladen und kann im Uninstallerfeld lediglich
(Google Chrome Packages) und (Image Editor Packages) finden.

Der (BabylonObjectInstaller) und der( Updater Service) sind dort nicht vorhanden.

Soll ich trotzdem einfach fortfahren und die beiden Programme löschen und die Liste weiter abarbeiten?

Gruß Jörg

schrauber 18.07.2015 13:35
Schau mal ob die normal über Windows deinstalliert werden können. Wenn ja dort deinstallieren. Egal ob ja oder nein, direkt im Anschluss weiter mit Combofix :)

forestgump 19.07.2015 22:38
ergebnis von combofix suchlauf bei forestgump
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Schrauber,
ich habe Google Chrome Packages und Image Editor Packages gelöscht und dann den Combofix-durchlauf gemacht.anbei die Ergebnisse.
viele Grüße
Jörg
[CODE] Combofix Logfile:
Code:
ComboFix 15-07-18.01 - jörxs 19.07.2015  23:04:54.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.1171 [GMT 2:00]
ausgeführt von:: c:\users\jörxs\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: G*DATA INTERNET*SECURITY CBE *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: G*DATA Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: G*DATA INTERNET*SECURITY CBE *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\LILAD3F.tmp
C:\LILADAC.tmp
C:\LILAE19.tmp
C:\LILAE96.tmp
c:\programdata\4601372211897530546
c:\programdata\4601372211897530546\0004dc12aae22b42a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\2accc008886ecacaa9c3b7bd59919614.ini
c:\programdata\4601372211897530546\41460f8b3845342ca9c3b7bd59919614.ini
c:\programdata\4601372211897530546\4271f7d8fb8d0bc3a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\529b397629406173a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\94d651929109d2c1a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\9d1e6f485b793aaca9c3b7bd59919614.ini
c:\programdata\4601372211897530546\aa888a18eb20df71a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\b2f536174832915ca9c3b7bd59919614.ini
c:\programdata\4601372211897530546\c82ba59a4fab6da9a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\cba7e870448052aca9c3b7bd59919614.ini
c:\programdata\4601372211897530546\cddefc52d72649b3a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\d7285e57b7aa3050a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\f7a13de7fe14ad69a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\f91231144eed7931a9c3b7bd59919614.ini
c:\programdata\4601372211897530546\ff245f44bad21418a9c3b7bd59919614.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-06-19 bis 2015-07-19  ))))))))))))))))))))))))))))))
.
.
2015-07-19 21:13 . 2015-07-19 21:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-07-17 22:34 . 2015-07-17 22:34        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-07-15 15:01 . 2015-06-02 00:07        254976        ----a-w-        c:\windows\system32\cewmdm.dll
2015-07-15 15:01 . 2015-06-01 23:47        210432        ----a-w-        c:\windows\SysWow64\cewmdm.dll
2015-07-15 14:59 . 2015-07-04 18:07        2087424        ----a-w-        c:\windows\system32\ole32.dll
2015-07-15 14:58 . 2015-07-09 17:58        726528        ----a-w-        c:\windows\system32\generaltel.dll
2015-07-14 09:52 . 2015-07-14 09:52        --------        d-----w-        c:\users\jörxs\AppData\Local\PDF24
2015-07-14 09:51 . 2015-07-14 09:52        --------        d-----w-        c:\program files (x86)\PDF24
2015-07-10 22:27 . 2015-07-17 23:28        --------        d-----w-        c:\users\jörxs\AppData\Roaming\FreeFixer
2015-07-10 22:27 . 2015-07-10 22:39        --------        d-----w-        c:\users\jörxs\AppData\Local\FreeFixer
2015-07-10 22:27 . 2015-07-10 22:27        --------        d-----w-        c:\program files\FreeFixer
2015-06-28 11:58 . 2015-07-19 20:49        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2015-06-28 11:58 . 2015-07-19 20:52        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2015-06-27 22:20 . 2015-06-27 22:51        --------        d-----w-        C:\FRST
2015-06-27 00:15 . 2015-06-27 00:15        --------        d-----w-        c:\program files (x86)\7-Zip
2015-06-27 00:08 . 2015-06-27 00:13        --------        d-----w-        c:\users\jörxs\AppData\Roaming\ReviverSoft
2015-06-24 22:11 . 2015-06-24 22:11        --------        d-----w-        c:\users\jörxs\AppData\Local\{D2737306-2EC6-44D0-9D3C-DE141B36F2E5}
2015-06-24 22:10 . 2015-06-24 22:10        --------        d-----w-        c:\users\jörxs\AppData\Local\{1EBDBB6E-BE1E-45E3-9F9B-2E6CA99D6AA3}
2015-06-24 20:30 . 2015-07-15 17:55        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 20:30 . 2015-07-15 17:55        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 16:28 . 2015-06-23 16:28        --------        d-----w-        c:\users\Default\AppData\Roaming\TuneUp Software
