Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   easycalendar lässt sich nicht mehr aus Chrome entfernen (https://www.trojaner-board.de/172953-easycalendar-laesst-mehr-chrome-entfernen.html)

Stanzer 10.11.2015 21:32
easycalendar lässt sich nicht mehr aus Chrome entfernen
 
Liebe Trojaner-Boarder,

ich habe mir die "easycalendar" app in meinem Google-Chrome Browser eingefangen.
Ich habe sämtliche mir bekannten Freeware Programme zur Entfernung runtergeladen, aber leider erfolglos.
Im Chrome-Forum konnte mir keiner der dortigen Experten weiterhelfen.

Ich freue mich hier über Hilfe!!

Gruß & Dank
Samuel

cosinus 10.11.2015 22:09
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Stanzer 11.11.2015 10:53
Danke für die Antwort!
Werde mir äußerste Mühe geben!
Meine Programm-Oberfläche sieht ein wenig ander aus, als in deiner Anleitung. Ich hoffe ich habe die richtiges Files gefunden.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 11/11/2015 00:13, SYSTEM, STANZER, Scheduler, IP Database, 2015.11.9.2, 2015.11.10.1,
Protection, 11/11/2015 00:13, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 11/11/2015 00:13, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 11/11/2015 00:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 11/11/2015 00:15, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 11/11/2015 00:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 11/11/2015 00:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 11/11/2015 01:47, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.10.2, 2015.11.11.1,
Protection, 11/11/2015 01:47, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 11/11/2015 01:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 11/11/2015 01:51, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 11/11/2015 02:38, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 11/11/2015 02:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 11/11/2015 02:40, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 11/11/2015 03:11, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.11.1, 2015.11.11.2,
Update, 11/11/2015 03:11, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.10.8, 2015.11.11.1,
Protection, 11/11/2015 03:11, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 11/11/2015 03:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 11/11/2015 03:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 11/11/2015 03:47, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 11/11/2015 03:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 11/11/2015 03:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 11/11/2015 03:59, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.11.2, 2015.11.11.3,
Protection, 11/11/2015 04:00, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 11/11/2015 04:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 11/11/2015 04:01, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 11/11/2015 04:31, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 11/11/2015 04:31, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 11/11/2015 04:34, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 11/11/2015 05:59, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.11.3, 2015.11.11.4,
Protection, 11/11/2015 05:59, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 11/11/2015 05:59, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 11/11/2015 06:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 11/11/2015 06:44, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 11/11/2015 06:44, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 11/11/2015 06:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 11/11/2015 08:17, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.11.1, 2015.11.11.2,
Protection, 11/11/2015 08:17, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 11/11/2015 08:17, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 11/11/2015 08:21, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 11/11/2015 08:41, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 11/11/2015 08:41, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 11/11/2015 08:41, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,

(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 09/11/2015 09:26, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 09/11/2015 09:26, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 09/11/2015 09:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 09:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 09/11/2015 10:13, SYSTEM, STANZER, Scheduler, Remediation Database, 2015.11.4.1, 2015.11.8.2,
Update, 09/11/2015 10:13, SYSTEM, STANZER, Scheduler, IP Database, 2015.11.6.2, 2015.11.9.2,
Update, 09/11/2015 10:13, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.6.6, 2015.11.9.4,
Update, 09/11/2015 10:13, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.8.3, 2015.11.9.1,
Protection, 09/11/2015 10:13, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 10:13, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 10:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 10:16, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 10:16, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 10:17, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 09/11/2015 10:18, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50557, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:18, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50557, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:18, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50559, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:18, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 50578, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:18, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 50578, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:19, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50867, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:19, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 50877, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:22, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, afd.temperancetrolling.com, 51206, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:22, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, afd.temperancetrolling.com, 51206, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51294, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51295, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51296, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51297, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51299, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51297, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51301, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51381, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51382, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51383, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51384, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51385, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:23, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51386, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:24, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51439, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:24, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51443, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:24, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, afd.temperancetrolling.com, 51570, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:24, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, afd.temperancetrolling.com, 51596, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:25, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, afd.temperancetrolling.com, 51686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:25, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.35, hoy.licentiategubernatorial.com, 51691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:25, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51792, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:25, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51792, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51864, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51865, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51866, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51871, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51920, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51921, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51928, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51967, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51968, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 10:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 51977, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Update, 09/11/2015 11:16, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.9.1, 2015.11.9.2,
Protection, 09/11/2015 11:16, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 11:16, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 11:17, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 11:26, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 11:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 11:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 09/11/2015 14:10, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.9.2, 2015.11.9.3,
Protection, 09/11/2015 14:10, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 14:10, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 14:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 14:14, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 14:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 14:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 09/11/2015 17:12, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.9.3, 2015.11.9.4,
Protection, 09/11/2015 17:12, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 17:12, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 17:12, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 17:15, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 17:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 17:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 09/11/2015 19:05, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.9.4, 2015.11.9.5,
Update, 09/11/2015 19:05, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.9.4, 2015.11.9.5,
Protection, 09/11/2015 19:05, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 19:05, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 19:05, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 19:10, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 19:10, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 19:10, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 09/11/2015 20:10, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.9.5, 2015.11.9.6,
Protection, 09/11/2015 20:10, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 20:10, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 20:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 20:14, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 20:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 20:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 09/11/2015 21:11, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, cch.saintssatirist.com, 61768, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:11, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, cch.saintssatirist.com, 61768, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:11, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, cch.saintssatirist.com, 61769, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 61772, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 61772, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:12, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, cch.saintssatirist.com, 61817, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:12, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 61818, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 61977, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 61977, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, hoy.licentiategubernatorial.com, 62012, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, hoy.licentiategubernatorial.com, 62012, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 62020, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 62022, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, afd.temperancetrolling.com, 62023, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, afd.temperancetrolling.com, 62023, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, hoy.licentiategubernatorial.com, 62031, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 62037, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, hoy.licentiategubernatorial.com, 62041, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 62045, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, afd.temperancetrolling.com, 62046, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 62103, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 21:14, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.226, afd.temperancetrolling.com, 62104, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Update, 09/11/2015 21:17, SYSTEM, STANZER, Scheduler, Domain Database, 2015.11.9.6, 2015.11.9.7,
Protection, 09/11/2015 21:17, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 21:17, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 21:18, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 21:24, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 21:24, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 21:24, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Protection, 09/11/2015 21:36, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 09/11/2015 21:36, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 09/11/2015 21:36, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 21:37, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 09/11/2015 21:47, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 37.58.93.181, 41.teracreative.com, 49630, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 09/11/2015 21:47, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 37.58.93.181, 41.teracreative.com, 49630, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 09/11/2015 21:47, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 37.58.93.181, 41.teracreative.com, 49631, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 09/11/2015 21:47, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 37.58.93.181, 41.teracreative.com, 49634, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 09/11/2015 21:47, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 37.58.93.181, 41.teracreative.com, 49635, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Update, 09/11/2015 22:06, SYSTEM, STANZER, Manual, Malware Database, 2015.11.9.5, 2015.11.9.6,
Protection, 09/11/2015 22:06, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 22:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 22:07, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 22:08, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 22:08, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 22:36, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 09/11/2015 22:36, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 09/11/2015 22:36, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 22:37, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 09/11/2015 23:15, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.9.6, 2015.11.9.7,
Protection, 09/11/2015 23:15, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 09/11/2015 23:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 09/11/2015 23:15, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 09/11/2015 23:16, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 09/11/2015 23:16, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 09/11/2015 23:16, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, afd.temperancetrolling.com, 51626, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, afd.temperancetrolling.com, 51626, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, afd.temperancetrolling.com, 51627, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51635, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 51635, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 51636, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 51637, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 51640, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 51636, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 51646, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 51646, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 51665, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:46, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 51696, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 51765, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 51765, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 52.4.212.97, app.pckeeper.com, 51791, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 52.4.212.97, app.pckeeper.com, 51791, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 52.4.212.97, app.pckeeper.com, 51804, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 52.4.212.97, app.pckeeper.com, 51806, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 52.4.212.97, app.pckeeper.com, 51818, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 09/11/2015 23:53, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalBHO.dll, Quarantäne, [58a3bcbfb8d3a19556cd99ce966c16ea]
Detection, 09/11/2015 23:53, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalToolbar.dll, Quarantäne, [cc2fc9b23457d75f899ac6a10af83cc4]
Detection, 09/11/2015 23:53, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalButton.dll, Quarantäne, [65960378c4c7d36357cc590eed15e41c]
Detection, 09/11/2015 23:53, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalHelper.exe, Quarantäne, [9665007b6922a98d5fc4f67109f9946c]
Detection, 09/11/2015 23:53, SYSTEM, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\Downloader.exe, Quarantäne, [d4278dee85065ed8cf544d1a7e8420e0]
Detection, 09/11/2015 23:53, SYSTEM, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalBHO.dll, Quarantäne, [20dbb1ca3d4eb185cf54df88f111fa06]
Detection, 09/11/2015 23:53, SYSTEM, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalToolbar.dll, Quarantäne, [6a9134478a01092da2817aeded153cc4]
Detection, 09/11/2015 23:53, SYSTEM, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalButton.dll, Quarantäne, [e8135229eba05fd71b08521534cef907]
Detection, 09/11/2015 23:53, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalHelper.exe, Quarantäne, [9962e79491fa8da961c207608e74e917]
Detection, 09/11/2015 23:53, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\Downloader.exe, Quarantäne, [b645f388414a7cba7ca7d7900ff3b54b]
Detection, 09/11/2015 23:55, SYSTEM, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalBHO.dll, Quarantäne, [58a3bcbfb8d3a19556cd99ce966c16ea]
Detection, 09/11/2015 23:55, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalToolbar.dll, Quarantäne, [cc2fc9b23457d75f899ac6a10af83cc4]
Detection, 09/11/2015 23:55, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalButton.dll, Quarantäne, [65960378c4c7d36357cc590eed15e41c]
Detection, 09/11/2015 23:55, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\iGraalHelper.exe, Quarantäne, [9665007b6922a98d5fc4f67109f9946c]
Detection, 09/11/2015 23:56, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\Downloader.exe, Quarantäne, [d4278dee85065ed8cf544d1a7e8420e0]
Detection, 09/11/2015 23:56, SYSTEM, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalBHO.dll, Quarantäne, [20dbb1ca3d4eb185cf54df88f111fa06]
Detection, 09/11/2015 23:56, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalToolbar.dll, Quarantäne, [6a9134478a01092da2817aeded153cc4]
Detection, 09/11/2015 23:56, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalButton.dll, Quarantäne, [e8135229eba05fd71b08521534cef907]
Detection, 09/11/2015 23:56, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\iGraalHelper.exe, Quarantäne, [9962e79491fa8da961c207608e74e917]
Detection, 09/11/2015 23:56, Verena, STANZER, Protection, Malware-Schutz, Datei, PUP.Optional.iGraal, C:\Program Files\iGraal\Downloader.exe, Quarantäne, [b645f388414a7cba7ca7d7900ff3b54b]

