Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Extrem langsames Win 7 Netbook Trojaner? (https://www.trojaner-board.de/158383-extrem-langsames-win-7-netbook-trojaner.html)

petramueller 07.09.2014 13:35
Extrem langsames Win 7 Netbook Trojaner?
 
Mein Problem:

Acer Aspire one 721 Netbook
Win 7 64 bit

Vor einiger Zeit habe ich Malware entdeckt und gehofft diese beseitigt zu haben.
Da mein Netbook extrem langsam läuft habe ich den Verdacht, das ich das nicht geschafft habe.

Da ich von Euren tollen Ergebnissen weiß, bitte ich um Hilfe.

Herzlichen Dank

Petra

schrauber 07.09.2014 13:38
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


petramueller 07.09.2014 14:13
rehi,

danke für die megaschnelle Antwort, hier meine ersten Files.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by ConVo (administrator) on CONVO-MOBILE-NE on 07-09-2014 14:47:44
Running from C:\Users\ConVo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\Search\WebSearch.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Windows\System32\atwtusb.exe
() C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(1&1 Mail & Media GmbH) C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [44152 2013-07-23] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [GMX Application {sync-000021}] => C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [792064 2014-06-04] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [1und1DispatcherCorp] => C:\Users\ConVo\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [213640 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [GoogleChromeAutoLaunch_176129A81A4855DA76CA6BB73E9E1CEC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: E - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {6fda4264-8385-11e2-a7ca-18f46ab50f4c} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {6fda426e-8385-11e2-a7ca-18f46ab50f4c} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {6fda4297-8385-11e2-a7ca-18f46ab50f4c} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {6fda42a3-8385-11e2-a7ca-18f46ab50f4c} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {87ae6d10-0f6e-11e1-bf83-206a8a281f67} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {87ae6d1e-0f6e-11e1-bf83-206a8a281f67} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {926cf664-f695-11e1-a11a-18f46ab50f4c} - E:\autostart.exe
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {b433b929-1042-11e1-a245-206a8a281f67} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {d015c667-840f-11e2-9eb7-206a8a281f67} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {d015c675-840f-11e2-9eb7-206a8a281f67} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {e4fcf293-39e2-11e1-b293-206a8a281f67} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {ef6ced71-eeda-11e1-8eff-18f46ab50f4c} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {f3fc8665-7f8f-11e2-b489-18f46ab50f4c} - D:\AutoRun.exe
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\MountPoints2: {f3fc8684-7f8f-11e2-b489-18f46ab50f4c} - D:\AutoRun.exe
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 1 -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 2 -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 3 -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 4 -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers: OODIIcon -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 1 -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 2 -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 3 -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 4 -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389129258&from=tugs&uid=HitachiXHTS545032B9A300_101105PBP306161N1NRLX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\user.js
FF SearchPlugin: C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\searchplugins\askcom.xml
FF Extension: DAEMON Tools Toolbar - C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\Extensions\DTToolbar@toolbarnet.com [2013-06-15]
FF Extension: GMX MailCheck - C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\Extensions\toolbar@gmx.net.xpi [2012-06-24]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1403900922&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626", "hxxp://www.sweet-page.com/?type=hppp&ts=1403944179&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626", "hxxp://www.sweet-page.com/?type=hppp&ts=1406280258&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626"
CHR DefaultSearchKeyword: Default -> 190BEB7DB8D35DDAB98510C1D2FA8B1ED66DCC5D55B19A02DEE60F61C7302800
CHR DefaultSearchURL: Default -> D4DCF2C5A68EEDF11D99EA5879FCE3B2ED40E060CF6BA8195DF8C1E945F251B4
CHR Profile: C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Google-Suche) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Email this page (by Google)) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-01-24]
CHR Extension: (Print Using Google Cloud Print™) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg [2014-01-24]
CHR Extension: (AdBlock) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-25]
CHR Extension: (Night Time In New York City) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2014-06-06]
CHR Extension: (Print) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-08-28]
CHR Extension: (Google Mail) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-11-07] ()
R2 DailytoolsUpdateService; C:\Windows\System32\update1.dll [0 2014-09-06] () [File not signed]
R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-07-31] (Dailytools GmbH) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-16] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-04-15] (NovaStor) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4034376 2011-03-14] ()
R2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-10] ()
R2 WTService; C:\Windows\system32\atwtusb.exe [897536 2011-07-19] () [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 LanmanWorkstation; %SystemRoot%\System32\aptwwxm4j.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\SysWOW64\DRIVERS\ew_usbenumfilter.sys [13952 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-16] ()
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-03-03] (Huawei Technologies Co., Ltd.)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [117328 2011-03-14] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [40016 2011-03-14] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [215120 2011-03-14] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [43600 2011-03-14] (O&O Software GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-15] (Duplex Secure Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U3 as1vp399; C:\Windows\System32\Drivers\as1vp399.sys [0 ] (Elaborate Bytes AG)
U5 ewusbnet; C:\Windows\SysWOW64\Drivers\ewusbnet.sys [256000 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 14:47 - 2014-09-07 14:49 - 00030962 _____ () C:\Users\ConVo\Desktop\FRST.txt
2014-09-07 14:47 - 2014-09-07 14:48 - 00000000 ____D () C:\FRST
2014-09-07 14:41 - 2014-09-07 14:41 - 00380416 _____ () C:\Users\ConVo\Desktop\vbikl2xq.exe
2014-09-07 14:40 - 2014-09-07 14:41 - 02104832 _____ (Farbar) C:\Users\ConVo\Desktop\FRST64.exe
2014-09-07 14:39 - 2014-09-07 14:39 - 00050477 _____ () C:\Users\ConVo\Desktop\Defogger.exe
2014-09-06 08:34 - 2014-09-07 10:35 - 00000168 _____ () C:\Windows\setupact.log
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 08:33 - 2014-09-06 08:33 - 00000558 _____ () C:\Windows\PFRO.log
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\update1.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\OLEPRO32.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-08-28 09:53 - 2014-08-28 09:53 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 09:50 - 2014-08-28 09:50 - 00001431 _____ () C:\Users\ConVo\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-08-28 09:50 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 09:49 - 2013-06-13 08:35 - 00100640 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-08-28 09:49 - 2013-05-15 12:23 - 00303392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00117312 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00085936 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-08-28 09:48 - 2013-07-01 15:08 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-08-28 09:48 - 2011-08-22 17:33 - 00105744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
2014-08-28 09:47 - 2014-08-28 09:47 - 00003282 _____ () C:\Windows\System32\Tasks\Titanium BTC
2014-08-28 09:44 - 2014-08-28 09:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 09:44 - 2014-08-28 09:44 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-08-28 09:42 - 2014-09-07 14:08 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-28 09:42 - 2014-08-28 09:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 09:27 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Local\Trend Micro
2014-08-28 09:13 - 2014-08-28 09:19 - 116265320 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-08-27 23:35 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:35 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:35 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 05:01 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 05:01 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 05:01 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 05:01 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 05:01 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 05:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 05:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 05:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 05:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-21 18:36 - 2014-08-21 18:36 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Nero
2014-08-18 07:27 - 2014-08-18 07:28 - 04813544 _____ (Piriform Ltd) C:\Users\Stephan\Downloads\ccsetup416.exe
2014-08-17 18:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 18:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 18:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 18:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 18:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 18:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 18:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 18:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 17:34 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 17:34 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 17:34 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 17:34 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 17:34 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 17:34 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 17:34 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 17:34 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 17:34 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 17:34 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 17:34 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 17:34 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 17:34 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 17:34 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 17:34 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 17:34 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 17:34 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 17:34 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 17:33 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 17:33 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 17:33 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 17:33 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 17:33 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 17:33 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 17:33 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 17:33 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 17:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 17:33 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 17:33 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 17:33 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 17:33 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 17:33 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 17:33 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 17:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 17:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 17:33 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 17:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 17:33 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 17:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 17:33 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 17:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 17:33 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 17:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 17:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 17:33 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 17:33 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 17:33 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 17:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 17:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 17:33 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 17:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 17:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 17:33 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 17:33 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 17:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 17:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 17:22 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 17:22 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 17:04 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 17:04 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 17:02 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 17:02 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 17:02 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 16:57 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 16:50 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 16:50 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-17 16:49 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 16:49 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-10 21:59 - 2014-08-10 21:59 - 00000000 ____D () C:\Program Files (x86)\Search

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 14:49 - 2014-09-07 14:47 - 00030962 _____ () C:\Users\ConVo\Desktop\FRST.txt
2014-09-07 14:48 - 2014-09-07 14:47 - 00000000 ____D () C:\FRST
2014-09-07 14:46 - 2014-01-22 22:29 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 14:46 - 2011-10-28 12:59 - 00000000 ____D () C:\Users\ConVo\Documents\Outlook-Dateien
2014-09-07 14:45 - 2012-04-06 13:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 14:41 - 2014-09-07 14:41 - 00380416 _____ () C:\Users\ConVo\Desktop\vbikl2xq.exe
2014-09-07 14:41 - 2014-09-07 14:40 - 02104832 _____ (Farbar) C:\Users\ConVo\Desktop\FRST64.exe
2014-09-07 14:39 - 2014-09-07 14:39 - 00050477 _____ () C:\Users\ConVo\Desktop\Defogger.exe
2014-09-07 14:30 - 2011-10-27 21:52 - 00000386 _____ () C:\Windows\Tasks\Acer Registration - Data Sending task.job
2014-09-07 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-09-07 14:09 - 2011-10-27 15:15 - 02007227 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 14:08 - 2014-08-28 09:42 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-07 10:46 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 10:46 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 10:36 - 2014-01-22 22:29 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 10:35 - 2014-09-06 08:34 - 00000168 _____ () C:\Windows\setupact.log
2014-09-07 10:35 - 2011-11-15 23:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-07 10:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 10:35 - 2009-07-14 04:34 - 00000493 _____ () C:\Windows\win.ini
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 08:33 - 2014-09-06 08:33 - 00000558 _____ () C:\Windows\PFRO.log
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\update1.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\OLEPRO32.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-09-06 00:58 - 2014-01-23 20:22 - 00000036 _____ () C:\Users\ConVo\AppData\Local\housecall.guid.cache
2014-09-06 00:30 - 2012-11-16 00:10 - 00000000 ____D () C:\ProgramData\Avira
2014-09-06 00:29 - 2012-11-16 00:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-02 22:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-01 23:29 - 2011-11-23 16:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-29 23:44 - 2011-10-27 04:18 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-29 23:44 - 2011-10-27 04:18 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-29 23:44 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 11:40 - 2014-04-29 22:02 - 00002394 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-28 11:40 - 2013-12-09 22:00 - 00001458 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX MediaCenter.lnk
2014-08-28 09:53 - 2014-08-28 09:53 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 09:50 - 2014-08-28 09:50 - 00001431 _____ () C:\Users\ConVo\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-08-28 09:50 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 09:50 - 2014-08-28 09:27 - 00000000 ____D () C:\Users\ConVo\AppData\Local\Trend Micro
2014-08-28 09:47 - 2014-08-28 09:47 - 00003282 _____ () C:\Windows\System32\Tasks\Titanium BTC
2014-08-28 09:44 - 2014-08-28 09:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 09:44 - 2014-08-28 09:44 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-08-28 09:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-28 09:43 - 2014-08-28 09:42 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 09:19 - 2014-08-28 09:13 - 116265320 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-08-28 08:58 - 2009-07-14 06:45 - 00428424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2011-10-28 11:37 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-27 23:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:35 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:36 - 2014-08-21 18:36 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Nero
2014-08-21 18:34 - 2014-03-21 20:39 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Apple Computer
2014-08-20 20:37 - 2013-02-01 11:52 - 00000000 ____D () C:\001-Daten
2014-08-19 22:53 - 2011-12-11 22:18 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Skype
2014-08-19 22:33 - 2013-02-13 22:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-19 22:33 - 2011-12-11 22:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-18 07:30 - 2013-04-07 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 07:28 - 2014-08-18 07:27 - 04813544 _____ (Piriform Ltd) C:\Users\Stephan\Downloads\ccsetup416.exe
2014-08-18 07:28 - 2013-12-22 17:13 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 07:28 - 2012-08-27 05:27 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-18 07:28 - 2012-08-27 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 07:28 - 2012-08-27 05:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 04:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 19:21 - 2011-10-28 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 19:11 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 19:01 - 2011-11-01 18:14 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 18:52 - 2014-05-12 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 18:48 - 2014-03-21 20:47 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Google
2014-08-17 16:14 - 2014-03-21 20:39 - 00115344 _____ () C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-10 21:59 - 2014-08-10 21:59 - 00000000 ____D () C:\Program Files (x86)\Search