2015-06-23 16:25 . 2015-06-23 16:25        --------        d-----w-        c:\users\jörxs\AppData\Local\Avg
2015-06-22 16:09 . 2015-06-22 16:09        --------        d-----w-        c:\users\jörxs\AppData\Roaming\SECRV
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 06:43 . 2012-08-16 19:49        130333168        ----a-w-        c:\windows\system32\MRT.exe
2015-06-23 11:30 . 2010-11-21 03:27        300704        ------w-        c:\windows\system32\MpSigStub.exe
2015-06-12 01:01 . 2015-06-12 01:01        173056        ----a-w-        c:\windows\Providernew.dll
2015-06-11 23:58 . 2015-06-11 23:58        79064        ----a-w-        c:\windows\system32\drivers\gjypu.sys
2015-06-09 22:20 . 2015-05-30 09:17        24        ----a-w-        c:\users\jörxs\AppData\Roaming\appdataFr25.bin
2015-06-09 22:20 . 2015-05-30 09:17        24        ----a-w-        c:\users\jörxs\AppData\Roaming\appdataFr25.bin
2015-06-09 18:04 . 2015-06-09 18:04        18160        ----a-w-        c:\windows\system32\drivers\GdPhyMem.sys
2015-06-09 18:04 . 2015-06-09 18:04        106272        ----a-w-        c:\windows\system32\drivers\GRD.sys
2015-06-09 17:52 . 2015-06-09 17:52        75776        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2015-06-09 17:51 . 2015-06-09 17:51        27648        ----a-w-        c:\windows\system32\drivers\GDKBB64.sys
2015-06-09 17:51 . 2015-06-09 17:51        64512        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2015-06-09 17:51 . 2015-06-09 17:51        230400        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2015-06-09 17:51 . 2015-06-09 17:51        150016        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2015-06-09 17:51 . 2015-06-09 17:51        124928        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2015-06-08 12:13 . 2015-06-12 01:19        428880        ----a-w-        c:\windows\system32\LavasoftTcpService64.dll
2015-06-08 12:13 . 2015-06-12 01:19        348488        ----a-w-        c:\windows\SysWow64\LavasoftTcpService.dll
2015-05-25 18:24 . 2015-06-10 22:00        5569984        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 22:00        1728960        ----a-w-        c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 22:00        243712        ----a-w-        c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 22:00        362496        ----a-w-        c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 22:00        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 22:00        215040        ----a-w-        c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 22:00        1255424        ----a-w-        c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 22:00        879104        ----a-w-        c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 22:00        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 22:00        113664        ----a-w-        c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 22:00        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 22:00        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 22:00        424960        ----a-w-        c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 22:00        1162752        ----a-w-        c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 22:00        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 22:00        879104        ----a-w-        c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 22:00        404992        ----a-w-        c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 22:00        47104        ----a-w-        c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 22:00        112640        ----a-w-        c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 22:00        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 22:00        43008        ----a-w-        c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 22:00        104448        ----a-w-        c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 22:00        19456        ----a-w-        c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 22:00        338432        ----a-w-        c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 22:00        6656        ----a-w-        c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 22:00        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 22:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 22:00        3989440        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 22:00        3934144        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 22:00        1310744        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 22:00        635392        ----a-w-        c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 22:00        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 