(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 53494, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 53494, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, hoy.licentiategubernatorial.com, 53498, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 53529, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, hoy.licentiategubernatorial.com, 53530, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, afd.temperancetrolling.com, 53546, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, afd.temperancetrolling.com, 53547, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, afd.temperancetrolling.com, 53546, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 54.88.117.14, zd1.zeroredirect1.com, 53623, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 54.88.117.14, zd1.zeroredirect1.com, 53623, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 53633, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 53634, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 53633, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.74, go.padsdel.com, 53688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.74, go.padsdel.com, 53688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:40, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.74, go.padsdel.com, 53709, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:40, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.74, go.padsdel.com, 53710, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:40, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.74, go.padsdel.com, 53711, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:40, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.74, go.padsdel.com, 53715, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:41, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.72, go.padsdel.com, 53740, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:41, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.72, go.padsdel.com, 53740, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:41, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.72, go.padsdel.com, 53741, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:41, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.72, go.padsdel.com, 53742, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 53958, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 53959, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 53972, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 53972, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 53973, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 53975, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:46, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 53976, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54117, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54118, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54124, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54166, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54167, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:47, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54173, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 54247, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 54248, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54267, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54268, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54271, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54315, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 88.85.82.162, go.padsdel.com, 54316, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.73, go.padsdel.com, 54325, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 185.49.145.73, go.padsdel.com, 54325, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:54, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 134.213.3.139, www.tr553.com, 54607, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:54, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 134.213.3.139, www.tr553.com, 54607, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:54, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 134.213.3.139, www.tr553.com, 54608, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 134.213.3.139, www.tr553.com, 54609, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.209.115.238, www.tr553.com, 54725, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.209.115.238, www.tr553.com, 54725, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.209.115.238, www.tr553.com, 54726, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.209.115.238, www.tr553.com, 54727, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Update, 08/11/2015 11:05, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.7.5, 2015.11.8.2,
Protection, 08/11/2015 11:05, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 08/11/2015 11:05, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 08/11/2015 11:05, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 08/11/2015 11:09, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 08/11/2015 11:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 08/11/2015 11:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 08/11/2015 12:21, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.8.2, 2015.11.8.3,
Protection, 08/11/2015 12:21, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 08/11/2015 12:21, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 08/11/2015 12:22, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 08/11/2015 12:28, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 08/11/2015 12:28, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 08/11/2015 12:28, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 57668, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 57668, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 57669, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 57735, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:00, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 57736, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58041, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58041, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58070, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 58080, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 58080, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58084, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 58095, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58096, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58096, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58149, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:06, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58169, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:07, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58212, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:07, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58213, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:07, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58214, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:07, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 58228, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:07, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58229, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:08, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58276, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58347, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58348, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 58349, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 58355, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 58357, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 58355, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:09, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 58358, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 58584, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 08/11/2015 13:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 58586, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,

(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 07/11/2015 10:26, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 07/11/2015 10:26, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 07/11/2015 10:26, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Update, 07/11/2015 10:27, SYSTEM, STANZER, Manual, Remediation Database, 2015.9.16.1, 2015.11.4.1,
Update, 07/11/2015 10:27, SYSTEM, STANZER, Manual, Rootkit Database, 2015.9.18.1, 2015.11.4.2,
Update, 07/11/2015 10:27, SYSTEM, STANZER, Manual, Domain Database, 2015.9.22.3, 2015.11.6.6,
Update, 07/11/2015 10:27, SYSTEM, STANZER, Manual, IP Database, 2015.9.21.2, 2015.11.6.2,
Update, 07/11/2015 10:27, SYSTEM, STANZER, Manual, Malware Database, 2015.9.22.5, 2015.11.7.2,
Protection, 07/11/2015 10:27, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 07/11/2015 10:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Protection, 07/11/2015 10:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 07/11/2015 10:28, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 50436, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 50436, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 50437, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 50450, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:29, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.36, afd.temperancetrolling.com, 50451, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:43, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 50723, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:43, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 50724, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:43, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 50725, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:43, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, hoy.licentiategubernatorial.com, 50723, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 50860, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 50860, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 50862, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 50960, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 50960, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 51013, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 51014, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:48, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 51015, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 51074, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 51078, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, afd.temperancetrolling.com, 51080, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 51286, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 51287, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 51286, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 51288, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.37, afd.temperancetrolling.com, 51289, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51330, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51331, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51333, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51334, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51335, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51336, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 51330, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 51367, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 51368, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 51367, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 10:55, SYSTEM, STANZER, Protection, Malicious Website Protection, IP, 162.13.104.8, www.tr553.com, 51369, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 11:08, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.227, hes.themrbinman.com, 51622, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 11:08, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.227, hes.themrbinman.com, 51622, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Update, 07/11/2015 13:10, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.7.2, 2015.11.7.3,
Protection, 07/11/2015 13:10, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 07/11/2015 13:10, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 07/11/2015 13:11, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 07/11/2015 13:13, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 07/11/2015 13:13, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 07/11/2015 13:13, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 07/11/2015 13:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 54509, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 54509, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:49, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 54510, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:50, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.34, hoy.licentiategubernatorial.com, 54593, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:50, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 54597, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:50, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 54597, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:50, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 54598, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:50, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 54615, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:51, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 54682, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:51, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 54682, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:51, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 54683, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, afd.temperancetrolling.com, 54987, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, afd.temperancetrolling.com, 54987, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 55067, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 55069, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 55067, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 13:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.39, hoy.licentiategubernatorial.com, 55070, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Scan, 07/11/2015 13:59, SYSTEM, STANZER, Manual, Start: 07/11/2015 10:27, Dauer: 1 Std. 34 Min. 36 Sek., Bedrohungssuchlauf, Abgeschlossen, 3 Malware-Erkennung, 558 Nicht-Malware-Erkennungen,
Protection, 07/11/2015 14:19, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 07/11/2015 14:19, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 07/11/2015 14:19, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 07/11/2015 14:20, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 07/11/2015 22:24, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.7.3, 2015.11.7.5,
Protection, 07/11/2015 22:25, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 07/11/2015 22:25, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 07/11/2015 22:25, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 07/11/2015 22:27, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 07/11/2015 22:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 07/11/2015 22:27, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Detection, 07/11/2015 22:32, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 50404, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:32, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 50404, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:32, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 50407, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:32, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, hoy.licentiategubernatorial.com, 50419, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:32, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 37.58.102.32, hoy.licentiategubernatorial.com, 50419, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:33, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 50476, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:33, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 50476, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:33, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 50480, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:34, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 50627, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:34, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.227, hoy.licentiategubernatorial.com, 50634, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:34, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 8.34.112.227, hoy.licentiategubernatorial.com, 50634, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:36, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 50909, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:36, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 108.162.200.127, cdn.visadd.com, 50910, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:37, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 51039, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:37, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 51040, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:37, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 51044, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:38, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 104.197.47.161, www.tradeadexchange.com, 51049, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 51253, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 51253, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 07/11/2015 22:39, SYSTEM, STANZER, Protection, Malicious Website Protection, Domain, 192.95.15.192, a.visadd.com, 51336, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,

(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 07/11/2015
Suchlaufzeit: 13:10
Protokolldatei:
Administrator: Ja

Version: 0.0.0.0000
Malware-Datenbank: v2015.11.07.03
Rootkit-Datenbank: v2015.11.04.02
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Verena

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 500078
Abgelaufene Zeit: 1 Std., 34 Min., 36 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Die genannten Programme
Avira Anti-Virus

Emsisoft Anti Malware

ESET Online Scan
Habe ich noch nicht auf meinem System. Soll ich diese noch installieren?