Some content of TEMP:
====================
C:\Users\ConVo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Stephan\AppData\Local\Temp\avgnt.exe
C:\Users\Stephan\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 20:19

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by ConVo at 2014-09-07 14:50:24
Running from C:\Users\ConVo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@promt Personal 8.5 German Giant (HKLM-x32\...\{3A0A037A-B652-4FAB-A410-D9AD375590FB}) (Version: 8.5.00005 - PROMT Ltd.)
123ImageMagic - Einblendungs Software (HKLM-x32\...\123ImageMagic - Einblendungs Software) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0211.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM-x32\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - hxxp://www.adobe.de)
Adobe® Photoshop® Album Starter Edition 3.2 (x32 Version: 3.2.0 - Adobe Systems, Inc.) Hidden
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
AllShare Control (HKLM\...\{806DDB11-2D1E-4597-9C49-2FAB3FCD8096}) (Version: 1.5 - Samsung)
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{18BB142C-D4DB-6EA7-F7A0-373C1262660E}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO LinkStation(LS-CHL) Setup Guide (HKLM-x32\...\UN090415) (Version:  - )
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CyberLink PhotoDirector 2011 (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2105 - CyberLink Corp.)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2105 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.0.0283 - DT Soft Ltd) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
DeLorme Street Atlas USA 2009 (HKLM-x32\...\{AEB95804-A937-49E6-940A-37A606C16D5D}) (Version: 9.02.0000 - DeLorme Publishing)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GMX MediaCenter 1.7.3289.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.7.3289.0 - 1&1 Mail & Media GmbH)
GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 2.7.2.6 - 1 und 1 Internet AG)
GMX SMS-Manager (x32 Version: 2.7.2 - 1 und 1 Internet AG) Hidden
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung CE (HKCU\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HUAWEI DataCard Driver 4.20.12.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
iClone v4.2 PRO (HKLM-x32\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.2.1718.1 - Reallusion Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KeyDepot (HKLM\...\KeyDepot_is1) (Version: 3.01 - Abelssoft)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
L&H TTS3000 Español (HKLM-x32\...\LHTTSSPE) (Version:  - )
L&H TTS3000 Français (HKLM-x32\...\LHTTSFRF) (Version:  - )
L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MiniTool Partition Wizard Home Edition 7.1 (HKLM-x32\...\{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2013 - Abelssoft)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{7daf7cbe-e192-457b-b4ee-15353d9d8c41}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.15.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 2.4.28.0 - Nero AG) Hidden
Nero PhotoSnap Help (x32 Version: 2.4.28.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.38.1 - Nero AG) Hidden
Nero Recode Help (x32 Version: 4.4.38.1 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.24.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 (HKLM-x32\...\InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}) (Version: 1.00.0000 - NETGEAR)
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NovaBACKUP (HKLM-x32\...\NovaBACKUP) (Version: 11.1.14 - NovaStor)
NovaBACKUP (x32 Version: 11.1.14 - NovaStor) Hidden
novaPDF Lite Desktop 7.5 printer (HKLM\...\novaPDF Lite Desktop 7 printer_is1) (Version:  - Softland)
O&O DiskImage Professional (HKLM\...\{A9A92E06-44EE-4210-8222-B69BAAD57A8E}) (Version: 5.6.18 - O&O Software GmbH)
O&O MediaRecovery (HKLM\...\{ECD1806C-56F6-4798-93A2-166F45124B1D}) (Version: 6.0.6312 - O&O Software GmbH)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
Power Presenter RE II (HKLM-x32\...\{8537166B-40F4-4FAE-BAC5-454A4DD773B7}) (Version: 2.57 - Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SILKYPIX Developer Studio 3.0 SE (HKLM-x32\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Uninstall of File Security Tool (HKLM-x32\...\UN070209) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
USB Tablet Manager (HKLM\...\RmTablet) (Version: 4.13 - )
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.1 - Nikon)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WNDA3100 (x32 Version: 1.00.0000 - NETGEAR) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-851625814-3518592554-1989338486-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-851625814-3518592554-1989338486-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-851625814-3518592554-1989338486-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-851625814-3518592554-1989338486-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-851625814-3518592554-1989338486-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

17-08-2014 14:36:40 Windows Update
17-08-2014 16:51:49 Windows Update
22-08-2014 02:59:07 Windows Update
22-08-2014 06:30:55 Windows Update
27-08-2014 21:40:36 Windows Update
06-09-2014 15:10:21 Windows Update
06-09-2014 19:39:28 TITANUIMRES
06-09-2014 19:43:45 TITANUIMRES

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BC45465-F536-4220-92A3-24762059C23D} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {22BF1119-5A78-4786-B4E8-38597A103C55} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {36CE0DBF-2D46-4103-97F8-A56F524D6DB0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48AFE588-5CF1-4098-87AC-07FCA3DBC213} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {57D7BD25-6BA1-4E14-9438-BFDB1D67F1E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {96C4A661-D547-41D6-89D0-8CFF63B747B3} - System32\Tasks\Acer Registration - Data Sending task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2010-04-28] (Acer Incorporated)
Task: {A69166F3-2D9F-4D8E-8201-F58AAFC7C6CA} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {DFFC01BC-C478-4894-931C-AA50369B5902} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {F15EECED-262B-411C-85F3-4C02B6846E29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {F22F6F15-8777-4E85-AFBE-A744BE6A0322} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: C:\Windows\Tasks\Acer Registration - Data Sending task.job => C:\Program Files (x86)\Acer\Registration\GREG.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-28 09:43 - 2013-01-16 04:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-08-28 09:43 - 2013-04-02 06:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-08-28 09:43 - 2013-01-16 04:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-08-28 09:43 - 2012-12-18 22:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-08-28 09:43 - 2013-01-16 04:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-08-28 09:20 - 2013-07-23 17:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2013-03-03 16:45 - 2013-11-07 10:28 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-08-10 21:59 - 2014-08-10 21:59 - 00435696 _____ () C:\Program Files (x86)\Search\WebSearch.exe
2011-12-14 21:09 - 2011-07-19 15:29 - 00897536 _____ () C:\Windows\system32\atwtusb.exe
2011-03-14 10:09 - 2011-03-14 10:09 - 04034376 _____ () C:\Program Files\OO Software\DiskImage\oodiag.exe
2011-03-14 10:08 - 2011-03-14 10:08 - 00324424 _____ () C:\Program Files\OO Software\DiskImage\oodiagrs.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-28 10:03 - 2013-12-18 15:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2013-12-09 22:00 - 2014-06-04 18:17 - 00104448 _____ () C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\ConfigWizard.dll
2013-12-09 22:00 - 2014-06-04 18:17 - 00051200 _____ () C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\CoreBranding.dll
2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-27 15:20 - 2011-10-27 15:20 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () c:\windows\system32\update1.dll
2010-04-15 12:54 - 2010-04-15 12:54 - 00187528 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes407.dll
2010-03-29 08:36 - 2010-03-29 08:36 - 00005120 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\throttle.dll
2010-04-15 12:51 - 2010-04-15 12:51 - 00126088 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-09-07 00:02 - 2013-08-29 09:58 - 00882584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2011-10-27 04:03 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-05 22:42 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 22:42 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 22:42 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 22:42 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 22:42 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-08-28 09:20 - 2013-07-23 17:28 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2014-08-28 09:20 - 2013-07-23 17:28 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2014 11:09:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10468

Error: (09/07/2014 11:09:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10468

Error: (09/07/2014 11:09:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 11:09:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7862

Error: (09/07/2014 11:09:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7862

Error: (09/07/2014 11:09:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 11:09:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6521

Error: (09/07/2014 11:09:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6521

Error: (09/07/2014 11:09:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 11:09:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5429


System errors:
=============
Error: (09/07/2014 02:51:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (09/07/2014 02:51:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (09/07/2014 02:51:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%126

Error: (09/07/2014 02:51:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%126

Error: (09/07/2014 02:47:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (09/07/2014 02:47:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (09/07/2014 02:47:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%126

Error: (09/07/2014 02:47:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%126

Error: (09/07/2014 02:47:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (09/07/2014 02:47:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062


Microsoft Office Sessions:
=========================
Error: (09/07/2014 11:09:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10468

Error: (09/07/2014 11:09:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10468

Error: (09/07/2014 11:09:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 11:09:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7862

Error: (09/07/2014 11:09:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7862

Error: (09/07/2014 11:09:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 11:09:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6521

Error: (09/07/2014 11:09:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6521

Error: (09/07/2014 11:09:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 11:09:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5429


CodeIntegrity Errors:
===================================
  Date: 2014-09-07 14:46:38.259
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-07 14:38:09.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-07 14:15:49.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-07 14:08:57.248
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-07 13:38:37.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-07 11:32:46.891
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-07 11:25:01.232
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-06 22:50:17.091
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-06 21:15:39.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-06 21:05:47.447
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II Neo K145 Processor
Percentage of memory in use: 51%
Total physical RAM: 3838.17 MB
Available physical RAM: 1842.52 MB
Total Pagefile: 7674.52 MB
Available Pagefile: 5165.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:285.28 GB) (Free:83.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 46934693)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 08.09.2014 10:38
Adware & Co. deinstallieren




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

petramueller 08.09.2014 18:53
Hallo,

ich hoffe ich habe es geschafft das ganze richtig zu posten. Leider habe ich verpeilt den Win Defender auszuschalten. Sollte ich ComboFix noch einmal laufen lassen und eine neues Logfile posten?