22:00        92160        ----a-w-        c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 22:00        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 22:00        641536        ----a-w-        c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 22:00        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 22:00        40448        ----a-w-        c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 22:00        364544        ----a-w-        c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 22:00        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 22:00        37888        ----a-w-        c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 22:00        82944        ----a-w-        c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 22:00        17408        ----a-w-        c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 22:00        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 22:00        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 22:00        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-10 22:00        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 22:00        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
"Web Companion"="c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" [2015-06-08 1381648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"DSL Soforthilfe"="c:\program files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe" [2013-11-21 20585888]
"GDFirewallTray"="c:\program files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2015-02-20 1855608]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2015-07-13 217632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2015-06-15 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 pankw;pankw; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x]
R3 cpuz134;cpuz134;c:\users\JRXS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JRXS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVKProxy;G*DATA*ANTIVIRUS Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G*DATA Scheduler;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G*DATA Dateisystem Wächter;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [x]
S2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 GDFwSvc;G*DATA Personal Firewall;c:\program files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDKBB;G Data GDKBB Driver;c:\windows\system32\drivers\GDKBB64.sys;c:\windows\SYSNATIVE\drivers\GDKBB64.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G*DATA Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 21:13        991048        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24 17:55]
.
2015-07-16 c:\windows\Tasks\FreeFixer background scan.job
- c:\program files\FreeFixer\freefixer.exe [2014-09-16 08:44]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-09 22:54]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-09 22:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe" [2015-03-10 9566192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
uSearchAssistant = www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Ad-Aware SecureSearch
FF - ExtSQL: 2015-06-08 20:09; {95E05177-EA09-4386-8B79-FEB1EAC063E6}; c:\users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\extensions\{95E05177-EA09-4386-8B79-FEB1EAC063E6}
FF - ExtSQL: 2015-06-09 03:14; {ee61cba1-8ca8-4c05-a509-a4d161ec9384}; c:\users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\extensions\{ee61cba1-8ca8-4c05-a509-a4d161ec9384}.xpi
FF - ExtSQL: 2015-06-09 23:34; 4RLc4@8.com; c:\users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\extensions\4RLc4@8.com
FF - ExtSQL: 2015-06-09 23:34; M7B@sReIt.net; c:\users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\extensions\M7B@sReIt.net
FF - ExtSQL: !HIDDEN! 2013-03-09 04:20; statuswinks@StatusWinks; c:\users\jörxs\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - ExtSQL: !HIDDEN! 2013-03-09 04:20; speedanalysis@SpeedAnalysis.com; c:\users\jörxs\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-1570102368.portal.qtrax.com - c:\program files (x86)\Microsoft Silverlight\4.0.50401.0\Silverlight.Configuration.exe
AddRemove-Free Video Converter - c:\program files (x86)\Free Video Converter\uninstall.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
AddRemove-Qtrax Connection Manager - c:\users\jörxs\Qtrax\Player\uninstallnotification.exe
AddRemove-Video Converter - c:\program files (x86)\VideoConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-19  23:26:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-19 21:26
.
Vor Suchlauf: 10 Verzeichnis(se), 349.574.238.208 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 348.960.555.008 Bytes frei
.
- - End Of File - - 974E843BAFC832A7044E3CB386F1C685
--- --- ---