Gruß & Dank
Samuel

Log Datei vom Avast Browser Cleanup:

Code:
11.11.2015 10:50:42 (TID: 10228)
Product version: 10.4.2233.107
11.11.2015 10:50:42
BCUEngine version : 10.1.0.733
ProductLanguage  : de
OSLanguage        : en-gb
Location          : en-gb
OSType            : 6.2
IsStandalone      : 1
PartnerId        : 752
Priority          : 10
Microsoft IE
        Install Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
        Version: 9.11.9600.18053
Mozilla Firefox Browser
        Browser not found
Google Chrome Browser
        Version: 46.0.2490.80
        Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Profile Path: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\
Google Chrome Profiles
        Name: Default Path: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default
11.11.2015 10:50:45 (TID: 5312)
Product version: 10.4.2233.107
11.11.2015 10:50:45
BCUEngine version : 10.1.0.733
ProductLanguage  : de
OSLanguage        : en-gb
Location          : en-gb
OSType            : 6.2
IsStandalone      : 1
PartnerId        : 752
Priority          : 10
Microsoft IE
        Install Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
        Version: 9.11.9600.18053
Mozilla Firefox Browser
        Browser not found
Google Chrome Browser
        Version: 46.0.2490.80
        Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Profile Path: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\
Google Chrome Profiles
        Name: Default Path: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default
Google Chrome
        Homepages
                Profile: Default
                Url    : https://www.google.de/
        Search Engines
                Profile: Default
                Name  : Google
                Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
                Name  : Google
                Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
Google Chrome
        Extensions
                Profile: Default
                        ID: aapocclcgogkmnckokdopfmhonfmgoek Name: Google Präsentationen
                        ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs
                        ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen
                        ID: jcgcoifbkbphhjnekfkmohklfaimhikk Name: EasyCalendar
                        ID: lifbcibllhkdhoafpjfnlhfpfgnpldfl Name: Skype Click to Call
Microsoft IE
        Homepages
                Profile: HKCU
                Url    : hxxp://about:blank
        Search Engines
                Profile: HKCU
                Name  : Google
                Url    : https://www.google.com/search?trackid=sp-004752&q={searchTerms}
BCURequest:
        GlobalStat
                ProductLanguage : de
                EngineVersion  : 10.1.0.733
                OSLanguage      : en-gb
                Location        : en-gb
                OSType          : 6.2
                IsStandalone    : 1
                Version        : 10.4.2233.107
                PartnerId      : 752
                Priority        : 10
                AvastProductType: 56
                DefaultBrowser  : CHROMEHTML
        Google Chrome:
                IsDefault: 1
                Rank: 16
                Homepages
                        Url: https://www.google.de/
                Search Engines
                        Name : Google
                        Url  : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
                Extensions
                        ID: aapocclcgogkmnckokdopfmhonfmgoek Name: Google Präsentationen

                        ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs

                        ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen

                        ID: jcgcoifbkbphhjnekfkmohklfaimhikk Name: EasyCalendar

                        ID: lifbcibllhkdhoafpjfnlhfpfgnpldfl Name: Skype Click to Call

        Microsoft IE:
                IsDefault: 0
                Rank: 158
                Homepages
                        Url: hxxp://about:blank
                Search Engines
                        Name : Google
                        Url  : https://www.google.com/search?trackid=sp-004752&q={searchTerms}
                Extensions
                        ID: {02bcc737-b171-4746-94c9-0d8a0b2c0089} Name: Microsoft Office Template and Media Control

                        ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document

                        ID: {2670000a-7350-4f3c-8081-5663ee0c6c49} Name: Send to OneNote from Internet Explorer button

                        ID: {2933bf90-7b36-11d2-b20e-00c04f983e60} Name: XML DOM Document

                        ID: {6bf52a52-394a-11d3-b153-00c04f79faa6} Name: Windows Media Player

                        ID: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} Name: Java(tm) Plug-In SSV Helper

                        ID: {789fe86f-6fc4-46a1-9849-ede0db0c95ca} Name: Linked Notes button

                        ID: {8856f961-340a-11d0-a96b-00c04fd705a2} Name: Microsoft Web Browser

                        ID: {898ea8c8-e7ff-479b-8935-aec46303b9e5} Name: Skype Click to Call settings

                        ID: {aa609d72-8482-4076-8991-8cdae5b93bcb} Name: Samsung BHO Class

                        ID: {b4f3a835-0e21-4959-ba22-42b3008e02ff} Name: Office Document Cache Handler

                        ID: {ca8a9780-280d-11cf-a24d-444553540000} Name: Adobe PDF Reader

                        ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object

                        ID: {dbc80044-a445-435b-bc74-9c25c1c588a9} Name: Java(tm) Plug-In 2 SSV Helper

                        ID: {dfeaf541-f3e1-4c24-acac-99c30715084a} Name: Microsoft Silverlight

                        ID: {ed8c108e-4349-11d2-91a4-00c04f7969e8} Name: XML HTTP Request

                        ID: {f37c7f06-0b23-4ad1-9160-1cc285a5e9ec} Name: Easy Capture Manager Print

                        ID: {f6d90f11-9c73-11d3-b32e-00c04f990bb4} Name: XML DOM Document

BCUResponse:
        BCUConfig
                CacheIntervalNeg : 604800
                CacheIntervalPos : 604800
                CmsTimeout      : 15000
        TemplateId: TPL_RADIO
        OfferId  : ID_DE_DE_YB_RB_V10_PAID
                UseCorporate    : FALSE
        BCUProviders
                ID: TPL_YAHOO9_DE        Name: Yahoo! (Avast)
                ID: PID_BING04_PAID_ALL        Name: Bing (by Microsoft)
                ID: PID_GOOGLE_ALL_PAID        Name: Google
                ID: PID_WOLFRAM_ALL_PAID        Name: Wolfram Alpha
                ID: PID_KEEPEXISTING        Name: Keep Existing (not recommended)
        Google Chrome:
                IsProviderModified: 0
                Extensions
                        ID: aapocclcgogkmnckokdopfmhonfmgoek Rating: 4 InternalId: 1000
                        ID: aohghmighlieiainnegkcijnfilokake Rating: 4 InternalId: 1000
                        ID: felcaaldnbdncclmgdcncolpebgiejap Rating: 4 InternalId: 1000
                        ID: jcgcoifbkbphhjnekfkmohklfaimhikk Rating: 1 InternalId: 1000
                        ID: lifbcibllhkdhoafpjfnlhfpfgnpldfl Rating: 3 InternalId: 1000
                Search Engine:
                        Name: Google
                        Url : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
        Microsoft IE:
                IsProviderModified: 0
                Extensions
                        ID: {02bcc737-b171-4746-94c9-0d8a0b2c0089} Rating: 5 InternalId: 2191
                        ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Rating: 4 InternalId: 2191
                        ID: {2670000a-7350-4f3c-8081-5663ee0c6c49} Rating: 5 InternalId: 5300
                        ID: {2933bf90-7b36-11d2-b20e-00c04f983e60} Rating: 5 InternalId: 2191
                        ID: {6bf52a52-394a-11d3-b153-00c04f79faa6} Rating: 5 InternalId: 5300
                        ID: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} Rating: 4 InternalId: 8000
                        ID: {789fe86f-6fc4-46a1-9849-ede0db0c95ca} Rating: 5 InternalId: 2217
                        ID: {8856f961-340a-11d0-a96b-00c04fd705a2} Rating: 5 InternalId: 8000
                        ID: {898ea8c8-e7ff-479b-8935-aec46303b9e5} Rating: 3 InternalId: 5000
                        ID: {aa609d72-8482-4076-8991-8cdae5b93bcb} Rating: 5 InternalId: 8000
                        ID: {b4f3a835-0e21-4959-ba22-42b3008e02ff} Rating: 5 InternalId: 2191
                        ID: {ca8a9780-280d-11cf-a24d-444553540000} Rating: 5 InternalId: 8000
                        ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Rating: 5 InternalId: 2081
                        ID: {dbc80044-a445-435b-bc74-9c25c1c588a9} Rating: 4 InternalId: 8000
                        ID: {dfeaf541-f3e1-4c24-acac-99c30715084a} Rating: 5 InternalId: 5200
                        ID: {ed8c108e-4349-11d2-91a4-00c04f7969e8} Rating: 5 InternalId: 5000
                        ID: {f37c7f06-0b23-4ad1-9160-1cc285a5e9ec} Rating: 5 InternalId: 8000
                        ID: {f6d90f11-9c73-11d3-b32e-00c04f990bb4} Rating: 5 InternalId: 5200
                Search Engine:
                        Name: Google
                        Url : https://www.google.com/search?trackid=sp-004752&q={searchTerms}
Detected a potential browser protector:AE9F86A00E94A05A80BCE3FB04DEAB2FD58B32DA26242673E807240371E4E82F {
  "runKeys" : {
      "lexwareinfoservice" : {
        "FileInfo" : {
            "CompanyName" : "Haufe-Lexware GmbH & Co. KG",
            "FileDescription" : "Lexware Info Service Assistent",
            "FileVersion" : "4.0.0.77",
            "Path" : "c:\\program files (x86)\\lexware\\update manager\\lxupdatemanager.exe",
            "ProductVersion" : "4.0.0.77",
            "sha256" : "1E7EEC86A23B2509891706DEBEE7CE03C73BBEFF589595F2059B76122C59799B"
        },
        "RegKey" : "hklm\\software\\microsoft\\windows\\currentversion\\run\\lexwareinfoservice=c:\\program files (x86)\\lexware\\update manager\\lxupdatemanager.exe"
      }
  }
}

Detected a potential browser protector:B99A135ADB0A3E6B6419BE083B3AB027C39636BBEE436D229B72F37E993B7D10 {
  "uninstallInfo" : {
      "samsung easy printer manager" : {
        "DisplayName" : "samsung easy printer manager",
        "FileInfo" : {
            "FileDescription" : "Uninstaller Module",
            "FileVersion" : "1.0.0.2",
            "Path" : "c:\\program files (x86)\\samsung\\easy printer manager\\uninst.exe",
            "ProductVersion" : "1.0.0.2",
            "sha256" : "83DE377E860BB7F9D623607CDE6EE65E031737B00A1A5AEC9086E3572E79F38B"
        },
        "Publisher" : "samsung electronics co., ltd."
      }
  }
}