Viele Grüße

Petra

Code:
ComboFix 14-09-05.01 - ConVo 08.09.2014  18:15:49.1.1 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3838.2157 [GMT 2:00]
ausgeführt von:: c:\users\ConVo\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-08 bis 2014-09-08  ))))))))))))))))))))))))))))))
.
.
2014-09-08 17:07 . 2014-09-08 17:07        --------        d-----w-        c:\users\Stephan\AppData\Local\temp
2014-09-08 17:07 . 2014-09-08 17:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-08 15:56 . 2014-09-08 15:56        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-09-07 12:47 . 2014-09-07 12:53        --------        d-----w-        C:\FRST
2014-09-06 19:37 . 2014-09-08 16:12        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{62757B21-A5C8-48F0-B1C5-B5E316916BB9}\offreg.dll
2014-09-06 15:11 . 2014-08-21 03:43        11319192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{62757B21-A5C8-48F0-B1C5-B5E316916BB9}\mpengine.dll
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\update1.dll
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\OLEPRO32.DLL
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\ElbyVCD.dll
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\ElbyCDIO.dll
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\atiumdva.dll
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\atiumdag.dll
2014-09-05 23:42 . 2014-09-05 23:42        0        ----a-w-        c:\windows\system32\atiu9pag.DLL
2014-09-05 22:52 . 2014-09-05 22:52        --------        d-----w-        c:\programdata\Trend Micro Installer
2014-08-28 07:53 . 2014-08-28 07:53        --------        d-----w-        C:\TMRescueDisk
2014-08-28 07:49 . 2013-06-13 06:35        100640        ----a-w-        c:\windows\system32\drivers\tmeevw.sys
2014-08-28 07:49 . 2013-05-15 10:23        303392        ----a-w-        c:\windows\system32\drivers\tmnciesc.sys
2014-08-28 07:48 . 2011-08-22 15:33        105744        ----a-w-        c:\windows\system32\drivers\tmtdi.sys
2014-08-28 07:48 . 2013-12-03 08:57        117312        ----a-w-        c:\windows\system32\drivers\tmactmon.sys
2014-08-28 07:48 . 2013-12-03 08:57        85936        ----a-w-        c:\windows\system32\drivers\tmevtmgr.sys
2014-08-28 07:48 . 2013-12-03 08:57        283160        ----a-w-        c:\windows\system32\drivers\tmcomm.sys
2014-08-28 07:48 . 2013-07-01 13:08        50976        ----a-w-        c:\windows\system32\drivers\TMEBC64.sys
2014-08-28 07:44 . 2014-08-28 07:44        59        ----a-w-        c:\windows\system32\SupportTool.exe.bat
2014-08-28 07:42 . 2014-08-28 07:43        --------        d-----w-        c:\program files\Trend Micro
2014-08-28 07:42 . 2014-09-07 12:08        --------        d-----w-        c:\programdata\Trend Micro
2014-08-28 07:27 . 2014-08-28 07:50        --------        d-----w-        c:\users\ConVo\AppData\Local\Trend Micro
2014-08-27 21:35 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-27 21:35 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-27 21:35 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-22 03:01 . 2014-05-14 16:23        44512        ----a-w-        c:\windows\system32\wups2.dll
2014-08-22 03:01 . 2014-05-14 16:23        58336        ----a-w-        c:\windows\system32\wuauclt.exe
2014-08-22 03:01 . 2014-05-14 16:23        2477536        ----a-w-        c:\windows\system32\wuaueng.dll
2014-08-22 03:01 . 2014-05-14 16:21        2620928        ----a-w-        c:\windows\system32\wucltux.dll
2014-08-22 03:01 . 2014-05-14 16:23        38880        ----a-w-        c:\windows\system32\wups.dll
2014-08-22 03:01 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\SysWow64\wups.dll
2014-08-22 03:01 . 2014-05-14 16:23        700384        ----a-w-        c:\windows\system32\wuapi.dll
2014-08-22 03:01 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\SysWow64\wuapi.dll
2014-08-22 03:01 . 2014-05-14 16:20        97792        ----a-w-        c:\windows\system32\wudriver.dll
2014-08-22 03:01 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2014-08-22 03:00 . 2014-05-14 07:23        198600        ----a-w-        c:\windows\system32\wuwebv.dll
2014-08-22 03:00 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2014-08-22 03:00 . 2014-05-14 07:20        36864        ----a-w-        c:\windows\system32\wuapp.exe
2014-08-22 03:00 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2014-08-21 16:36 . 2014-08-21 16:36        --------        d-----w-        c:\users\Stephan\AppData\Roaming\Nero
2014-08-19 20:33 . 2014-08-19 20:33        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-08-17 16:53 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-17 16:53 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-17 16:53 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-08-17 16:53 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-08-17 16:53 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-17 16:53 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-08-17 16:53 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-08-17 16:53 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-17 15:33 . 2014-07-25 14:01        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-08-17 15:22 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-08-17 15:04 . 2014-07-16 03:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-08-17 15:04 . 2014-07-16 02:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-08-17 15:02 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-08-17 15:02 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-08-17 15:02 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-08-17 15:02 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-08-17 15:02 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-08-17 15:02 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-08-17 15:02 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-08-17 14:57 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-08-17 14:50 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-08-17 14:50 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-08-17 14:49 . 2014-08-07 02:06        529920        ----a-w-        c:\windows\system32\aepdu.dll
2014-08-17 14:49 . 2014-08-07 02:01        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-08-10 19:59 . 2014-08-10 19:59        --------        d-----w-        c:\program files (x86)\Search
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 13:13 . 2013-11-13 13:07        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 04:53 . 2011-10-28 09:37        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-08-17 17:01 . 2011-11-01 16:14        99218768        ----a-w-        c:\windows\system32\MRT.exe
2014-07-31 18:59 . 2014-07-31 18:59        352256        ----a-w-        c:\windows\SysWow64\update1.dll
2014-07-13 06:53 . 2012-04-06 11:53        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 06:53 . 2011-10-28 11:38        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-05 19:55 . 2014-07-05 19:54        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-18 02:18 . 2014-07-12 22:08        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-12 22:08        646144        ----a-w-        c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 1]
@="{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}"
[HKEY_CLASSES_ROOT\CLSID\{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}]
2014-06-04 16:17        345088        ----a-w-        c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 2]
@="{0575AB16-E932-4160-8936-4DBE195BDBD7}"
[HKEY_CLASSES_ROOT\CLSID\{0575AB16-E932-4160-8936-4DBE195BDBD7}]
2014-06-04 16:17        345088        ----a-w-        c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 3]
@="{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}"
[HKEY_CLASSES_ROOT\CLSID\{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}]
2014-06-04 16:17        345088        ----a-w-        c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 4]
@="{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}"
[HKEY_CLASSES_ROOT\CLSID\{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}]
2014-06-04 16:17        345088        ----a-w-        c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-29 20:00        223432        ----a-w-        c:\users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-29 20:00        223432        ----a-w-        c:\users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-29 20:00        223432        ----a-w-        c:\users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"GMX Application {sync-000021}"="c:\users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe" [2014-06-04 792064]
"1und1DispatcherCorp"="c:\users\ConVo\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe" [2013-05-29 213640]
"GoogleChromeAutoLaunch_176129A81A4855DA76CA6BB73E9E1CEC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-30 852808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DailytoolsUpdateService;DailytoolsUpdateService;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 Search;Search;c:\program files (x86)\Search\WebSearch.exe;c:\program files (x86)\Search\WebSearch.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
DailytoolsInstallerService        REG_MULTI_SZ          DailytoolsInstallerService
DailytoolsUpdateService        REG_MULTI_SZ          DailytoolsUpdateService
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 18:48        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-08 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2014-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 06:53]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 20:29]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 1]
@="{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}"
[HKEY_CLASSES_ROOT\CLSID\{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}]
2014-06-04 16:17        373248        ----a-w-        c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 2]
@="{0575AB16-E932-4160-8936-4DBE195BDBD7}"
[HKEY_CLASSES_ROOT\CLSID\{0575AB16-E932-4160-8936-4DBE195BDBD7}]
2014-06-04 16:17        373248        ----a-w-        c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 3]
@="{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}"
[HKEY_CLASSES_ROOT\CLSID\{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}]
2014-06-04 16:17        373248        ----a-w-        c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 4]
@="{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}"
[HKEY_CLASSES_ROOT\CLSID\{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}]
2014-06-04 16:17        373248        ----a-w-        c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-29 20:00        262344        ----a-w-        c:\users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-29 20:00        262344        ----a-w-        c:\users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-29 20:00        262344        ----a-w-        c:\users\ConVo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2011-03-14 08:09        129864        ----a-w-        c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-10-09 229824]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>;www.joosoft.com
uInternet Settings,ProxyServer = http=127.0.0.1:8897;https=127.0.0.1:8897
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: facebook.com\apps
Trusted Zone: google-analytics.com
Trusted Zone: lidl.de\onlinenewsletter
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesPDLR - c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI05.00.00.01PRO"="965D7A9C3DC330F5328BEDF1C1D47A08E474F8343B70BC00D65F846BC138546BD86FF7F37DE66FC00D9BCBCE428CBFBA663D657DED6604B5F2A5CAF0A0BFE02E7E4D24083EE38BC1720C082045A040CA2162212F70D98A0247D79B7630ABDE38EF60E440EA1B019B195C3EAC125A400D381F9E90871D7B0B8209DBE4D1777DA00935B64622CFA3F4A8B2218125E7565AC0CE622FAAE65278456E896B1B81BE021B792B8A362C1AFAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D679472A213D6C3B4CC408CE8201E639964051291F363F0946C7567DEF2E843366276C9D3CF59914738DEAFA04F01B3F43D3FF319CF22BB95D437CDC1B4CED4F901DD25E88DD67DD2BA3727549C4A0A1E183B38772387F4AFC76BAE4007D4893FD7785F70BE14D60D4EFBF98C907FEF9393BD354D2B78854AA7074BB4FCE3C7F62D8CC81F6A9C1E92C0E4A574C9EC24BAA10E33DF392308B2AC825A9CBCAAA6789EE3A3492B3D08E2332B995CF52299DB0BF6709933774C9B625B051A7F1A747D1D4BA7EA338AFEE19B8EBAB8DAEF76A4E7491D049029D5992911697294E530A36C94FD24C257A15545D0DEA0507095A22958DD53DF315C2633291990DD090EEFA71647B53240BF6A4B39D35143FC054D907ACC5AC24B4B9E0AAC1C0252BE78C639A917886D235FAEA1915A2833B5887B350E7613EDF6C24489A66AF87A0A89F2E2AB72A573A0BA978DA9252BB37C15E801EFDA192B78943E6029724A752F93A2B9FE56BDD5213D7BA7D35C026FF9D5B7B30671AE56D9CA139148177077379B68260930A23F4D0C955F669B77A018296B603621B863E39EB1779C2E0AC4EE58BBE333E4CAE7937905753B747D1786226CEC6DC6BED4AA01EBBBC280D7B6E837F4866AC9D220A5904E80B26925393886861599B5EEC37E94F5DEDB4E41BDF858D3EF212AF7CB7A8ED7682FF2297EE4526B67B0AF1A60FAB069B40D47CEDAB8117B5ACD461EE04C65ED6E167C64F108B2AEC4A87135EA79E2C5657D132F2606697051E8CECB6C183A3FA053E755355F0AC866FDA458B69B68E9EBDA4BB2C7819D9EB770ED2C0CA1E560E65588A1FBEEEE1656306CC0AE45359B18557D517D0F1E5440E5BB8DF36DF5C6FA8D25118F7D2DD6F2C25DD0509E71858E22AB241CD890C2F54F49E26B47ADCEE973FA0F4A174230EFBD7F0BAC14F8B446784CE809CCCD80B3B698C4CCBC01B79582392B9E0961AA52AB511967555B998B17C9023D9BDF89A9A8A0EB091F9926B3B8841A0FE86F31769D4349BC565A0AFDBC817448B909BA5FB64DB7A105D59FCE187533358B88168A26B98AF7506F4091AF46EB4CE0BD57AB777C2C2FC94611C3A8"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-08  19:13:48
ComboFix-quarantined-files.txt  2014-09-08 17:13
.
Vor Suchlauf: 14 Verzeichnis(se), 89.548.787.712 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 89.124.823.040 Bytes frei
.
- - End Of File - - 50D2197BBFFDF04CBF6BB0297ED2AC73
5C616939100B85E558DA92B899A0FC36