schrauber 20.07.2015 10:19
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

forestgump 22.07.2015 00:50
Nächste Schritte durchgeführt.
 
Hallo Schrauber,
ich habe deine Anweisungen durchgeführt und schicke anbei die 1rste von 3 Ergebnislisten.
gruß Jörg
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 21.07.2015
Suchlaufzeit: 23:48
Protokolldatei: Ergebnis von Anti-malware Suchlauf.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.21.08
Rootkit-Datenbank: v2015.07.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: jörxs

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 416806
Abgelaufene Zeit: 37 Min., 33 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}, In Quarantäne, [95d7d0142169d95d7e6e50750ff3b050],
PUP.Optional.PCPerformer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}, In Quarantäne, [95d7d0142169d95d7e6e50750ff3b050],
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, In Quarantäne, [521a33b1b7d3d165a892a1fb08fc19e7],
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, In Quarantäne, [a6c69a4ac3c7f83ef8423f5d24e00ff1],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}, In Quarantäne, [fa72d2122c5eaf873bfd2a72df25b34d],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, In Quarantäne, [f47839ab7218f73f59dfabf1c0441de3],

Registrierungswerte: 4
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|FaviconPath, C:\Program Files (x86)\Movies Toolbar\Datamngr\favicon.ico, In Quarantäne, [521a33b1b7d3d165a892a1fb08fc19e7]
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|FaviconPath, C:\Program Files (x86)\Movies Toolbar\Datamngr\favicon.ico, In Quarantäne, [a6c69a4ac3c7f83ef8423f5d24e00ff1]
PUP.Optional.Bandoo.A, HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}|FaviconPath, C:\Program Files (x86)\Music Toolbar\Datamngr\favicon.ico, In Quarantäne, [fa72d2122c5eaf873bfd2a72df25b34d]
PUP.Optional.Bandoo.A, HKU\S-1-5-21-2946636422-4155816413-4096824531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|FaviconPath, C:\Program Files (x86)\Movies Toolbar\Datamngr\favicon.ico, In Quarantäne, [f47839ab7218f73f59dfabf1c0441de3]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
# AdwCleaner v4.208 - Bericht erstellt 22/07/2015 um 00:47:43
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : jörxs - JÖRXS-PC
# Gestarted von : C:\Users\jörxs\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\10b8d69a00001b5a
Ordner Gelöscht : C:\ProgramData\b891d2ba00003f0c
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\HiDefMedia
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\VideoConverter
Ordner Gelöscht : C:\Program Files (x86)\RCP
Ordner Gelöscht : C:\Program Files (x86)\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Program Files (x86)\Convertor
Ordner Gelöscht : C:\Program Files (x86)\PragmaEngine
Ordner Gelöscht : C:\Program Files (x86)\faReedEeliveriyy
Ordner Gelöscht : C:\Program Files (x86)\quiCksHop
Ordner Gelöscht : C:\Program Files (x86)\Winsta
Ordner Gelöscht : C:\Program Files\FreeFixer
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\jZip
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\Software Updater
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\Max_Computer_Cleaner
Ordner Gelöscht : C:\Users\jörxs\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\jörxs\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\jörxs\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\jellylam
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\Winsta
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\Microsoft\Windows\Start Menu\Video Converter
Ordner Gelöscht : C:\Users\jörxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
Ordner Gelöscht : C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Datei Gelöscht : C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfcbmgbfdbijmjgjihagbomfbjfjmgon_0.localstorage
Datei Gelöscht : C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgojaaaiddhmiiakpejiklijbalpckih_0.localstorage
Datei Gelöscht : C:\Users\jörxs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcncagkkhfoombgbihckkccmkjemhohl_0.localstorage
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\jörxs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
Datei Gelöscht : C:\Users\jörxs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
Datei Gelöscht : C:\Users\jörxs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
Datei Gelöscht : C:\Users\jörxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Datei Gelöscht : C:\Users\jörxs\AppData\Roaming\Mozilla\Firefox\Profiles\afmvuulo.default\searchplugins\securesearch.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\webssearches.xml

***** [ Geplante Tasks ] *****

Task Gelöscht : Advanced System Protector
Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : Convertor
Task Gelöscht : DealPlyUpdate
Task Gelöscht : FreeFixer background scan
Task Gelöscht : Freemium1ClickMaint
Task Gelöscht : LaunchSignup
Task Gelöscht : ReimageUpdater
Task Gelöscht : SmartWeb Upgrade Trigger Task
Task Gelöscht : Software Updater
Task Gelöscht : Software Updater Ui
Task Gelöscht : WinKit
Task Gelöscht : MaxComputerCleaner_Start
Task Gelöscht : DriverMgr
Task Gelöscht : keepup
Task Gelöscht : Winsta Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKCU\Software\f53dd88b034bd49
Schlüssel Gelöscht : HKLM\SOFTWARE\a6a7ed3d-69fd-ecdf-77c4-29c9629d1e1f
Schlüssel Gelöscht : HKLM\SOFTWARE\f53dd88b034bd49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{09CFDB88-F9F0-40BA-885E-F47A957D12E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2B1B440F-A9DB-46E3-ADCF-AA6E08143FB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71391EAD-C0A9-4F5E-9663-3FCB7E9A4BAC}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\jZip
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\DriverRestore
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\MaxComputerCleanerLanguage
Schlüssel Gelöscht : HKCU\Software\Avg Secure Update
Schlüssel Gelöscht : HKCU\Software\MaxComputerCleanerConfig
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\covus freemium gmbh
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IBUpdaterService
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Avg Secure Update
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v19.0 (de)