Detected a potential browser protector:2BA9FE1E5006AED3D3AF15F0326F9D4DB7C0497392A837B286783E7A34324920 {
  "Services" : {
      "esgiguard" : {
        "Description" : "",
        "DisplayName" : "esgiguard",
        "FileInfo" : {
            "CompanyName" : "Enigma Software Group USA, LLC.",
            "FileDescription" : "Execution Guard",
            "FileVersion" : "1.1.43.44",
            "Path" : "c:\\program files\\enigma software group\\spyhunter\\esgiguard.sys",
            "ProductVersion" : "4.18.2.4344",
            "sha256" : "7A591CD484B92A88C01F6FA309BECD9D56B4EDE05875427D0D6CAF25E286D860"
        }
      },
      "spyhunter 4 service" : {
        "Description" : "spyhunter 4 helper service",
        "DisplayName" : "spyhunter 4 service",
        "FileInfo" : {
            "CompanyName" : "Enigma Software Group USA, LLC.",
            "FileDescription" : "Service scanner interface",
            "FileVersion" : "1.1.45.33",
            "Path" : "c:\\program files\\enigma software group\\spyhunter\\sh4service.exe",
            "ProductVersion" : "4.20.9.4533",
            "sha256" : "F5CB4D9045C67DE22DFE1D82553F0E15AA53617D005EF329E0756DAA720D6C7D"
        }
      }
  }
}

Detected a potential browser protector:35ABD06A33C12DD67EACEA0E83E70050E8FE1B34F1F244462EFEFE78F8D9D850 {
  "Services" : {
      "lavasoftadawareservice11" : {
        "Description" : "helps protect users from malware and other potentially unwanted software",
        "DisplayName" : "ad-aware service 11",
        "FileInfo" : {
            "Path" : "c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.8.586.8535\\adawareservice.exe",
            "sha256" : "4C941A3E6537CECCD0EB2056C5251E308EDB04165F107498714B360296E36195"
        }
      }
  },
  "runKeys" : {
      "adawaretray" : {
        "FileInfo" : {
            "Path" : "c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.8.586.8535\\adawaretray.exe",
            "sha256" : "1D784D46EC5790B347E15860DFD80EE7DAF7951EEEEDB15DA099C44A33ED5C2A"
        },
        "RegKey" : "hklm\\software\\microsoft\\windows\\currentversion\\run\\adawaretray=c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.8.586.8535\\adawaretray.exe"
      }
  },
  "runningProcess" : {
      "adawaredesktop.exe" : {
        "Path" : "c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.8.586.8535\\adawaredesktop.exe",
        "sha256" : "07853AE84E7CEDE98B88F9C2D7B7A888BF72157F340B1CEA3F97548D649E3F47"
      },
      "adawaretray.exe" : {
        "Path" : "c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.8.586.8535\\adawaretray.exe",
        "sha256" : "1D784D46EC5790B347E15860DFD80EE7DAF7951EEEEDB15DA099C44A33ED5C2A"
      }
  }
}

Detected a potential browser protector:E1DEEE2A5B441F58C6FE81EED9F2359F294E41F971ABDFFBF73BD543B5FC4D4C {
  "Services" : {
      "bdfndisf" : {
        "Description" : "@oem8.inf,%bdfndisf_desc%;bitdefender firewall ndis 6 filter driver",
        "DisplayName" : "@oem8.inf,%bdfndisf_desc%;bitdefender firewall ndis 6 filter driver",
        "FileInfo" : {
            "CompanyName" : "BitDefender LLC",
            "FileDescription" : "BitDefender Firewall NDIS6 Filter Driver",
            "FileVersion" : "7.0.0.8",
            "Path" : "c:\\program files\\lavasoft\\ad-aware antivirus\\firewall engine\\1.6.0.0\\drivers\\bdfndisf6.sys",
            "ProductVersion" : "7.0.0.8",
            "sha256" : "EAC1780FCA264EFA36FEDAFEF676594D11BDD0C00998C5EBB86F2F21012E71B7"
        }
      },
      "bdfwfpf" : {
        "Description" : "",
        "DisplayName" : "bdfwfpf",
        "FileInfo" : {
            "CompanyName" : "BitDefender LLC",
            "FileDescription" : "BitDefender Firewall WFP Filter Driver",
            "FileVersion" : "7.0.0.8 built by: WinDDK",
            "Path" : "c:\\program files\\lavasoft\\ad-aware antivirus\\firewall engine\\1.6.0.0\\drivers\\bdfwfpf.sys",
            "ProductVersion" : "7.0.0.8",
            "sha256" : "932260AB126523428B884034162E3619E1B7FA13720F830783B592AAE825AC86"
        }
      }
  }
}

                Profile: Default
Microsoft IE
        Extensions
                ID: {02bcc737-b171-4746-94c9-0d8a0b2c0089} Name: Microsoft Office Template and Media Control
                ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document
                ID: {2670000a-7350-4f3c-8081-5663ee0c6c49} Name: Send to OneNote from Internet Explorer button
                ID: {2933bf90-7b36-11d2-b20e-00c04f983e60} Name: XML DOM Document
                ID: {6bf52a52-394a-11d3-b153-00c04f79faa6} Name: Windows Media Player
                ID: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} Name: Java(tm) Plug-In SSV Helper
                ID: {789fe86f-6fc4-46a1-9849-ede0db0c95ca} Name: Linked Notes button
                ID: {8856f961-340a-11d0-a96b-00c04fd705a2} Name: Microsoft Web Browser
                ID: {898ea8c8-e7ff-479b-8935-aec46303b9e5} Name: Skype Click to Call settings
                ID: {aa609d72-8482-4076-8991-8cdae5b93bcb} Name: Samsung BHO Class
                ID: {b4f3a835-0e21-4959-ba22-42b3008e02ff} Name: Office Document Cache Handler
                ID: {ca8a9780-280d-11cf-a24d-444553540000} Name: Adobe PDF Reader
                ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object
                ID: {dbc80044-a445-435b-bc74-9c25c1c588a9} Name: Java(tm) Plug-In 2 SSV Helper
                ID: {dfeaf541-f3e1-4c24-acac-99c30715084a} Name: Microsoft Silverlight
                ID: {ed8c108e-4349-11d2-91a4-00c04f7969e8} Name: XML HTTP Request
                ID: {f37c7f06-0b23-4ad1-9160-1cc285a5e9ec} Name: Easy Capture Manager Print
                ID: {f6d90f11-9c73-11d3-b32e-00c04f990bb4} Name: XML DOM Document
        Search Engines
                Profile: Default
                Name  : Google
                Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
                Name  : Google
                Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
        Search Engines
                Profile: HKCU
                Name  : Google
                Url    : https://www.google.com/search?trackid=sp-004752&q={searchTerms}