schrauber 08.09.2014 19:24
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

petramueller 11.09.2014 05:58
Hallo,

sorry für die späten Posts.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10.09.2014 18:47:23, SYSTEM, CONVO-MOBILE-NE, Protection, Malware Protection, Starting,
Protection, 10.09.2014 18:47:26, SYSTEM, CONVO-MOBILE-NE, Protection, Malware Protection, Started,
Protection, 10.09.2014 18:47:26, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Starting,
Update, 10.09.2014 18:47:48, SYSTEM, CONVO-MOBILE-NE, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1,
Update, 10.09.2014 18:47:58, SYSTEM, CONVO-MOBILE-NE, Manual, Malware Database, 2014.3.4.9, 2014.9.10.7,
Protection, 10.09.2014 18:48:00, SYSTEM, CONVO-MOBILE-NE, Protection, Refresh, Starting,
Protection, 10.09.2014 18:48:21, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Started,
Protection, 10.09.2014 18:48:21, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Stopping,
Protection, 10.09.2014 18:48:21, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Stopped,
Protection, 10.09.2014 18:49:40, SYSTEM, CONVO-MOBILE-NE, Protection, Refresh, Success,
Protection, 10.09.2014 18:49:40, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Starting,
Protection, 10.09.2014 18:49:40, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Started,
Update, 10.09.2014 19:32:44, SYSTEM, CONVO-MOBILE-NE, Scheduler, Rootkit Database, 2014.8.21.1, 2014.9.10.2,
Protection, 10.09.2014 19:32:47, SYSTEM, CONVO-MOBILE-NE, Protection, Refresh, Starting,
Protection, 10.09.2014 19:32:47, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Stopping,
Protection, 10.09.2014 19:32:48, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Stopped,
Protection, 10.09.2014 19:35:56, SYSTEM, CONVO-MOBILE-NE, Protection, Refresh, Success,
Protection, 10.09.2014 19:35:57, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Starting,
Protection, 10.09.2014 19:36:06, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Started,
Update, 10.09.2014 20:45:43, SYSTEM, CONVO-MOBILE-NE, Scheduler, Malware Database, 2014.9.10.7, 2014.9.10.8,
Protection, 10.09.2014 20:45:48, SYSTEM, CONVO-MOBILE-NE, Protection, Refresh, Starting,
Protection, 10.09.2014 20:45:48, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Stopping,
Protection, 10.09.2014 20:45:50, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Stopped,
Protection, 10.09.2014 20:46:07, SYSTEM, CONVO-MOBILE-NE, Protection, Refresh, Success,
Protection, 10.09.2014 20:46:07, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Starting,
Protection, 10.09.2014 20:46:56, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Started,
Protection, 10.09.2014 21:02:39, SYSTEM, CONVO-MOBILE-NE, Protection, Malware Protection, Starting,
Protection, 10.09.2014 21:02:39, SYSTEM, CONVO-MOBILE-NE, Protection, Malware Protection, Started,
Protection, 10.09.2014 21:02:39, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Starting,
Protection, 10.09.2014 21:08:59, SYSTEM, CONVO-MOBILE-NE, Protection, Malicious Website Protection, Started,

(end)

Code:
# AdwCleaner v3.309 - Bericht erstellt am 10/09/2014 um 22:11:19
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ConVo - CONVO-MOBILE-NE
# Gestartet von : C:\Users\ConVo\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : DailytoolsUpdateService
Dienst Gelöscht : Search

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\Search
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\ConVo\AppData\Local\genienext
Ordner Gelöscht : C:\Users\ConVo\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\ConVo\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\Extensions\DTToolbar@toolbarnet.com
Datei Gelöscht : C:\Windows\SysWOW64\update1.dll
Datei Gelöscht : C:\Windows\System32\update1.dll
Datei Gelöscht : C:\Users\ConVo\daemonprocess.txt
Datei Gelöscht : C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\ConVo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v

[ Datei : C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL");
Zeile gelöscht : user_pref("extensions.unitedinternet.search.termsJSON", "[{\"searchterm\":\"Promo codes Las Vegas\",\"visited\":\"2011-12-29T19:52:48.501Z\"},{\"searchterm\":\"delta.com\",\"visited\":\"2012-01-02T11:[...]

-\\ Google Chrome v37.0.2062.103

[ Datei : C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1403900922&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1403944179&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1406280258&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626
Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