-\\ Google Chrome v44.0.2403.89


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [18450 Bytes] - [22/07/2015 00:43:56]
AdwCleaner[S0].txt - [16963 Bytes] - [22/07/2015 00:47:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17023  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by j”rxs on 22.07.2015 at  1:15:36,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\Users\j”rxs\Appdata\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com
Successfully deleted: [File] C:\Users\j”rxs\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\j”rxs\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Windows\SysWOW64\sho51E3.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho68A2.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoD142.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{01840AB1-C69A-4BC5-91A7-40918B720417}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{08670F3E-189F-4322-A4B0-BA0B8B61A5B6}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{0867427E-F8B6-430F-AF00-F6CE39A14215}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{0F30B61D-FBA2-449B-83F9-4FC10B227C05}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{1B244910-29E6-4AA2-9F73-B94A5A112BBE}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{1EBDBB6E-BE1E-45E3-9F9B-2E6CA99D6AA3}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{254B5BB0-9EC3-41A1-B53D-FD8011EE22B7}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{25EE3253-D8E9-4903-91FE-D3D4A86C8415}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{279AF2DE-6B63-44A4-80FF-459697A01868}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{28BE2B63-76FE-4E81-97ED-BFDBF97E3251}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{3013F6A7-B9CC-4B0D-814D-804FE0C2C339}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{33E35A01-B03D-4F97-9161-7FBCEB23EC25}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{37C456A7-F54B-44A4-A073-F9AD523B0067}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{389B684D-7D88-4990-9B9E-1E35DE551EA0}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{3C6EC3AF-EC58-442D-8B5D-973B8B963E03}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{43B5D872-B3A5-454E-B7E1-BD9C8A318D0A}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{466ECECA-174D-48B1-B52B-CC002D4B3FA3}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{47B48890-C7F8-4C5D-9331-2BE0DF57C5B0}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{51FC66CC-2A22-4CDE-ABF2-2695DB3ABAD9}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{527E76C0-3644-43CF-B064-A6562F9FFC4D}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{5BAAFC1D-1403-4440-A30A-C9A93BD45171}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{6189A6CE-66C4-4CE8-ADCC-B91F3AA816F0}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{6E53E165-FCB1-437C-9197-D4F7B7BE0A88}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{747FED83-AEB9-4F20-9D49-C382A393B7D5}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{7BB8BCCB-6086-4ACF-B5DA-C240E801B785}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{7F0C78AC-B526-414F-B43E-71711F8BC9C2}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{8325135E-6FAD-40B5-9B28-6F8F4588269F}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{871A851F-9F95-4CEF-B76A-39D087778261}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{8B1BA6CD-FFB1-44B6-9B44-57D12E095BEF}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{8D81DB94-BA03-43D3-81D8-998E3A3B8C9B}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{9702F818-90A8-467A-AD79-F43D754DB222}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{A985D15E-BB51-41FE-AD63-83FF8DF8983A}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{ACB6DB6A-A11F-41CD-8FFA-0B3463E0F7F9}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{C5FF709A-94E9-4E10-828F-BB825B324A03}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{CE3E527D-8552-4F21-9E2C-2E455DFE073F}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{D1CFA463-F178-40DE-9EDA-F256F942D340}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{D270B92E-140B-4288-825D-30B050255B30}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{D2737306-2EC6-44D0-9D3C-DE141B36F2E5}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{D2C36D63-1DE4-4D93-A811-AC5F86B235AB}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{DA9641C5-D0C4-4EA5-A4C0-70B2105939A5}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{E1A4C93C-CB48-4B91-AFFD-5029847E701E}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{E2128BBF-912D-4EC5-81FE-D8C931611C53}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{E3551F97-8A04-4546-8CA6-07C1A1421096}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{E6315B61-404D-4C3F-A6EA-8A8FCD33C33F}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{E65897BF-71FA-4B25-917D-CA8DFA320835}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{E9A2AA2F-A642-4031-A832-3A5E42860185}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{ED682781-9946-40F6-AEE3-3233D7574CD0}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{EE1FAA20-F7F5-43B5-88BD-B80D55E2F7A8}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{F8019239-9782-46C0-B139-B3DAFD61AC28}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{FAFB6474-DAAB-4FDD-9E78-5DDC59D5698D}
Successfully deleted: [Empty Folder] C:\Users\j”rxs\Appdata\Local\{FE3E83B4-B0C9-4758-96B1-96BC63802094}
Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\j”rxs\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\j”rxs\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\j”rxs\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\j”rxs\Appdata\Local\update~1
Successfully deleted: [Folder] C:\Users\j”rxs\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\j”rxs\AppData\Roaming\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\j”rxs\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\j”rxs\AppData\Roaming\reviversoft
Successfully deleted: [Folder] C:\Windows\provider32