Stanzer 11.11.2015 10:56
Log-Datei vom Toolbar Terminator

Code:
2015-11-05 23:18:52,551 AbSettings.G -Logger Initialized
2015-11-05 23:18:53,038 AbSettings.G -Logger initialized
2015-11-05 23:18:53,039 AbSettings.G -Initialization of log4net took -772 milliseconds
2015-11-05 23:18:53,042 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: TTBG Logging initialized!
2015-11-05 23:18:53,309 AbSettings.G -Logger Initialized
2015-11-05 23:18:53,580 AbSettings.G -Logger initialized
2015-11-05 23:18:53,580 AbSettings.G -Initialization of log4net took -411 milliseconds
2015-11-05 23:18:53,584 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: ToolbarTerminator Version: 3.0
2015-11-05 23:18:53,656 AbSettings.G -[Method CheckShippedPlist]: [Method get_Instance]: Reading info.plist from zipped data file.
2015-11-05 23:18:55,694 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: InfoVersion = 18
2015-11-05 23:19:05,872 AbSettings.G -[Method InitApp]: [Method InitApp]: System: Microsoft Windows 8.1, x64bit
2015-11-05 23:19:05,872 AbSettings.G -[Method InitApp]: [Method InitApp]: Starting toolbar scan...
2015-11-05 23:19:05,880 AbSettings.G -[Method Application_Startup]: [Method Application_Startup]: Verbinden
2015-11-05 23:19:05,890 AbSettings.G -[Method InitApp]: [Method Application_Startup]: Logging initialize
2015-11-05 23:19:05,962 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Loading toolbar definitions...
2015-11-05 23:19:06,934 AbSettings.G -[Method ShowAppWindow]: [Method ShowAppWindow]: MainWindow constructor called after static initialization: 532ms
2015-11-05 23:19:08,976 AbSettings.G -[Method .cctor]: [Method .cctor]: Checking Firefox installation
2015-11-05 23:19:08,976 AbSettings.G -[Method .cctor]: [Method .cctor]: No Firefox installation found. #2
2015-11-05 23:19:09,007 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Firefox installation
2015-11-05 23:19:09,007 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Firefox installation found. #2
2015-11-05 23:19:09,054 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Chrome installation
2015-11-05 23:19:10,070 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Toolbar definitions loaded.
2015-11-05 23:19:10,179 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Found Chrome Plugin in registry: jdkokpcldhneihjdhigfjmoeojkdcbmg
2015-11-05 23:19:10,289 AbSettings.G -[Method GetIeHomepage]: [Method GetIeHomepage]: Checking IE installation
2015-11-05 23:19:10,371 AbSettings.G -[Method WorkerThreadStart]: [Method _PrivateProcessMessage]: User has administrator privileges.
2015-11-05 23:19:10,545 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for Web Cake Deals: HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\7C4656C3061F7F4C0D67B319A855F60EBC11FC44
2015-11-05 23:19:11,084 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for Plus-HD: HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider
2015-11-05 23:19:12,156 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Ask.com Toolbar: C:\ProgramData\APN
2015-11-05 23:19:13,298 AbSettings.G -[Method <InitiateApiCall>b__1]: [Method <InitiateApiCall>b__1]: Response: <xml>
  <!--TextMessage>Response from API-Textmessage</TextMessage-->
  <AnalyticsSaved success="true"></AnalyticsSaved>
  <Promotions>
    <Promo>
      <image>https://abelssoft.de/api/promo/picolino_9.90.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-pic</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/smideohd_50.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-smideo</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiBrowserSpy_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_abs_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiLogger_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_anl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Artipic_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_api_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/checkdrive_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_chk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/CryptBox_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_cbx_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/EverDoc_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_evd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/GoogleClean_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_gcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/KeyDepot_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_key_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/mp3cutter_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_m3s_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/MyKeyFinder_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_mfk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/RegistryCleaner_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_rcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Schirmfoto_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sft_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/SSD_Fresh_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_ssd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/StartupStar_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sta_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Tagman_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_tam_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <ignoredPromo>toolbar</ignoredPromo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/WashAndGo_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_wgo_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
  </Promotions>
</xml>
2015-11-05 23:19:13,360 AbSettings.G -[Method HandleCommands]: [Method HandleCommands]: Skipping Promos, just installed
2015-11-05 23:19:13,407 AbSettings.G -[Method Call]: [Method Call]: Last API Call made at 05/11/2015 23:19:13
2015-11-05 23:19:13,579 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for IMinent Toolbar: HKEY_CURRENT_USER\Software\Iminent
2015-11-05 23:19:13,688 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for IMinent Toolbar: C:\Program Files (x86)\Iminent
2015-11-05 23:19:14,126 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Umbrella: C:\Program Files (x86)\Common Files\Umbrella
2015-11-05 23:19:22,139 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Executing Command RetrieveRegistrySubkeysCommand.
2015-11-05 23:19:22,148 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Number of Subkeys: 5855
2015-11-05 23:19:22,166 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKCU: 2
2015-11-05 23:19:22,166 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKLM: 5855
2015-11-05 23:19:22,364 AbSettings.G -[Method FindSearchProvider]: [Method ScanAction]: Found IE Search Scope "SearchTheWeb"
2015-11-05 23:19:22,364 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found IE Search Scope "SearchTheWeb"
2015-11-05 23:19:22,364 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Found IE Plugin: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
2015-11-05 23:19:22,595 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: FirefoxScanner
2015-11-05 23:19:22,597 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ChromeScanner
2015-11-05 23:19:22,620 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: SystemScanner
2015-11-05 23:19:22,621 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ShortcutScanner
2015-11-05 23:19:22,634 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: AutostartScanner
2015-11-05 23:19:22,768 AbSettings.G -[Method Completed]: [Method Completed]: Toolbar scan endet.
2015-11-05 23:19:23,217 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: IeScanner
2015-11-05 23:21:35,415 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY In die Zwischenablage kopiert NOT SET! Replacing with DefaultValue In die Zwischenablage kopiert
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Das Setup kann die Schriftarten nur mit Administrator Rechten reparieren. Bitte erlauben Sie die Reparatur. NOT SET! Replacing with DefaultValue Das Setup kann die Schriftarten nur mit Administrator Rechten reparieren. Bitte erlauben Sie die Reparatur.
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Eine Schriftart auf Ihrem System scheint defekt zu sein: {0}. Versuchen, diese zu reparieren? NOT SET! Replacing with DefaultValue Eine Schriftart auf Ihrem System scheint defekt zu sein: {0}. Versuchen, diese zu reparieren?
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Es werden gerade Wartungsarbeiten am Server durchgeführt. Die Anwendung funktioniert evtl. momentan nicht. NOT SET! Replacing with DefaultValue Es werden gerade Wartungsarbeiten am Server durchgeführt. Die Anwendung funktioniert evtl. momentan nicht.
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Kommentar NOT SET! Replacing with DefaultValue Kommentar
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Diesen Kommentar hinzufügen NOT SET! Replacing with DefaultValue Diesen Kommentar hinzufügen
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Bitte geben Sie uns Hinweise, wie wir den Fehler reproduzieren können. NOT SET! Replacing with DefaultValue Bitte geben Sie uns Hinweise, wie wir den Fehler reproduzieren können.
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Kommentar wurde hinzugefügt. Jetzt abschicken? NOT SET! Replacing with DefaultValue Kommentar wurde hinzugefügt. Jetzt abschicken?
2015-11-05 23:21:35,430 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Wenn Ihnen das Programm gefällt, zeigen Sie dies doch auf unserer Facebook Seite.  NOT SET! Replacing with DefaultValue Wenn Ihnen das Programm gefällt, zeigen Sie dies doch auf unserer Facebook Seite.
2015-11-05 23:21:35,446 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Schließen NOT SET! Replacing with DefaultValue Schließen
2015-11-05 23:21:35,446 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Wollen sie ihren Computer wirklich neu starten? NOT SET! Replacing with DefaultValue Wollen sie ihren Computer wirklich neu starten?
2015-11-05 23:21:35,493 AbSettings.G -[Method showLiteRegDialog]: [Method m_window_Loaded]: System.Threading.Timer is initialized
2015-11-05 23:21:35,493 AbSettings.G -[Method InvokeHandlersImpl]: [Method InvokeHandlersImpl]: MainWindow Loaded finished after calling Regscreen-Test after: 90ms (False)
2015-11-05 23:22:00,610 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking IE installation
2015-11-05 23:22:00,624 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking Firefox installation
2015-11-05 23:22:00,626 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: No Firefox installation found. #2
2015-11-05 23:22:00,643 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking Chrome installation
2015-11-05 23:22:00,666 AbSettings.G -[Method RunInternal]: [Method RunInternal]: Starting toolbar removal...
2015-11-05 23:22:00,749 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Looking for jdkokpcldhneihjdhigfjmoeojkdcbmg Directory...
2015-11-05 23:22:01,647 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jdkokpcldhneihjdhigfjmoeojkdcbmg -> True
2015-11-05 23:22:01,652 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:01,660 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,663 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,663 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,667 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jdkokpcldhneihjdhigfjmoeojkdcbmg -> False
2015-11-05 23:22:02,684 AbSettings.G -[Method DeleteRegKey]: [Method Remove]: Setting RegistryKey ACL for HKEY_CURRENT_USER\Software\Iminent
2015-11-05 23:22:02,794 AbSettings.G -[Method GrantAccess]: [Method DeleteRegKey]: Setting RegistryKey ACL for HKEY_CURRENT_USER\Software\Iminent\SearchTheWeb
2015-11-05 23:22:02,796 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\Software\Iminent -> True
2015-11-05 23:22:02,796 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\Software\IminentToolbar -> True
2015-11-05 23:22:02,816 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Iminent -> True
2015-11-05 23:22:02,818 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,818 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,835 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,835 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,843 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\IminentToolbar -> True
2015-11-05 23:22:02,855 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,855 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,863 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Loader -> True
2015-11-05 23:22:02,890 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,890 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,898 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Users\Verena\AppData\Roaming\IminentToolbar
2015-11-05 23:22:02,905 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,906 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,912 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Users\Verena\AppData\Roaming\Iminent
2015-11-05 23:22:02,922 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,922 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,929 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Users\Verena\AppData\Local\Iminent
2015-11-05 23:22:02,937 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,937 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,950 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Program Files (x86)\IminentToolbar
2015-11-05 23:22:02,962 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,962 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,969 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Program Files\IminentToolbar
2015-11-05 23:22:02,979 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,980 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:02,990 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\ProgramData\Iminent
2015-11-05 23:22:02,999 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:02,999 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,006 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programs\Iminent
2015-11-05 23:22:03,192 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,192 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,198 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Removing RegKey IE Search Scope "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