[ Datei : C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8289 octets] - [10/09/2014 22:05:30]
AdwCleaner[S0].txt - [7692 octets] - [10/09/2014 22:11:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7752 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ConVo on 11.09.2014 at  0:41:04,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\Users\ConVo\AppData\Roaming\simplitec"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0108934A-A795-496F-8BB8-E450F4E7837F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0153ACEA-98DC-46FA-BB03-5601C488EBA3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{01C855E2-FA99-4896-986D-31AAC99FFBC9}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{06AF7E6B-EE6E-41A3-87DA-63DF15AB0988}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{07473E54-C607-4F9E-81C3-C70821FE5094}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0877125E-6649-4022-83E3-9776E986CA6F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{09769AF3-0016-4F5E-A508-67E929D94912}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0C576BB0-6B5A-48C8-B8B6-20D181326FFA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0D12B671-00D3-4840-8C5C-3CC3C189D7E6}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0D28EE94-CA85-4AB3-81B2-5BAD6CD3EED1}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{0E8B08F3-C605-4557-B75B-C647E6337EBE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{101735FC-FF97-41B4-906A-C3D5B3CFCEE2}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{109FDD22-6CD0-45A1-B987-F0EE5A0889F7}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1142873E-252F-42DB-A836-2D40BA2507B2}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{125E1728-738D-407E-85E9-6CB243C91A7F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{14AE2ACF-89D1-4D05-B0BC-5D1BA6FEA978}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{153215C5-DDB3-462C-8D63-F6F7CD022876}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{154B4B13-3842-42CC-81CD-91DBA1061A4F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{15832856-206A-4FC0-89A0-F9D22F1870F3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{172215BC-7AAD-4CBB-9C1B-63BEF3699EA9}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1755FD77-C01D-44C8-AC85-37E7D61D89C3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{178596F3-0A3C-4697-8892-8A89DFC984B2}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{17E09F4D-C283-4586-AD9F-7889AAF24C59}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{19DD5AA9-2F8E-4C52-9D14-7EC7E6511BBE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1AC60BB4-07B9-4C6B-B515-D8F3A1B9D675}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1BC860ED-9C50-4CE0-8CFC-96D476B75919}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1C28DE5F-6E82-4891-8F25-C84DE4C595AA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1C4A9B97-F055-4CF9-A2AF-32FC7DDEBCE8}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1C909561-29E4-452E-A6DC-1CCAF4E05233}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1CCFFBB5-1F67-40C2-8BAE-8272848F6568}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{1FA0DADE-03C7-4980-B5D7-4FBE7F982C2F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{211849AA-6CE0-4ABC-B6A3-6E717017B2F3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{21E3F362-82BA-48C3-9B91-1FC4E37B6080}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{239F62B5-9CD8-44D4-8187-354499776779}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{243B6985-7A1B-4692-985F-E48962B2ED52}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2702268B-0FCF-4D01-9920-C959DAE5A741}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{27A16EC2-8191-4FDD-A4C6-84429E12FF40}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2875803E-9D67-44DA-B386-63AFEEA3B75A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2965A5BD-6C3B-4132-83C2-2E550D86471F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2B672B97-91AB-4677-AE35-7B4403DA9D82}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2CCFCA3E-4E2B-49EC-B6C4-D8BC874C83CF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2D502410-BC53-4198-A55F-2D85A08C0335}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{2E116EFF-C80B-434A-8DC3-0DFD1E4B7655}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{307476FC-85DB-42C2-986E-054A3A1F62FD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{309D44E0-D77E-4EA5-BF59-1A0CAABF8930}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{32E8CB7D-E9A4-4F1E-924A-6480403AC2AF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{3428236F-2313-4516-AE2A-F110D32197A7}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{34F47AD8-B48E-4BA5-8CD0-A169E95008FB}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{354B134A-70CC-4FDA-A2CB-BB2212FF86C1}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{354D4B8A-BA13-4372-9480-03AF5804244B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{365DD236-278E-40CA-A34E-88ABA8DC8881}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{36FC9080-9D4D-4D7B-A5CA-C8CAADE189EA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{37C4E637-C593-4E68-9699-6888435B5F15}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{38F2DD49-6D77-4C26-9BFE-BD350FA940FB}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{39690825-1221-4346-B8B7-C32401AD596A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{3BEC0C53-7493-496A-9BDE-E7EDBAF41847}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{3D330D30-F5E7-4F70-B86A-9621625362BA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{3DCDD004-195C-4C7F-9D1C-40C84FEF0DDD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{3F8EC7A5-6873-460C-B617-A2062DBA0B0B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{41268B9C-5109-4604-BC46-4ABF292679A4}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4374CFEE-EE78-4229-8DAB-EC76F73183BC}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4493E549-54C9-486E-BF4A-70F35BC69B28}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4614E2B6-6EFB-424A-B4DF-9B9CC34F9168}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4A22ACBE-3D05-48CD-8647-8706A63324C5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4B52185A-3A2F-4D4D-9D72-1025E64E4F64}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4C5B9884-981B-4FFA-A500-8CEBCFAC3BAD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4C9672B1-ACCE-4006-94B2-7B052BCD4450}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4D953FB6-4077-4C15-9F57-AEF3C681659C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4EEFC289-1DE0-47AD-A825-44AE996F67CD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4FCF85D5-6577-45CC-BEA7-8F7DC6B78F63}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{4FEEC6AD-2093-431B-8310-4F8E3F28C67D}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{50F0C0B0-093A-4E01-AF84-13458711A84B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{53BB37D8-441B-46E7-A325-4E606371AC27}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{5474ACC6-431F-4BDA-A861-77D08D36D4FF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{556938B6-59D2-422D-BCDB-DF1A67FF8ADF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{581279B8-81FF-481E-BA06-86AF2518D356}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{5A8D6153-69B2-4516-896F-AFB507E19968}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{5B5429E7-C465-4F2F-8E93-768B11D529A3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{5B5AB676-391B-427A-9314-8327D3B1B351}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{5E5D5C90-C14C-4CFC-BF95-B811B0321C71}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{5E74A068-8EDD-423B-8DDE-6FE7FCE19E23}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{60C7BBBC-EF6B-4D93-AB34-713E06B0536A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{60E397FC-C686-48AC-AB3D-C95C50A6A480}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{613679B6-1DAD-43AE-9C6E-361F8973CF97}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{6338FF3C-4858-444A-9CAE-7414C266AD35}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{63EABF81-836A-4807-9529-54FF37E428ED}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{64326A5B-5906-4AAE-8E9A-0AD0B70E44DB}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{64440CBA-ABA5-4E9F-928E-3194240BC8B8}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{66DCDC64-81D5-4112-814B-D5FB32D9C427}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{69512740-C62B-4742-B62F-9E922E595A6D}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{6A8DD756-E4C4-4754-A262-7D5D9A8504CD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{6C583D27-8BF6-4884-953B-99B3C3264450}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{6E2CF597-0D6D-45BE-A000-F3D4CCE04CAC}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{6F2F4CE8-DB47-4797-AE38-C7B98F4CAFF5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7058A83F-4D53-43F6-AD24-B22A577AB6A3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{708C82A6-FFAB-4C24-8816-8B999B594F63}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{71B03A56-D96D-4153-B7B7-B2CF54D707B5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{726A48B6-695F-420F-831E-1BEEEF16AF9F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{73313CF6-F5C3-4478-BD79-2E8F4D2AC04E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{760207BD-3EAF-4D20-97CF-5205E3AA73C1}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{760CD843-057C-4CB4-ACBE-67F9E6449FDD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{78444A20-84B3-4951-8998-DF6C1DA3DE1A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{793C4A21-1BF5-4EFF-AC6F-A37F08C6BBD1}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7B04AB04-23F4-4D8F-A716-7B0F4D66019B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7B3CFEE5-A5C0-4EF3-BF46-9B21F31B9F9C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7B553DCB-6274-4433-A690-9E52FD4CFA8E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7C1F0F8F-B455-4009-8E84-F96FA198EE60}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7C91D007-E6D4-4548-9A4D-5A123F93A6CF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7CE4BEBC-2FE1-4894-AB16-D20E2A11A7CB}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7CF4E23E-BF38-4ABE-8592-3F51CA6904C0}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7DE7731A-73CF-4B16-92BF-40EF63E24F3A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7E934087-868D-43F0-86FF-F4D747F0CE64}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7EED3717-CA96-43D4-9AEA-51A107A521D0}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{7F4ACC46-C985-4BCA-B5F1-ECA1F74F1DB7}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{800761C0-93DC-48C8-961E-2F82DC3B52FB}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{810FFD1C-EE2C-4D52-8B02-B6ED56744AD4}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{813E9040-9449-4946-AC74-221EC985073A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{83B6E9A7-FE55-4FE1-86FD-F55111E11B3B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{83D985F4-FEC5-4C7D-B710-A9FA08B7467F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{85C43283-D757-4E5E-BCE5-FDADC804D5A0}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{85F3973E-B460-48B6-90DB-4BA60D500FB9}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{8674DC29-6B99-4FBA-833C-7ADC50BA903B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{868FF6E8-FE41-4516-9977-63659F3AE3C7}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{882D1E54-A376-4C82-9A27-FACE866DE76D}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{8882D797-D736-497D-B470-7B780D563899}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{88B8B2CE-05D1-48C2-B498-45026BD6A0F9}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{88CED6EB-B7B5-4069-A655-AC4EC8147383}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{88F679AB-E05F-438F-85CA-80D6D93127C5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{89255068-BEE7-42D3-8BC1-E18E63D5C8BD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{8AB6A583-ACDA-4CFF-937C-49CFD23A9140}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{8F3976E4-8533-47AB-865A-25455DCF9D89}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{8F7C3A72-209A-4863-BD1F-BD4940A9D309}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{8FEEA7DB-BDAD-4030-A805-C399AF1FCF07}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{90333366-7807-4B5A-9EB8-F8B584B7D98E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{90CC5CF2-D065-4006-A5A5-3199F3823993}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{91E5B568-9F18-4611-AFA5-A914811C49A2}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{94DF8E77-AEFD-40B3-B14A-48BE35572E5C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{953D7C18-2330-4AF4-9791-E5ED378B393B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{95AFA5F6-BBA9-4A2E-96E6-15B05E722DDD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{96F44660-59D4-43FD-BD86-1B4CCF1A289A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{96F5FE91-4816-4132-ABCA-9BBB0CB85586}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{98F780AE-72BA-4304-8D19-8A6C64B9B1A3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{999A3045-70B1-49BD-B97F-163919758B0B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{999AC43D-9E21-4F12-BF06-0C7A59B87E9E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{9B8EAEC0-015B-455A-B8AE-91514253A099}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{9C03A1B6-3DD8-42D2-8EBB-EBDC69FCD7E4}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{9E1A7FFA-77AF-4646-AFE5-2477F5A5D745}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{9E60C477-8776-4D64-9E88-2B925866030E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A04D379C-E9FB-456A-AEF9-B4D2460B67A7}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A15EFEF9-02D7-42A2-9855-F9381E23B7DA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A32068E3-9666-42E2-A7E8-F00FB002FE27}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A4E748F7-40D3-4C31-9D11-C11D24ED6BA8}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A5EF872B-6580-45F6-8ACB-75D1810A68E4}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A7545F37-C1B7-4FD4-87B2-4DEB1F6914C3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A7965C3F-1796-430B-91BE-D5ED8B7A3119}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A7BFBE84-C396-45A3-BBDF-DBB51CE99D1E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A7D8583A-D541-4E2B-AAC8-B271AB2B5D24}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{A9EB1F44-B0D3-48DC-A3CE-FBB8C38E9477}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{AB3662FD-25BC-4CE3-83CE-7058A78B2902}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{AE39709E-78F6-464C-A8E3-19389DE42DED}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{AEA38027-FAE0-4B9D-B106-A06B5DBCD7AE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{AEE1B408-F42E-430E-BC63-847FC6A9B2AA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{AF6ED8BF-1127-47D2-86B1-0052EA13E561}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{AFD74182-8CB6-483F-9928-BD9E5A5CC626}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B020C975-FB6D-458C-BBDC-DA8C338DF9CD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B186A6CA-7C18-4AB3-A8C5-E88EEAF32CF0}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B344B384-4B2C-4F6E-BC90-E83544E67494}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B5BB1C76-53FB-455C-8D71-2A3901DD091D}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B712CFAE-30DC-4AA4-83A4-6D8CCF494A3C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B8BF7B3E-E2EC-44E2-97EB-9410AE673BD1}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B8D7EA2C-566C-47C6-9CC9-92BDB7E629EA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{B9810BE2-03EF-477F-9580-1CDA830426E5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{BA280BBC-E722-4762-820F-CAAAED4A79BE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{BE7F7514-90DA-4E0D-84FE-BB0C2A3D0D46}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C05D81E0-1E5F-4B12-9ABB-6F0A9B7ADFCF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C0B9C47B-E4B2-4818-9A91-A056D813EA9F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C126A54C-39AA-468F-9986-B2765D9A5C93}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C19C873C-67FE-4EAB-BCCE-D72D49B6CCAE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C2D984EC-B345-4E65-A727-83D220BBFAD5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C398CB0C-EE0F-4662-80E5-3FEC552147B3}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C44E1602-6604-4DB9-A573-FB81A9D94DFF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C49B975C-F659-4FCA-8EE9-221112D9C771}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C5971345-A16B-494E-AFE0-0DC122E76A2C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C5B1ACF6-26D5-482F-BEFD-B812BCDAE497}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C6EC581D-DD38-417E-9E4A-C1A5740BB0E5}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C6EDF10E-CDF5-459E-AF45-A4AEA4B99724}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C87DA143-AFA8-4D9F-AFBA-18DF3722A744}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C936F07E-DF63-4C01-A701-182FB87538F6}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C9377AB8-EDED-4287-A89B-369623C4E7FD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{C9DC81BE-85BF-45A6-A3F5-34E3CCE44A05}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CA3A1EBF-D6B7-4AB7-B2D6-B5006485ED73}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CAAA8328-A0CB-4B14-8208-95178E51EF10}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CAEFC465-E83C-48B0-9362-29CD39006EAA}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CBFACF39-553C-4658-9276-AAC25E2431EB}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CDFB7DF3-CDDC-4EA7-AF43-C6C1BCD9CD82}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CEC4C459-86FE-49DD-A924-417521778663}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CF3B6DD6-AACA-47A7-8172-3E70DB6596CD}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{CF63A9B4-2532-47AA-B9CA-723938F45376}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D036B7A0-DB8E-4957-9BE2-FF7A4DB3253C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D05B0365-6AED-479A-B3E2-B7B6382CCE24}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D2ED7105-3526-4C95-BB41-DF277E9CA3CF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D39B335B-17AD-4691-945A-CFF9E614DF40}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D3CCC883-2ADD-4233-AC78-41B569F09C09}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D3D99AC8-84C2-4653-B392-92E1B78FEF6E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D3F72DA5-D5F1-49EC-922F-D8C323984633}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{D9358CEC-E90F-462E-9DF3-8B1987C8FF1F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{DC15BC16-C410-41B8-8DB9-564BB8BD0EDE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{DC93CEFF-4E11-46C7-9D57-A60484AFAE7E}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E01B957D-A69F-4395-B0EE-DFD465EED2D8}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E4BA6903-5E27-485A-AD90-4EBE7C271E21}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E61B45BC-AB6C-49D0-9CC4-59777CEEB45F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E63B74EA-1A6C-4C5F-A666-A8C56775A0CF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E7D439BB-D10A-4823-9626-202764AA6D73}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E813CAC7-D2EF-43A3-BDE4-CD33403EB973}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{E997697F-584F-4692-BC46-455817D5D288}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{EA4C6CFB-AA9D-499A-8150-786CE46BEE0F}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{EBA325AF-FD57-463A-8E26-AAA6635598CF}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{EBE60764-AFE8-4032-8BFB-9FD30E51C823}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{ED74DB43-0296-42C1-AF11-794056A480E6}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{EDD16DDC-E477-42B2-9B0B-E1AF7107DE0A}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{EE38A3CC-C7E2-43B2-A8EB-6567CF409AF2}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{EFFD5BBE-88A1-482F-8DCB-2A4A6046664B}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{F24369C9-7034-4805-82BE-0CF0EF17548C}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{F2B8E922-D8BD-415E-844B-CC7D26927AA8}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{F4AC87A2-A24F-4779-A737-D7AF832F7E4D}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{F57F6D3E-5775-4F44-87A9-2649FFD54B21}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{F87449AC-AD2B-48D1-8BC8-86AA806E8576}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{FA808D03-8C42-425C-94E8-047D009E74D8}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{FAD2605A-C88D-41CC-B4C2-A1C18C68D8E4}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{FCEAC551-61EC-4987-A939-501169C1F4BC}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{FF207882-BCD7-4FBC-AA58-288E57FD4CCE}