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\j”rxs\AppData\Roaming\mozilla\firefox\profiles\afmvuulo.default\smartbar
Successfully deleted the following from C:\Users\j”rxs\AppData\Roaming\mozilla\firefox\profiles\afmvuulo.default\prefs.js

user_pref(browser.search.defaultenginename, Ad-Aware SecureSearch);
user_pref(browser.search.selectedEngine, Ad-Aware SecureSearch);
Emptied folder: C:\Users\j”rxs\AppData\Roaming\mozilla\firefox\profiles\afmvuulo.default\minidumps [60 files]



~~~ Chrome


[C:\Users\j”rxs\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\j”rxs\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\j”rxs\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\j”rxs\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2015 at  1:27:12,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 22.07.2015 08:20

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

forestgump 23.07.2015 01:32
virus entfernen bei forestgump
 
Hallo schrauber,
ich möchte mich schon mal für deine Hilfe bedanken. Der Virus scheint jetzt eingekreist zu werden.
Ich habe ESET installiert( aber vermutlich nicht richtig) denn er hat während der Installation einfach die PC-Prüfung gestartet und 12 Bedrohungen gefunden und gelöscht.
Leider habe ich kein gewünschtes Protokoll gefunden und auch nix in der Systemsteuerung zum deinstallieren. komisch.

Ich habe aber ein Quarantäne-liste von dem ESET-suchlauf. Diese lässt sich zwar köpieren aber nicht hier einfügen. sorry

Und hier ist die Datei von dem security-check
gruß Jörg

Code:
  Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
GÿDATA INTERNETÿSECURITY CBE 
Ad-Aware Antivirus           
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Spybot - Search & Destroy
 Adobe Flash Player 18.0.0.209 
 Adobe Reader XI 
 Mozilla Firefox 19.0 Firefox out of Date! 
 Google Chrome (43.0.2357.134)
 Google Chrome (44.0.2403.89)
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.7.485.8398\AdAwareService.exe
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.7.485.8398\AdAwareTray.exe
 G DATA InternetSecurity Firewall GDFirewallTray.exe
 G DATA InternetSecurity Firewall GDFwSvcx64.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

schrauber 23.07.2015 07:48
Was genau passiert wenn Du sie einfügen willst?

Das frische FRST log bitte noch :)

forestgump 23.07.2015 22:28
Hallo Schrauber,

beim einfügen passiert nichts- ich kann die Liste kopieren aber nicht einfügen.

Ich hab eben nochmal die Prozedur durchlaufen. = ESET runtergeladen Schutz deaktiviert und ESET gestartet. Er hat diesmal keine Bedrohung mehr gefunden und er macht mir wieder keinen FRST Logfile. Aus der Systemsteuerung habe ich ihn auch wieder entfernt.

Beim runterfahren des PC ist immer noch im Hintergrund "Task Host Windows" offen daß ich zum schließen erzwingen muß.

Gruß Jörg

schrauber 24.07.2015 07:18
Zitat:
Er hat diesmal keine Bedrohung mehr gefunden und er macht mir wieder keinen FRST Logfile
:wtf:

FRST Logfile wird mit dem Programm FRST erstellt.....das erste Tool was wir benutzt haben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:35 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131