2015-11-05 23:22:03,199 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting File/Directory C:\Program Files (x86)\Iminent
2015-11-05 23:22:03,199 AbSettings.G -[Method DeleteRegKey]: [Method Remove]: Setting RegistryKey ACL for HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2015-11-05 23:22:03,205 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Removing RegKey IE Search Scope "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}"
2015-11-05 23:22:03,210 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Deleting Directory C:\Program Files (x86)\Iminent
2015-11-05 23:22:03,227 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,227 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,235 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} -> True
2015-11-05 23:22:03,250 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope -> True
2015-11-05 23:22:03,253 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,253 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,270 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,270 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,272 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope -> True
2015-11-05 23:22:03,280 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Removing IE Class Registration {84FF7BD6-B47F-46F8-9130-01B2696B36CB}
2015-11-05 23:22:03,319 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,319 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,320 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> True
2015-11-05 23:22:03,334 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,335 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,335 AbSettings.G -[Method RemoveStuff]: [Method RemoveStuff]: Removing IE Extension {84FF7BD6-B47F-46F8-9130-01B2696B36CB}
2015-11-05 23:22:03,339 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> True
2015-11-05 23:22:03,353 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,353 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,354 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> True
2015-11-05 23:22:03,371 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,371 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,371 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Removing IE BHO {84FF7BD6-B47F-46F8-9130-01B2696B36CB}
2015-11-05 23:22:03,382 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> True
2015-11-05 23:22:03,391 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> True
2015-11-05 23:22:03,393 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,393 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,415 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,416 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,416 AbSettings.G -[Method RemoveStuff]: [Method RemoveStuff]: Removing IE Toolbar {84FF7BD6-B47F-46F8-9130-01B2696B36CB}
2015-11-05 23:22:03,419 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> True
2015-11-05 23:22:03,435 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,436 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,436 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> False
2015-11-05 23:22:03,450 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> False
2015-11-05 23:22:03,454 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,454 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,492 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL -> True
2015-11-05 23:22:03,496 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,497 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,523 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,524 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,530 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} -> True
2015-11-05 23:22:03,701 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} -> True
2015-11-05 23:22:03,702 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,703 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,773 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,774 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,781 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} -> True
2015-11-05 23:22:03,799 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,800 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,808 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} -> True
2015-11-05 23:22:03,889 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,889 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:03,901 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api -> True
2015-11-05 23:22:03,934 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:03,934 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,815 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api.1 -> True
2015-11-05 23:22:04,852 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,852 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,858 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers -> True
2015-11-05 23:22:04,890 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,890 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,906 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers.1 -> True
2015-11-05 23:22:04,918 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,918 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,925 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} -> True
2015-11-05 23:22:04,936 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,937 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,949 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer -> True
2015-11-05 23:22:04,957 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,957 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,961 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WEBCAKE_DESKTOP_UPDATER -> True
2015-11-05 23:22:04,976 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WebCakeUpdaterService -> True
2015-11-05 23:22:04,976 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,977 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,993 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:04,993 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:04,993 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBCAKE_DESKTOP_UPDATER -> True
2015-11-05 23:22:05,008 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService -> True
2015-11-05 23:22:05,010 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:05,012 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:05,047 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:22:05,048 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:22:05,048 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL -> True
2015-11-05 23:22:05,049 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} -> True
2015-11-05 23:22:05,050 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} -> True
2015-11-05 23:22:05,051 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} -> True
2015-11-05 23:22:05,051 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} -> True
2015-11-05 23:22:05,055 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Api -> True
2015-11-05 23:22:05,056 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Api.1 -> True
2015-11-05 23:22:05,057 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Layers -> True
2015-11-05 23:22:05,058 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegKey HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\7C4656C3061F7F4C0D67B319A855F60EBC11FC44 -> True
2015-11-05 23:22:05,060 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Layers.1 -> True
2015-11-05 23:22:05,060 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} -> False
2015-11-05 23:22:05,061 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Tarma Installer -> True
2015-11-05 23:22:05,061 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\ControlSet001\Enum\Root\LEGACY_WEBCAKE_DESKTOP_UPDATER -> False
2015-11-05 23:22:05,061 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\ControlSet001\Services\Eventlog\Application\WebCakeUpdaterService -> False
2015-11-05 23:22:05,061 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\ControlSet001\Services\WebCake Desktop Updater -> False
2015-11-05 23:22:05,062 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBCAKE_DESKTOP_UPDATER -> False
2015-11-05 23:22:05,062 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService -> False
2015-11-05 23:22:05,062 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater -> True
2015-11-05 23:22:05,062 AbSettings.G -[Method DeleteRegKey]: [Method Remove]: Setting RegistryKey ACL for HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\7C4656C3061F7F4C0D67B319A855F60EBC11FC44
2015-11-05 23:22:05,065 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\7C4656C3061F7F4C0D67B319A855F60EBC11FC44 -> True
2015-11-05 23:22:05,065 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USERS\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL -> False
2015-11-05 23:22:05,066 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} -> True
2015-11-05 23:22:05,067 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} -> True
2015-11-05 23:22:05,068 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} -> True
2015-11-05 23:22:05,068 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} -> True
2015-11-05 23:22:05,069 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Api -> True
2015-11-05 23:22:05,072 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Api.1 -> True
2015-11-05 23:22:05,073 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Layers -> True
2015-11-05 23:22:05,074 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Classes\WebCakeIEClient.Layers.1 -> True
2015-11-05 23:22:05,074 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} -> False
2015-11-05 23:22:05,075 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SOFTWARE\Tarma Installer -> True
2015-11-05 23:22:05,075 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\ControlSet001\Enum\Root\LEGACY_WEBCAKE_DESKTOP_UPDATER -> False
2015-11-05 23:22:05,075 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\ControlSet001\Services\Eventlog\Application\WebCakeUpdaterService -> False
2015-11-05 23:22:05,075 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBCAKE_DESKTOP_UPDATER -> False
2015-11-05 23:22:05,075 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService -> False
2015-11-05 23:22:05,075 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater -> True
2015-11-05 23:22:05,076 AbSettings.G -[Method RemoveStuff]: [Method <Remove>b__c]: Deleting RegKey HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\7C4656C3061F7F4C0D67B319A855F60EBC11FC44 -> True
2015-11-05 23:22:05,104 AbSettings.G -[Method <Remove>b__c]: [Method <Remove>b__c]: Toolbar removal endet.
2015-11-05 23:22:05,109 AbSettings.G -[Method ResetHomepage]: [Method ResetHomepage]: Checking Chrome installation
2015-11-05 23:22:05,269 AbSettings.G -[Method IsBrowserInstalled]: [Method IsBrowserInstalled]: Checking IE installation
2015-11-05 23:22:05,273 AbSettings.G -[Method <Remove>b__c]: [Method <Remove>b__c]: System: Microsoft Windows 8.1, x64bit
2015-11-05 23:22:05,273 AbSettings.G -[Method <Remove>b__c]: [Method <Remove>b__c]: Starting toolbar scan...
2015-11-05 23:22:05,274 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Firefox installation
2015-11-05 23:22:05,275 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Firefox installation found. #2
2015-11-05 23:22:05,276 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: FirefoxScanner
2015-11-05 23:22:05,276 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Chrome installation
2015-11-05 23:22:05,302 AbSettings.G -[Method GetIeHomepage]: [Method GetIeHomepage]: Checking IE installation
2015-11-05 23:22:05,302 AbSettings.G -[Method WorkerThreadStart]: [Method _PrivateProcessMessage]: User has administrator privileges.
2015-11-05 23:22:05,829 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: ChromeScanner
2015-11-05 23:22:06,014 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: AutostartScanner
2015-11-05 23:22:06,055 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for Plus-HD: HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider
2015-11-05 23:22:06,175 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: IeScanner
2015-11-05 23:22:07,074 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Ask.com Toolbar: C:\ProgramData\APN
2015-11-05 23:22:08,553 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for IMinent Toolbar: HKEY_CURRENT_USER\Software\Iminent
2015-11-05 23:22:09,053 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Umbrella: C:\Program Files (x86)\Common Files\Umbrella
2015-11-05 23:22:09,083 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: ShortcutScanner
2015-11-05 23:22:10,583 AbSettings.G -[Method Completed]: [Method Completed]: Toolbar scan endet.
2015-11-05 23:22:10,583 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: SystemScanner
2015-11-05 23:22:10,601 AbSettings.G -[Method <ShowRemovalResult>b__7]: [Method InvokeMethod]: System.Threading.Timer is initialized
2015-11-05 23:22:28,635 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking IE installation
2015-11-05 23:22:28,639 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking Firefox installation
2015-11-05 23:22:28,640 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: No Firefox installation found. #2
2015-11-05 23:22:28,641 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking Chrome installation
2015-11-05 23:22:28,654 AbSettings.G -[Method RunInternal]: [Method RunInternal]: Starting toolbar removal...
2015-11-05 23:22:28,658 AbSettings.G -[Method <Remove>b__c]: [Method <Remove>b__c]: Toolbar removal endet.
2015-11-05 23:22:28,658 AbSettings.G -[Method ResetHomepage]: [Method ResetHomepage]: Checking Chrome installation
2015-11-05 23:22:28,804 AbSettings.G -[Method IsBrowserInstalled]: [Method IsBrowserInstalled]: Checking IE installation
2015-11-05 23:23:26,270 AbSettings.G -[Method RunInternal]: [Method Run]: Removing Autostart for "ReimageUpdater"
2015-11-05 23:23:26,978 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:23:26,979 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:23:27,420 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: AutostartScanner