Successfully deleted: [Empty Folder] C:\Users\ConVo\appdata\local\{FFA02413-2AB3-4F07-9BF7-92073F08F0CA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2014 at  1:06:49,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by ConVo (administrator) on CONVO-MOBILE-NE on 11-09-2014 01:08:08
Running from C:\Users\ConVo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Windows\System32\atwtusb.exe
() C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(1&1 Mail & Media GmbH) C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [44152 2013-07-23] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [GMX Application {sync-000021}] => C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [792064 2014-06-04] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [1und1DispatcherCorp] => C:\Users\ConVo\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [213640 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [GoogleChromeAutoLaunch_176129A81A4855DA76CA6BB73E9E1CEC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 1 -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 2 -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 3 -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 4 -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers: OODIIcon -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 1 -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 2 -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 3 -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 4 -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\Extensions\toolbar@gmx.net.xpi [2012-06-24]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1403900922&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626", "hxxp://www.sweet-page.com/?type=hppp&ts=1403944179&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626", "hxxp://www.sweet-page.com/?type=hppp&ts=1406280258&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626"
CHR DefaultSearchKeyword: Default -> 190BEB7DB8D35DDAB98510C1D2FA8B1ED66DCC5D55B19A02DEE60F61C7302800
CHR DefaultSearchURL: Default -> D4DCF2C5A68EEDF11D99EA5879FCE3B2ED40E060CF6BA8195DF8C1E945F251B4
CHR Profile: C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Google-Suche) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Email this page (by Google)) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-01-24]
CHR Extension: (Print Using Google Cloud Print™) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg [2014-01-24]
CHR Extension: (AdBlock) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-25]
CHR Extension: (Night Time In New York City) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2014-06-06]
CHR Extension: (Print) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-08-28]
CHR Extension: (Google Mail) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-11-07] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-16] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-04-15] (NovaStor) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4034376 2011-03-14] ()
R2 WTService; C:\Windows\system32\atwtusb.exe [897536 2011-07-19] () [File not signed]
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 LanmanWorkstation; %SystemRoot%\System32\aptwwxm4j.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\SysWOW64\DRIVERS\ew_usbenumfilter.sys [13952 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-16] ()
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-03-03] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [117328 2011-03-14] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [40016 2011-03-14] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [215120 2011-03-14] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [43600 2011-03-14] (O&O Software GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-15] (Duplex Secure Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U3 a9zny2h6; C:\Windows\System32\Drivers\a9zny2h6.sys [0 ] (Elaborate Bytes AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ewusbnet; C:\Windows\SysWOW64\Drivers\ewusbnet.sys [256000 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 01:08 - 2014-09-11 01:08 - 00026936 _____ () C:\Users\ConVo\Desktop\FRST.txt
2014-09-11 01:08 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\ConVo\Desktop\FRST-OlderVersion
2014-09-11 01:06 - 2014-09-11 01:07 - 00025544 _____ () C:\Users\ConVo\Desktop\JRT.txt
2014-09-11 00:40 - 2014-09-11 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 00:39 - 2014-09-11 00:39 - 01016261 _____ (Thisisu) C:\Users\ConVo\Desktop\JRT.exe
2014-09-10 22:32 - 2014-09-10 22:32 - 00007864 _____ () C:\Users\ConVo\Desktop\AdwCleaner[S0].txt
2014-09-10 22:05 - 2014-09-10 22:12 - 00000000 ____D () C:\AdwCleaner
2014-09-10 21:55 - 2014-09-10 21:55 - 01370483 _____ () C:\Users\ConVo\Desktop\adwcleaner_3.309.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00003230 _____ () C:\Users\ConVo\Desktop\mbam.txt
2014-09-10 18:42 - 2014-09-10 18:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ConVo\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-08 19:13 - 2014-09-08 19:13 - 00035650 _____ () C:\ComboFix.txt
2014-09-08 18:10 - 2014-09-08 19:13 - 00000000 ____D () C:\Qoobox
2014-09-08 18:10 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-08 18:10 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-08 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-08 18:09 - 2014-09-08 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 18:06 - 2014-09-08 18:07 - 05576440 ____R (Swearware) C:\Users\ConVo\Desktop\ComboFix.exe
2014-09-08 17:56 - 2014-09-08 17:56 - 00001228 _____ () C:\Users\ConVo\Desktop\Revo Uninstaller.lnk
2014-09-08 17:56 - 2014-09-08 17:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 17:54 - 2014-09-08 17:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ConVo\Desktop\revosetup95.exe
2014-09-07 14:50 - 2014-09-07 14:53 - 00054967 _____ () C:\Users\ConVo\Desktop\Addition.txt
2014-09-07 14:47 - 2014-09-11 01:08 - 00000000 ____D () C:\FRST
2014-09-07 14:47 - 2014-09-07 14:53 - 00053811 _____ () C:\Users\ConVo\Desktop\FRST1.txt
2014-09-07 14:41 - 2014-09-07 14:41 - 00380416 _____ () C:\Users\ConVo\Desktop\vbikl2xq.exe
2014-09-07 14:40 - 2014-09-11 01:08 - 02105856 _____ (Farbar) C:\Users\ConVo\Desktop\FRST64.exe
2014-09-07 14:39 - 2014-09-07 14:39 - 00050477 _____ () C:\Users\ConVo\Desktop\Defogger.exe
2014-09-06 08:34 - 2014-09-10 22:14 - 00000392 _____ () C:\Windows\setupact.log
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 08:33 - 2014-09-10 22:13 - 00001418 _____ () C:\Windows\PFRO.log
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\OLEPRO32.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-08-28 09:53 - 2014-08-28 09:53 - 00000000 ____D () C:\TMRescueDisk
2014-08-28 09:50 - 2014-08-28 09:50 - 00001431 _____ () C:\Users\ConVo\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-08-28 09:50 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 09:49 - 2013-06-13 08:35 - 00100640 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-08-28 09:49 - 2013-05-15 12:23 - 00303392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00117312 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00085936 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-08-28 09:48 - 2013-07-01 15:08 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-08-28 09:48 - 2011-08-22 17:33 - 00105744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
2014-08-28 09:47 - 2014-08-28 09:47 - 00003282 _____ () C:\Windows\System32\Tasks\Titanium BTC
2014-08-28 09:44 - 2014-08-28 09:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 09:44 - 2014-08-28 09:44 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-08-28 09:42 - 2014-09-07 14:08 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-28 09:42 - 2014-08-28 09:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 09:27 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Local\Trend Micro
2014-08-28 09:13 - 2014-08-28 09:19 - 116265320 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-08-27 23:35 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:35 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:35 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 05:01 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 05:01 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 05:01 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 05:01 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 05:01 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 05:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 05:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 05:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 05:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-21 18:36 - 2014-08-21 18:36 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Nero
2014-08-18 07:27 - 2014-08-18 07:28 - 04813544 _____ (Piriform Ltd) C:\Users\Stephan\Downloads\ccsetup416.exe
2014-08-17 18:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 18:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 18:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 18:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 18:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 18:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 18:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 18:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 17:34 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 17:34 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 17:34 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 17:34 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 17:34 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 17:34 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 17:34 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 17:34 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 17:34 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 17:34 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 17:34 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 17:34 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 17:34 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 17:34 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 17:34 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 17:34 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 17:34 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 17:34 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 17:33 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 17:33 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 17:33 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 17:33 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 17:33 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 17:33 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 17:33 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 17:33 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 17:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 17:33 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 17:33 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 17:33 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 17:33 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 17:33 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 17:33 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 17:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 17:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 17:33 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 17:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 17:33 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 17:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 17:33 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 17:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 17:33 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 17:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 17:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 17:33 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 17:33 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 17:33 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 17:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 17:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 17:33 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 17:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 17:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 17:33 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 17:33 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 17:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 17:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 17:22 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 17:22 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 17:04 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 17:04 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 17:02 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 17:02 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 17:02 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 16:57 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 16:50 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 16:50 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-17 16:49 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 16:49 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 01:10 - 2014-09-11 01:08 - 00026936 _____ () C:\Users\ConVo\Desktop\FRST.txt
2014-09-11 01:08 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\ConVo\Desktop\FRST-OlderVersion
2014-09-11 01:08 - 2014-09-07 14:47 - 00000000 ____D () C:\FRST
2014-09-11 01:08 - 2014-09-07 14:40 - 02105856 _____ (Farbar) C:\Users\ConVo\Desktop\FRST64.exe
2014-09-11 01:08 - 2014-07-05 21:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 01:07 - 2014-09-11 01:06 - 00025544 _____ () C:\Users\ConVo\Desktop\JRT.txt
2014-09-11 01:00 - 2011-10-27 21:52 - 00000386 _____ () C:\Windows\Tasks\Acer Registration - Data Sending task.job
2014-09-11 00:46 - 2014-01-22 22:29 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 00:45 - 2012-04-06 13:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 00:40 - 2014-09-11 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 00:39 - 2014-09-11 00:39 - 01016261 _____ (Thisisu) C:\Users\ConVo\Desktop\JRT.exe
2014-09-10 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-09-10 22:32 - 2014-09-10 22:32 - 00007864 _____ () C:\Users\ConVo\Desktop\AdwCleaner[S0].txt
2014-09-10 22:28 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 22:28 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 22:17 - 2014-01-22 22:29 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 22:15 - 2011-11-15 23:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-10 22:15 - 2009-07-14 04:34 - 00000493 _____ () C:\Windows\win.ini
2014-09-10 22:14 - 2014-09-06 08:34 - 00000392 _____ () C:\Windows\setupact.log
2014-09-10 22:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 22:13 - 2014-09-06 08:33 - 00001418 _____ () C:\Windows\PFRO.log
2014-09-10 22:13 - 2011-10-27 15:15 - 01198531 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 22:12 - 2014-09-10 22:05 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:11 - 2011-12-08 10:48 - 00000999 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-10 22:11 - 2011-10-27 21:49 - 00000000 ____D () C:\Users\ConVo
2014-09-10 21:55 - 2014-09-10 21:55 - 01370483 _____ () C:\Users\ConVo\Desktop\adwcleaner_3.309.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00003230 _____ () C:\Users\ConVo\Desktop\mbam.txt
2014-09-10 18:46 - 2012-04-06 13:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 18:46 - 2012-04-06 13:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:46 - 2011-10-28 13:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 18:44 - 2014-07-05 21:52 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 18:44 - 2014-07-05 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 18:44 - 2014-07-05 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 18:42 - 2014-09-10 18:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ConVo\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-08 19:13 - 2014-09-08 19:13 - 00035650 _____ () C:\ComboFix.txt
2014-09-08 19:13 - 2014-09-08 18:10 - 00000000 ____D () C:\Qoobox
2014-09-08 19:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 19:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-08 18:07 - 2014-09-08 18:06 - 05576440 ____R (Swearware) C:\Users\ConVo\Desktop\ComboFix.exe
2014-09-08 17:56 - 2014-09-08 17:56 - 00001228 _____ () C:\Users\ConVo\Desktop\Revo Uninstaller.lnk
2014-09-08 17:56 - 2014-09-08 17:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 17:54 - 2014-09-08 17:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ConVo\Desktop\revosetup95.exe
2014-09-07 22:12 - 2011-10-28 12:59 - 00000000 ____D () C:\Users\ConVo\Documents\Outlook-Dateien
2014-09-07 20:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-07 14:53 - 2014-09-07 14:50 - 00054967 _____ () C:\Users\ConVo\Desktop\Addition.txt
2014-09-07 14:53 - 2014-09-07 14:47 - 00053811 _____ () C:\Users\ConVo\Desktop\FRST1.txt
2014-09-07 14:41 - 2014-09-07 14:41 - 00380416 _____ () C:\Users\ConVo\Desktop\vbikl2xq.exe
2014-09-07 14:39 - 2014-09-07 14:39 - 00050477 _____ () C:\Users\ConVo\Desktop\Defogger.exe
2014-09-07 14:08 - 2014-08-28 09:42 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\OLEPRO32.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-09-06 00:58 - 2014-01-23 20:22 - 00000036 _____ () C:\Users\ConVo\AppData\Local\housecall.guid.cache
2014-09-06 00:30 - 2012-11-16 00:10 - 00000000 ____D () C:\ProgramData\Avira
2014-09-06 00:29 - 2012-11-16 00:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-02 22:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-29 23:44 - 2011-10-27 04:18 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-29 23:44 - 2011-10-27 04:18 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-29 23:44 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 11:40 - 2014-04-29 22:02 - 00002394 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-28 11:40 - 2013-12-09 22:00 - 00001458 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX MediaCenter.lnk
2014-08-28 09:53 - 2014-08-28 09:53 - 00000000 ____D () C:\TMRescueDisk
2014-08-28 09:50 - 2014-08-28 09:50 - 00001431 _____ () C:\Users\ConVo\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-08-28 09:50 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 09:50 - 2014-08-28 09:27 - 00000000 ____D () C:\Users\ConVo\AppData\Local\Trend Micro
2014-08-28 09:47 - 2014-08-28 09:47 - 00003282 _____ () C:\Windows\System32\Tasks\Titanium BTC
2014-08-28 09:44 - 2014-08-28 09:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 09:44 - 2014-08-28 09:44 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-08-28 09:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-28 09:43 - 2014-08-28 09:42 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 09:19 - 2014-08-28 09:13 - 116265320 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-08-28 08:58 - 2009-07-14 06:45 - 00428424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2011-10-28 11:37 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-27 23:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:35 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:36 - 2014-08-21 18:36 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Nero
2014-08-21 18:34 - 2014-03-21 20:39 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Apple Computer
2014-08-20 20:37 - 2013-02-01 11:52 - 00000000 ____D () C:\001-Daten
2014-08-19 22:53 - 2011-12-11 22:18 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Skype
2014-08-19 22:33 - 2013-02-13 22:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-19 22:33 - 2011-12-11 22:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-18 07:30 - 2013-04-07 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 07:28 - 2014-08-18 07:27 - 04813544 _____ (Piriform Ltd) C:\Users\Stephan\Downloads\ccsetup416.exe
2014-08-18 07:28 - 2013-12-22 17:13 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 07:28 - 2012-08-27 05:27 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-18 07:28 - 2012-08-27 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 07:28 - 2012-08-27 05:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 04:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 19:21 - 2011-10-28 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 19:11 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 19:01 - 2011-11-01 18:14 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 18:52 - 2014-05-12 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 18:48 - 2014-03-21 20:47 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Google
2014-08-17 16:14 - 2014-03-21 20:39 - 00115344 _____ () C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\ConVo\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 20:19

==================== End Of Log ============================
--- --- ---

--- --- ---



Wie immer herzlichen Dank für die tolle Unterstützung.

Petra

schrauber 11.09.2014 19:27

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

petramueller 15.09.2014 05:20
Hi,

hier das erste logfilefile, Rest folgt as soon as possible.
Wie immer lieben Dank für die Arbeit.



Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0a8ef629ef3fee418e06b748233c0658
# engine=20145
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-14 09:38:41
# local_time=2014-09-14 11:38:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Titanium Maximum Security'
# compatibility_mode=522 16777213 100 100 772488 36137399 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 185291 162360571 0 0
# scanned=489313
# found=18
# cleaned=0
# scan_time=44593
sh=E8947BDD671CAA771A97348E9C381DADD4C830C1 ft=1 fh=9db6401399e3e15e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\001-Daten\Downloads\foto_grafik_designer_2013_175mb_d.exe"
sh=45D6A6F13C41102DAA9B7AE6F97F614E93C162B8 ft=1 fh=8ec5661d7350c059 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\001-Daten\Downloads\install_flash_player_32bit.exe"
sh=CF128D801BC277FD1EB50D638287E38FCC456CC5 ft=1 fh=1c350b8388975ed2 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\001-Daten\Fotosoftware\programme\ashampoo_photo_commander_9_9.4.2_10523.exe"
sh=9B9591DB2FF219D15BC0DB97E6073C8F313CB53F ft=1 fh=584d2b9399f08440 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\ConVo\Downloads\avira_free_antivirus_de (1).exe"
sh=9B9591DB2FF219D15BC0DB97E6073C8F313CB53F ft=1 fh=584d2b9399f08440 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\ConVo\Downloads\avira_free_antivirus_de.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\ConVo\Downloads\ccsetup409.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\ConVo\Downloads\ccsetup411.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Stephan\Downloads\ccsetup416.exe"
sh=ED72F5BBCAB3AECEAE89495DF7F0FCC39295CFC7 ft=1 fh=25323ec16c75ffc6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI1266.tmp"
sh=ED72F5BBCAB3AECEAE89495DF7F0FCC39295CFC7 ft=1 fh=25323ec16c75ffc6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI178B.tmp"
sh=ED72F5BBCAB3AECEAE89495DF7F0FCC39295CFC7 ft=1 fh=25323ec16c75ffc6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI46AC.tmp"
sh=ED72F5BBCAB3AECEAE89495DF7F0FCC39295CFC7 ft=1 fh=25323ec16c75ffc6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI5CC2.tmp"
sh=ED72F5BBCAB3AECEAE89495DF7F0FCC39295CFC7 ft=1 fh=25323ec16c75ffc6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSIA990.tmp"
sh=ED72F5BBCAB3AECEAE89495DF7F0FCC39295CFC7 ft=1 fh=25323ec16c75ffc6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSIC4E6.tmp"
sh=004039E60191AD440DBD259CDB87BD8092284440 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z"
sh=FECAF7BBAEEF3ED39DD29D8910E57E6FF253928C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z"
sh=004039E60191AD440DBD259CDB87BD8092284440 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z"
sh=FECAF7BBAEEF3ED39DD29D8910E57E6FF253928C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z"

schrauber 15.09.2014 18:46
ich warte dann :)

petramueller 15.09.2014 21:07
... und nun das nächste log


Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Trend Micro Titanium Maximum Security 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55 
 Java version out of Date!
 Adobe Flash Player 15.0.0.152 
 Adobe Reader 10.1.11 Adobe Reader out of Date! 
 Google Chrome 37.0.2062.103 
 Google Chrome 37.0.2062.120 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro Titanium plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe
 Trend Micro AMSP module 20004\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
 Trend Micro AMSP module 20002\8.0.1173\8.0.1173\chrome_extension2\host\chrome_native_msg_host.exe
 Trend Micro Titanium UIFramework Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