2015-11-05 23:24:04,384 AbSettings.G -[Method RunInternal]: [Method Run]: Removing Autostart for "HDAudDeck"
2015-11-05 23:24:04,416 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:24:04,417 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:24:04,417 AbSettings.G -[Method RunInternal]: [Method Run]: Removing Autostart for "mbot_de_014010123"
2015-11-05 23:24:04,424 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HDAudDeck -> True
2015-11-05 23:24:04,440 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mbot_de_014010123 -> True
2015-11-05 23:24:04,441 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:24:04,442 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:24:04,442 AbSettings.G -[Method RunInternal]: [Method Run]: Removing Autostart for "rec_en_77"
2015-11-05 23:24:04,466 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:24:04,466 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:24:04,467 AbSettings.G -[Method RunInternal]: [Method Run]: Removing Autostart for "gmsd_de_005010123"
2015-11-05 23:24:04,471 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rec_en_77 -> True
2015-11-05 23:24:04,486 AbSettings.G -[Method <Init>b__0]: System.FormatException, Die Eingabe ist keine gültige Base-64-Zeichenfolge, da sie ein Nicht-Base-64-Zeichen, mehr als zwei Leerstellen oder in den Leerstellen ein Zeichen enthält, das ungültig ist.
2015-11-05 23:24:04,486 AbSettings.G -[Method <Init>b__0]:    bei System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
  bei System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
  bei System.Convert.FromBase64String(String s)
  bei AbAdminService.AdminHelper.DeserializeString(String serializedObject)
2015-11-05 23:24:04,490 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Delete RegValue HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\gmsd_de_005010123 -> True
2015-11-05 23:24:04,927 AbSettings.G -[Method Run]: [Method Run]: Completed Scan: AutostartScanner
2015-11-05 23:24:24,516 AbSettings.G -[Method Invoke]: [Method Invoke]: Exit ToolbarTerminator
2015-11-05 23:25:18,371 AbSettings.G -Logger Initialized
2015-11-05 23:25:18,434 AbSettings.G -Logger initialized
2015-11-05 23:25:18,434 AbSettings.G -Initialization of log4net took -562 milliseconds
2015-11-05 23:25:18,434 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: TTBG Logging initialized!
2015-11-05 23:25:21,793 AbSettings.G -Logger Initialized
2015-11-05 23:25:21,856 AbSettings.G -Logger initialized
2015-11-05 23:25:21,856 AbSettings.G -Initialization of log4net took 407 milliseconds
2015-11-05 23:25:21,856 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: ToolbarTerminator Version: 3.0
2015-11-05 23:25:21,887 AbSettings.G -[Method CheckShippedPlist]: [Method get_Instance]: Reading info.plist from zipped data file.
2015-11-05 23:25:22,185 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: InfoVersion = 18
2015-11-05 23:25:24,683 AbSettings.G -[Method RunInternal]: [Method RunInternal]: Response: <xml>
  <!--TextMessage>Response from API-Textmessage</TextMessage-->
  <AnalyticsSaved success="true"></AnalyticsSaved>
  <Promotions>
    <Promo>
      <image>https://abelssoft.de/api/promo/picolino_9.90.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-pic</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/smideohd_50.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-smideo</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiBrowserSpy_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_abs_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiLogger_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_anl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Artipic_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_api_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/checkdrive_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_chk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/CryptBox_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_cbx_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/EverDoc_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_evd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/GoogleClean_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_gcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/KeyDepot_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_key_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/mp3cutter_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_m3s_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/MyKeyFinder_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_mfk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/RegistryCleaner_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_rcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Schirmfoto_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sft_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/SSD_Fresh_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_ssd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/StartupStar_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sta_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Tagman_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_tam_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <ignoredPromo>toolbar</ignoredPromo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/WashAndGo_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_wgo_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
  </Promotions>
</xml>
2015-11-05 23:25:24,730 AbSettings.G -[Method HandleCommands]: [Method HandleCommands]: Skipping Promos, just installed
2015-11-05 23:25:24,761 AbSettings.G -[Method Call]: [Method Call]: Last API Call made at 05/11/2015 23:25:24
2015-11-05 23:26:26,072 AbSettings.G -Logger Initialized
2015-11-05 23:26:26,388 AbSettings.G -Logger initialized
2015-11-05 23:26:26,388 AbSettings.G -Initialization of log4net took -511 milliseconds
2015-11-05 23:26:26,391 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: TTBG Logging initialized!
2015-11-05 23:26:28,936 AbSettings.G -Logger Initialized
2015-11-05 23:26:29,057 AbSettings.G -Logger initialized
2015-11-05 23:26:29,058 AbSettings.G -Initialization of log4net took -117 milliseconds
2015-11-05 23:26:29,059 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: ToolbarTerminator Version: 3.0
2015-11-05 23:26:29,100 AbSettings.G -[Method CheckShippedPlist]: [Method get_Instance]: Reading info.plist from zipped data file.
2015-11-05 23:26:29,553 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: InfoVersion = 18
2015-11-05 23:26:32,077 AbSettings.G -[Method InitApp]: [Method InitApp]: System: Microsoft Windows 8.1, x64bit
2015-11-05 23:26:32,077 AbSettings.G -[Method InitApp]: [Method InitApp]: Starting toolbar scan...
2015-11-05 23:26:32,082 AbSettings.G -[Method Application_Startup]: [Method Application_Startup]: Verbinden
2015-11-05 23:26:32,092 AbSettings.G -[Method InitApp]: [Method Application_Startup]: Logging initialize
2015-11-05 23:26:32,110 AbSettings.G -[Method ShowAppWindow]: [Method ShowAppWindow]: MainWindow constructor called after static initialization: 522ms
2015-11-05 23:26:32,563 AbSettings.G -[Method <InitiateApiCall>b__1]: [Method <InitiateApiCall>b__1]: Response: <xml>
  <!--TextMessage>Response from API-Textmessage</TextMessage-->
  <Promotions>
    <Promo>
      <image>https://abelssoft.de/api/promo/picolino_9.90.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-pic</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/smideohd_50.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-smideo</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiBrowserSpy_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_abs_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiLogger_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_anl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Artipic_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_api_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/checkdrive_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_chk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/CryptBox_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_cbx_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/EverDoc_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_evd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/GoogleClean_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_gcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/KeyDepot_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_key_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/mp3cutter_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_m3s_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/MyKeyFinder_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_mfk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/RegistryCleaner_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_rcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Schirmfoto_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sft_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/SSD_Fresh_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_ssd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/StartupStar_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sta_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Tagman_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_tam_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <ignoredPromo>toolbar</ignoredPromo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/WashAndGo_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_wgo_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
  </Promotions>
</xml>
2015-11-05 23:26:32,672 AbSettings.G -[Method HandleCommands]: [Method HandleCommands]: Skipping Promos, just installed
2015-11-05 23:26:32,813 AbSettings.G -[Method Call]: [Method Call]: Last API Call made at 05/11/2015 23:26:32
2015-11-05 23:26:33,180 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Loading toolbar definitions...
2015-11-05 23:26:34,266 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Toolbar definitions loaded.
2015-11-05 23:26:34,869 AbSettings.G -[Method InvokeHandlersImpl]: [Method InvokeHandlersImpl]: MainWindow Loaded finished after calling Regscreen-Test after: 281ms (False)
2015-11-05 23:26:35,127 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for Plus-HD: HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider
2015-11-05 23:26:35,471 AbSettings.G -[Method .cctor]: [Method .cctor]: Checking Firefox installation
2015-11-05 23:26:35,472 AbSettings.G -[Method .cctor]: [Method .cctor]: No Firefox installation found. #2
2015-11-05 23:26:35,486 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Firefox installation
2015-11-05 23:26:35,487 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Firefox installation found. #2
2015-11-05 23:26:35,508 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Chrome installation
2015-11-05 23:26:36,105 AbSettings.G -[Method GetIeHomepage]: [Method GetIeHomepage]: Checking IE installation
2015-11-05 23:26:36,162 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: FirefoxScanner
2015-11-05 23:26:36,217 AbSettings.G -[Method WorkerThreadStart]: [Method _PrivateProcessMessage]: User has administrator privileges.
2015-11-05 23:26:36,319 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Ask.com Toolbar: C:\ProgramData\APN
2015-11-05 23:26:36,909 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ChromeScanner
2015-11-05 23:26:38,247 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for IMinent Toolbar: HKEY_CURRENT_USER\Software\Iminent
2015-11-05 23:26:38,761 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Umbrella: C:\Program Files (x86)\Common Files\Umbrella
2015-11-05 23:26:42,747 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: SystemScanner
2015-11-05 23:26:42,802 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: AutostartScanner
2015-11-05 23:26:43,604 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ShortcutScanner
2015-11-05 23:32:48,696 AbSettings.G -[Method Invoke]: [Method Invoke]: Exit ToolbarTerminator
2015-11-05 23:52:18,995 AbSettings.G -Logger Initialized
2015-11-05 23:52:19,073 AbSettings.G -Logger initialized
2015-11-05 23:52:19,073 AbSettings.G -Initialization of log4net took -593 milliseconds
2015-11-05 23:52:19,073 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: ToolbarTerminator Version: 3.0
2015-11-05 23:52:19,135 AbSettings.G -[Method CheckShippedPlist]: [Method get_Instance]: Reading info.plist from zipped data file.
2015-11-05 23:52:19,432 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: InfoVersion = 18
2015-11-05 23:52:22,870 AbSettings.G -[Method InitApp]: [Method InitApp]: System: Microsoft Windows 8.1, x64bit
2015-11-05 23:52:22,870 AbSettings.G -[Method InitApp]: [Method InitApp]: Starting toolbar scan...
2015-11-05 23:52:22,886 AbSettings.G -[Method Application_Startup]: [Method Application_Startup]: Verbinden
2015-11-05 23:52:22,886 AbSettings.G -[Method InitApp]: [Method Application_Startup]: Logging initialize
2015-11-05 23:52:22,917 AbSettings.G -[Method ShowAppWindow]: [Method ShowAppWindow]: MainWindow constructor called after static initialization: 892ms
2015-11-05 23:52:23,354 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Loading toolbar definitions...
2015-11-05 23:52:23,573 AbSettings.G -[Method <InitiateApiCall>b__1]: [Method <InitiateApiCall>b__1]: Response: <xml>
  <!--TextMessage>Response from API-Textmessage</TextMessage-->
  <Promotions>
    <Promo>