... und ein neues frst


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by ConVo (administrator) on CONVO-MOBILE-NE on 15-09-2014 22:04:36
Running from C:\Users\ConVo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Windows\System32\atwtusb.exe
() C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(1&1 Mail & Media GmbH) C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\ConVo\Desktop\SecurityCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [44152 2013-07-23] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [GMX Application {sync-000021}] => C:\Users\ConVo\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [792064 2014-06-04] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [1und1DispatcherCorp] => C:\Users\ConVo\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [213640 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-851625814-3518592554-1989338486-1000\...\Run: [GoogleChromeAutoLaunch_176129A81A4855DA76CA6BB73E9E1CEC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 1 -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 2 -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 3 -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers:  1&1 Sync Overlay 4 -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers: OODIIcon -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 1 -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 2 -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 3 -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32:  1&1 Sync Overlay 4 -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140623183337509.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\ConVo\AppData\Roaming\Mozilla\Firefox\Profiles\9ubdfwmg.default\Extensions\toolbar@gmx.net.xpi [2012-06-24]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325386&octid=EB_ORIGINAL_CTID&ISID=MF7FD9457-2BEB-4E30-8A0E-25ACC90B5DF3&SearchSource=55&CUI=&UM=5&UP=SP01D69680-845A-48BC-A0B6-548C29F8ED19&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1403900922&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626", "hxxp://www.sweet-page.com/?type=hppp&ts=1403944179&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626", "hxxp://www.sweet-page.com/?type=hppp&ts=1406280258&from=cor&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F396762667626"
CHR DefaultSearchKeyword: Default -> 190BEB7DB8D35DDAB98510C1D2FA8B1ED66DCC5D55B19A02DEE60F61C7302800
CHR DefaultSearchURL: Default -> D4DCF2C5A68EEDF11D99EA5879FCE3B2ED40E060CF6BA8195DF8C1E945F251B4
CHR Profile: C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Google-Suche) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Email this page (by Google)) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-01-24]
CHR Extension: (Print Using Google Cloud Print™) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg [2014-01-24]
CHR Extension: (AdBlock) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-25]
CHR Extension: (Night Time In New York City) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2014-06-06]
CHR Extension: (Print) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-08-28]
CHR Extension: (Google Mail) - C:\Users\ConVo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-11-07] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-16] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-04-15] (NovaStor) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4034376 2011-03-14] ()
R2 WTService; C:\Windows\system32\atwtusb.exe [897536 2011-07-19] () [File not signed]
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 LanmanWorkstation; %SystemRoot%\System32\aptwwxm4j.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\SysWOW64\DRIVERS\ew_usbenumfilter.sys [13952 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-16] ()
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-03-03] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [117328 2011-03-14] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [40016 2011-03-14] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [215120 2011-03-14] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [43600 2011-03-14] (O&O Software GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-15] (Duplex Secure Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U3 ae1yzzkb; C:\Windows\System32\Drivers\ae1yzzkb.sys [0 ] (Elaborate Bytes AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ewusbnet; C:\Windows\SysWOW64\Drivers\ewusbnet.sys [256000 2013-03-03] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 20:24 - 2014-09-15 20:24 - 00854417 _____ () C:\Users\ConVo\Desktop\SecurityCheck.exe
2014-09-14 11:00 - 2014-09-14 11:02 - 00000000 ____D () C:\Users\ConVo\Desktop\Stick 8 GB
2014-09-14 10:18 - 2014-09-14 10:18 - 02347384 _____ (ESET) C:\Users\ConVo\Desktop\esetsmartinstaller_deu.exe
2014-09-14 08:27 - 2014-09-14 08:27 - 00003552 ____N () C:\bootsqm.dat
2014-09-14 08:25 - 2014-09-14 08:25 - 00000000 __SHD () C:\found.000
2014-09-12 00:24 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:24 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:24 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:24 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:24 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:24 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:24 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:24 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:24 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:24 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:24 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:24 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:24 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:24 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:24 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:24 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:24 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:24 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:24 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:24 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:24 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:24 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:24 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:24 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:24 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:24 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:24 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:24 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:24 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:24 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:24 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:24 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:24 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:24 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:24 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:24 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:24 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:24 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:24 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:24 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:24 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:24 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:24 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 23:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 22:42 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 22:42 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 22:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 22:42 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 22:42 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 22:41 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 22:41 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 22:38 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 22:38 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 22:36 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 22:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 01:08 - 2014-09-15 22:04 - 00028404 _____ () C:\Users\ConVo\Desktop\FRST.txt
2014-09-11 01:08 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\ConVo\Desktop\FRST-OlderVersion
2014-09-11 01:06 - 2014-09-11 01:07 - 00025544 _____ () C:\Users\ConVo\Desktop\JRT.txt
2014-09-11 00:40 - 2014-09-11 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 00:39 - 2014-09-11 00:39 - 01016261 _____ (Thisisu) C:\Users\ConVo\Desktop\JRT.exe
2014-09-10 22:32 - 2014-09-10 22:32 - 00007864 _____ () C:\Users\ConVo\Desktop\AdwCleaner[S0].txt
2014-09-10 22:05 - 2014-09-10 22:12 - 00000000 ____D () C:\AdwCleaner
2014-09-10 21:55 - 2014-09-10 21:55 - 01370483 _____ () C:\Users\ConVo\Desktop\adwcleaner_3.309.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00003230 _____ () C:\Users\ConVo\Desktop\mbam.txt
2014-09-10 18:42 - 2014-09-10 18:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ConVo\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-08 19:13 - 2014-09-08 19:13 - 00035650 _____ () C:\ComboFix.txt
2014-09-08 18:10 - 2014-09-08 19:13 - 00000000 ____D () C:\Qoobox
2014-09-08 18:10 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-08 18:10 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-08 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-08 18:10 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-08 18:09 - 2014-09-08 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 18:06 - 2014-09-08 18:07 - 05576440 ____R (Swearware) C:\Users\ConVo\Desktop\ComboFix.exe
2014-09-08 17:56 - 2014-09-08 17:56 - 00001228 _____ () C:\Users\ConVo\Desktop\Revo Uninstaller.lnk
2014-09-08 17:56 - 2014-09-08 17:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 17:54 - 2014-09-08 17:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ConVo\Desktop\revosetup95.exe
2014-09-07 14:50 - 2014-09-07 14:53 - 00054967 _____ () C:\Users\ConVo\Desktop\Addition.txt
2014-09-07 14:47 - 2014-09-15 22:04 - 00000000 ____D () C:\FRST
2014-09-07 14:47 - 2014-09-07 14:53 - 00053811 _____ () C:\Users\ConVo\Desktop\FRST1.txt
2014-09-07 14:41 - 2014-09-07 14:41 - 00380416 _____ () C:\Users\ConVo\Desktop\vbikl2xq.exe
2014-09-07 14:40 - 2014-09-11 01:08 - 02105856 _____ (Farbar) C:\Users\ConVo\Desktop\FRST64.exe
2014-09-07 14:39 - 2014-09-07 14:39 - 00050477 _____ () C:\Users\ConVo\Desktop\Defogger.exe
2014-09-06 08:34 - 2014-09-15 20:18 - 00000728 _____ () C:\Windows\setupact.log
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 08:33 - 2014-09-15 20:16 - 00002244 _____ () C:\Windows\PFRO.log
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\OLEPRO32.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-08-28 09:53 - 2014-08-28 09:53 - 00000000 ____D () C:\TMRescueDisk
2014-08-28 09:50 - 2014-08-28 09:50 - 00001431 _____ () C:\Users\ConVo\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-08-28 09:50 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 09:49 - 2013-06-13 08:35 - 00100640 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-08-28 09:49 - 2013-05-15 12:23 - 00303392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00117312 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-08-28 09:48 - 2013-12-03 10:57 - 00085936 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-08-28 09:48 - 2013-07-01 15:08 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-08-28 09:48 - 2011-08-22 17:33 - 00105744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
2014-08-28 09:47 - 2014-08-28 09:47 - 00003282 _____ () C:\Windows\System32\Tasks\Titanium BTC
2014-08-28 09:44 - 2014-08-28 09:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 09:44 - 2014-08-28 09:44 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-08-28 09:42 - 2014-09-07 14:08 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-28 09:42 - 2014-08-28 09:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 09:27 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Local\Trend Micro
2014-08-28 09:13 - 2014-08-28 09:19 - 116265320 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-08-27 23:35 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:35 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:35 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 05:01 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 05:01 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 05:01 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 05:01 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 05:01 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 05:01 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 05:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 05:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 05:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 05:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-21 18:36 - 2014-08-21 18:36 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Nero
2014-08-18 07:27 - 2014-08-18 07:28 - 04813544 _____ (Piriform Ltd) C:\Users\Stephan\Downloads\ccsetup416.exe
2014-08-17 18:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 18:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 18:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 18:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 18:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 18:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 18:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 18:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 17:22 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 17:22 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 17:04 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 17:04 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 17:02 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 17:02 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 17:02 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 17:02 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 16:57 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 16:50 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 16:50 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 22:05 - 2014-09-11 01:08 - 00028404 _____ () C:\Users\ConVo\Desktop\FRST.txt
2014-09-15 22:04 - 2014-09-07 14:47 - 00000000 ____D () C:\FRST
2014-09-15 22:00 - 2011-10-27 21:52 - 00000386 _____ () C:\Windows\Tasks\Acer Registration - Data Sending task.job
2014-09-15 21:46 - 2014-01-22 22:29 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 21:45 - 2012-04-06 13:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 21:09 - 2014-07-05 21:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 20:29 - 2011-10-27 15:15 - 01172437 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 20:28 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:28 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:24 - 2014-09-15 20:24 - 00854417 _____ () C:\Users\ConVo\Desktop\SecurityCheck.exe
2014-09-15 20:19 - 2014-01-22 22:29 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 20:18 - 2014-09-06 08:34 - 00000728 _____ () C:\Windows\setupact.log
2014-09-15 20:18 - 2011-11-15 23:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-15 20:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 20:18 - 2009-07-14 04:34 - 00000493 _____ () C:\Windows\win.ini
2014-09-15 20:16 - 2014-09-06 08:33 - 00002244 _____ () C:\Windows\PFRO.log
2014-09-15 07:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-09-14 11:02 - 2014-09-14 11:00 - 00000000 ____D () C:\Users\ConVo\Desktop\Stick 8 GB
2014-09-14 11:00 - 2011-10-27 04:18 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-14 11:00 - 2011-10-27 04:18 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-14 11:00 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 10:18 - 2014-09-14 10:18 - 02347384 _____ (ESET) C:\Users\ConVo\Desktop\esetsmartinstaller_deu.exe
2014-09-14 08:27 - 2014-09-14 08:27 - 00003552 ____N () C:\bootsqm.dat
2014-09-14 08:25 - 2014-09-14 08:25 - 00000000 __SHD () C:\found.000
2014-09-12 00:22 - 2011-10-28 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:20 - 2014-02-25 23:06 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:18 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:56 - 2011-11-01 18:14 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:54 - 2014-05-12 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 22:48 - 2012-04-06 13:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 22:47 - 2012-04-06 13:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 22:47 - 2011-10-28 13:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 01:08 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\ConVo\Desktop\FRST-OlderVersion
2014-09-11 01:08 - 2014-09-07 14:40 - 02105856 _____ (Farbar) C:\Users\ConVo\Desktop\FRST64.exe
2014-09-11 01:07 - 2014-09-11 01:06 - 00025544 _____ () C:\Users\ConVo\Desktop\JRT.txt
2014-09-11 00:40 - 2014-09-11 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 00:39 - 2014-09-11 00:39 - 01016261 _____ (Thisisu) C:\Users\ConVo\Desktop\JRT.exe
2014-09-10 22:32 - 2014-09-10 22:32 - 00007864 _____ () C:\Users\ConVo\Desktop\AdwCleaner[S0].txt
2014-09-10 22:12 - 2014-09-10 22:05 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:11 - 2011-12-08 10:48 - 00000999 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-10 22:11 - 2011-10-27 21:49 - 00000000 ____D () C:\Users\ConVo
2014-09-10 21:55 - 2014-09-10 21:55 - 01370483 _____ () C:\Users\ConVo\Desktop\adwcleaner_3.309.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00003230 _____ () C:\Users\ConVo\Desktop\mbam.txt
2014-09-10 18:44 - 2014-07-05 21:52 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 18:44 - 2014-07-05 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 18:44 - 2014-07-05 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 18:42 - 2014-09-10 18:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ConVo\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-08 19:13 - 2014-09-08 19:13 - 00035650 _____ () C:\ComboFix.txt
2014-09-08 19:13 - 2014-09-08 18:10 - 00000000 ____D () C:\Qoobox
2014-09-08 19:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 19:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-08 18:07 - 2014-09-08 18:06 - 05576440 ____R (Swearware) C:\Users\ConVo\Desktop\ComboFix.exe
2014-09-08 17:56 - 2014-09-08 17:56 - 00001228 _____ () C:\Users\ConVo\Desktop\Revo Uninstaller.lnk
2014-09-08 17:56 - 2014-09-08 17:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 17:54 - 2014-09-08 17:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ConVo\Desktop\revosetup95.exe
2014-09-07 22:12 - 2011-10-28 12:59 - 00000000 ____D () C:\Users\ConVo\Documents\Outlook-Dateien
2014-09-07 20:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-07 14:53 - 2014-09-07 14:50 - 00054967 _____ () C:\Users\ConVo\Desktop\Addition.txt
2014-09-07 14:53 - 2014-09-07 14:47 - 00053811 _____ () C:\Users\ConVo\Desktop\FRST1.txt
2014-09-07 14:41 - 2014-09-07 14:41 - 00380416 _____ () C:\Users\ConVo\Desktop\vbikl2xq.exe
2014-09-07 14:39 - 2014-09-07 14:39 - 00050477 _____ () C:\Users\ConVo\Desktop\Defogger.exe
2014-09-07 14:08 - 2014-08-28 09:42 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\OLEPRO32.DLL
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyVCD.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\ElbyCDIO.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-09-06 01:42 - 2014-09-06 01:42 - 00000000 _____ () C:\Windows\system32\atiu9pag.DLL
2014-09-06 00:58 - 2014-01-23 20:22 - 00000036 _____ () C:\Users\ConVo\AppData\Local\housecall.guid.cache
2014-09-06 00:30 - 2012-11-16 00:10 - 00000000 ____D () C:\ProgramData\Avira
2014-09-06 00:29 - 2012-11-16 00:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-05 04:10 - 2014-09-11 22:38 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 22:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 22:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-28 11:40 - 2014-04-29 22:02 - 00002394 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-28 11:40 - 2013-12-09 22:00 - 00001458 _____ () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX MediaCenter.lnk
2014-08-28 09:53 - 2014-08-28 09:53 - 00000000 ____D () C:\TMRescueDisk
2014-08-28 09:50 - 2014-08-28 09:50 - 00001431 _____ () C:\Users\ConVo\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-08-28 09:50 - 2014-08-28 09:50 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 09:50 - 2014-08-28 09:27 - 00000000 ____D () C:\Users\ConVo\AppData\Local\Trend Micro
2014-08-28 09:47 - 2014-08-28 09:47 - 00003282 _____ () C:\Windows\System32\Tasks\Titanium BTC
2014-08-28 09:44 - 2014-08-28 09:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 09:44 - 2014-08-28 09:44 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-08-28 09:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-28 09:43 - 2014-08-28 09:42 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 09:19 - 2014-08-28 09:13 - 116265320 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-08-28 08:58 - 2009-07-14 06:45 - 00428424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2011-10-28 11:37 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-27 23:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:35 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:36 - 2014-08-21 18:36 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Nero
2014-08-21 18:34 - 2014-03-21 20:39 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Apple Computer
2014-08-20 20:37 - 2013-02-01 11:52 - 00000000 ____D () C:\001-Daten
2014-08-19 22:53 - 2011-12-11 22:18 - 00000000 ____D () C:\Users\ConVo\AppData\Roaming\Skype
2014-08-19 22:33 - 2013-02-13 22:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-19 22:33 - 2011-12-11 22:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-19 20:05 - 2014-09-12 00:24 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-12 00:24 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-12 00:24 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-12 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-12 00:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-12 00:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-12 00:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-12 00:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-12 00:24 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-12 00:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-12 00:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-12 00:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-12 00:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-12 00:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-12 00:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-12 00:24 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-12 00:24 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-12 00:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-12 00:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-12 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-12 00:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-12 00:24 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-12 00:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-12 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-12 00:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-12 00:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-12 00:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-12 00:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-12 00:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-12 00:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-12 00:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-12 00:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-12 00:24 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-12 00:24 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-12 00:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-12 00:24 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-12 00:24 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-12 00:24 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-12 00:24 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-12 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:23 - 2014-09-12 00:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:22 - 2014-09-12 00:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-12 00:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-12 00:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-12 00:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-12 00:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-12 00:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-12 00:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-12 00:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-12 00:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-12 00:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-12 00:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-12 00:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-12 00:24 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:38 - 2014-09-12 00:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:36 - 2014-09-12 00:24 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 07:30 - 2013-04-07 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 07:28 - 2014-08-18 07:27 - 04813544 _____ (Piriform Ltd) C:\Users\Stephan\Downloads\ccsetup416.exe
2014-08-18 07:28 - 2013-12-22 17:13 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 07:28 - 2012-08-27 05:27 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-18 07:28 - 2012-08-27 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 07:28 - 2012-08-27 05:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 04:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 18:48 - 2014-03-21 20:47 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Google
2014-08-17 16:14 - 2014-03-21 20:39 - 00115344 _____ () C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\ConVo\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 20:19

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

vielen Dank und liebe Grüße

Petra

schrauber 16.09.2014 14:25
Java und Adobe updaten. Ordner Downloads leeren.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

petramueller 17.09.2014 20:25
Hallo Schrauber,

herzlichen Dank für die tolle Unterstützung.

Alles erledigt, alles wieder gut.

Liebe Grüße

Petra

schrauber 18.09.2014 13:50
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19