      <image>https://abelssoft.de/api/promo/picolino_9.90.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-pic</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/smideohd_50.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-smideo</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiBrowserSpy_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_abs_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiLogger_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_anl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Artipic_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_api_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/checkdrive_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_chk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/CryptBox_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_cbx_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/EverDoc_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_evd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/GoogleClean_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_gcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/KeyDepot_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_key_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/mp3cutter_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_m3s_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/MyKeyFinder_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_mfk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/RegistryCleaner_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_rcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Schirmfoto_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sft_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/SSD_Fresh_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_ssd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/StartupStar_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sta_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Tagman_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_tam_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <ignoredPromo>toolbar</ignoredPromo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/WashAndGo_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_wgo_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
  </Promotions>
</xml>
2015-11-05 23:52:23,620 AbSettings.G -[Method HandleCommands]: [Method HandleCommands]: Skipping Promos, just installed
2015-11-05 23:52:23,636 AbSettings.G -[Method Call]: [Method Call]: Last API Call made at 05/11/2015 23:52:23
2015-11-05 23:52:23,951 AbSettings.G -[Method .cctor]: [Method .cctor]: Checking Firefox installation
2015-11-05 23:52:23,951 AbSettings.G -[Method .cctor]: [Method .cctor]: No Firefox installation found. #2
2015-11-05 23:52:23,982 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Firefox installation
2015-11-05 23:52:23,982 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Firefox installation found. #2
2015-11-05 23:52:23,998 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Chrome installation
2015-11-05 23:52:24,354 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Toolbar definitions loaded.
2015-11-05 23:52:24,537 AbSettings.G -[Method GetIeHomepage]: [Method GetIeHomepage]: Checking IE installation
2015-11-05 23:52:24,537 AbSettings.G -[Method WorkerThreadStart]: [Method _PrivateProcessMessage]: User doesn't have administrator privileges.
2015-11-05 23:52:24,949 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for Plus-HD: HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider
2015-11-05 23:52:25,717 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Ask.com Toolbar: C:\ProgramData\APN
2015-11-05 23:52:26,970 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted RegKey for IMinent Toolbar: HKEY_CURRENT_USER\Software\Iminent
2015-11-05 23:52:27,423 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKCU: 2
2015-11-05 23:52:27,423 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKLM: 5853
2015-11-05 23:52:27,423 AbSettings.G -[Method ScanAction]: [Method WorkerThreadStart]: Found unwanted file/directory for Umbrella: C:\Program Files (x86)\Common Files\Umbrella
2015-11-05 23:52:27,454 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Executing Command RetrieveRegistrySubkeysCommand.
2015-11-05 23:52:27,454 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Number of Subkeys: 5853
2015-11-05 23:52:29,365 AbSettings.G -[Method InvokeHandlersImpl]: [Method InvokeHandlersImpl]: MainWindow Loaded finished after calling Regscreen-Test after: 262ms (False)
2015-11-05 23:52:31,045 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: FirefoxScanner
2015-11-05 23:52:31,058 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ChromeScanner
2015-11-05 23:52:31,058 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: IeScanner
2015-11-05 23:52:31,113 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: SystemScanner
2015-11-05 23:52:31,148 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: AutostartScanner
2015-11-05 23:52:33,287 AbSettings.G -[Method Completed]: [Method Completed]: Toolbar scan endet.
2015-11-05 23:52:34,007 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ShortcutScanner
2015-11-05 23:52:56,321 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking IE installation
2015-11-05 23:52:56,332 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking Firefox installation
2015-11-05 23:52:56,333 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: No Firefox installation found. #2
2015-11-05 23:52:56,342 AbSettings.G -[Method IsBrowserActive]: [Method IsBrowserActive]: Checking Chrome installation
2015-11-05 23:52:56,360 AbSettings.G -[Method RunInternal]: [Method RunInternal]: Starting toolbar removal...
2015-11-05 23:52:57,137 AbSettings.G -[Method <Remove>b__c]: [Method <Remove>b__c]: Toolbar removal endet.
2015-11-05 23:52:57,141 AbSettings.G -[Method ResetHomepage]: [Method ResetHomepage]: Checking Chrome installation
2015-11-05 23:52:57,376 AbSettings.G -[Method IsBrowserInstalled]: [Method IsBrowserInstalled]: Checking IE installation
2015-11-06 00:01:07,016 AbSettings.G -[Method Invoke]: [Method Invoke]: Exit ToolbarTerminator
2015-11-09 22:04:13,323 AbSettings.G -Logger Initialized
2015-11-09 22:04:13,416 AbSettings.G -Logger initialized
2015-11-09 22:04:13,416 AbSettings.G -Initialization of log4net took -540 milliseconds
2015-11-09 22:04:13,416 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: ToolbarTerminator Version: 3.0
2015-11-09 22:04:13,651 AbSettings.G -[Method CheckShippedPlist]: [Method get_Instance]: Reading info.plist from zipped data file.
2015-11-09 22:04:13,963 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: InfoVersion = 18
2015-11-09 22:04:18,989 AbSettings.G -[Method InitApp]: [Method InitApp]: System: Microsoft Windows 8.1, x64bit
2015-11-09 22:04:18,989 AbSettings.G -[Method InitApp]: [Method InitApp]: Starting toolbar scan...
2015-11-09 22:04:18,989 AbSettings.G -[Method Application_Startup]: [Method Application_Startup]: Verbinden
2015-11-09 22:04:18,989 AbSettings.G -[Method InitApp]: [Method Application_Startup]: Logging initialize
2015-11-09 22:04:19,004 AbSettings.G -[Method ShowAppWindow]: [Method ShowAppWindow]: MainWindow constructor called after static initialization: 785ms
2015-11-09 22:04:20,457 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Loading toolbar definitions...
2015-11-09 22:04:21,410 AbSettings.G -[Method .cctor]: [Method .cctor]: Checking Firefox installation
2015-11-09 22:04:21,410 AbSettings.G -[Method .cctor]: [Method .cctor]: No Firefox installation found. #2
2015-11-09 22:04:21,425 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Firefox installation
2015-11-09 22:04:21,425 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Firefox installation found. #2
2015-11-09 22:04:21,441 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Chrome installation
2015-11-09 22:04:21,441 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Chrome installation found. #1
2015-11-09 22:04:21,457 AbSettings.G -[Method GetIeHomepage]: [Method GetIeHomepage]: Checking IE installation
2015-11-09 22:04:21,923 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Toolbar definitions loaded.
2015-11-09 22:04:22,085 AbSettings.G -[Method WorkerThreadStart]: [Method _PrivateProcessMessage]: User doesn't have administrator privileges.
2015-11-09 22:04:22,839 AbSettings.G -[Method InvokeHandlersImpl]: [Method InvokeHandlersImpl]: MainWindow Loaded finished after calling Regscreen-Test after: 617ms (False)
2015-11-09 22:04:23,632 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: FirefoxScanner
2015-11-09 22:04:23,633 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ChromeScanner
2015-11-09 22:04:24,915 AbSettings.G -[Method <InitiateApiCall>b__1]: [Method <InitiateApiCall>b__1]: Response: <xml>
  <!--TextMessage>Response from API-Textmessage</TextMessage-->
  <AnalyticsSaved success="true"></AnalyticsSaved>
  <Promotions>
    <Promo>
      <image>https://abelssoft.de/api/promo/picolino_9.90.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-pic</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/smideohd_50.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-smideo</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiBrowserSpy_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_abs_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiLogger_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_anl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Artipic_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_api_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/checkdrive_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_chk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/CryptBox_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_cbx_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/EverDoc_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_evd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/GoogleClean_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_gcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/KeyDepot_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_key_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/mp3cutter_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_m3s_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/MyKeyFinder_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_mfk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/RegistryCleaner_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_rcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Schirmfoto_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sft_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/SSD_Fresh_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_ssd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/StartupStar_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sta_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Tagman_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_tam_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <ignoredPromo>toolbar</ignoredPromo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/WashAndGo_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_wgo_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
  </Promotions>
</xml>
2015-11-09 22:04:25,252 AbSettings.G -[Method Call]: [Method Call]: Last API Call made at 09/11/2015 22:04:25
2015-11-09 22:04:26,909 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ShortcutScanner
2015-11-09 22:04:27,072 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: AutostartScanner
2015-11-09 22:04:27,348 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: SystemScanner
2015-11-09 22:04:27,425 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Executing Command RetrieveRegistrySubkeysCommand.
2015-11-09 22:04:27,426 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKCU: 2
2015-11-09 22:04:27,426 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKLM: 5850
2015-11-09 22:04:27,427 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Number of Subkeys: 5850
2015-11-09 22:04:27,498 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY In die Zwischenablage kopiert NOT SET! Replacing with DefaultValue In die Zwischenablage kopiert
2015-11-09 22:04:27,499 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Das Setup kann die Schriftarten nur mit Administrator Rechten reparieren. Bitte erlauben Sie die Reparatur. NOT SET! Replacing with DefaultValue Das Setup kann die Schriftarten nur mit Administrator Rechten reparieren. Bitte erlauben Sie die Reparatur.
2015-11-09 22:04:27,501 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Eine Schriftart auf Ihrem System scheint defekt zu sein: {0}. Versuchen, diese zu reparieren? NOT SET! Replacing with DefaultValue Eine Schriftart auf Ihrem System scheint defekt zu sein: {0}. Versuchen, diese zu reparieren?
2015-11-09 22:04:27,502 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Es werden gerade Wartungsarbeiten am Server durchgeführt. Die Anwendung funktioniert evtl. momentan nicht. NOT SET! Replacing with DefaultValue Es werden gerade Wartungsarbeiten am Server durchgeführt. Die Anwendung funktioniert evtl. momentan nicht.
2015-11-09 22:04:27,503 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Kommentar NOT SET! Replacing with DefaultValue Kommentar
2015-11-09 22:04:27,504 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Diesen Kommentar hinzufügen NOT SET! Replacing with DefaultValue Diesen Kommentar hinzufügen
2015-11-09 22:04:27,506 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Bitte geben Sie uns Hinweise, wie wir den Fehler reproduzieren können. NOT SET! Replacing with DefaultValue Bitte geben Sie uns Hinweise, wie wir den Fehler reproduzieren können.
2015-11-09 22:04:27,507 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Kommentar wurde hinzugefügt. Jetzt abschicken? NOT SET! Replacing with DefaultValue Kommentar wurde hinzugefügt. Jetzt abschicken?
2015-11-09 22:04:27,510 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Wenn Ihnen das Programm gefällt, zeigen Sie dies doch auf unserer Facebook Seite.  NOT SET! Replacing with DefaultValue Wenn Ihnen das Programm gefällt, zeigen Sie dies doch auf unserer Facebook Seite.
2015-11-09 22:04:27,515 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Schließen NOT SET! Replacing with DefaultValue Schließen
2015-11-09 22:04:27,520 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Wollen sie ihren Computer wirklich neu starten? NOT SET! Replacing with DefaultValue Wollen sie ihren Computer wirklich neu starten?
2015-11-09 22:04:27,551 AbSettings.G -[Method <HandleElementPromotions>b__c]: [Method InvokeMethod]: System.Threading.Timer is initialized
2015-11-09 22:04:27,927 AbSettings.G -[Method Completed]: [Method Completed]: Toolbar scan endet.
2015-11-09 22:04:28,155 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: IeScanner
2015-11-09 22:05:54,810 AbSettings.G -[Method Invoke]: [Method Invoke]: Exit ToolbarTerminator
2015-11-11 10:53:50,875 AbSettings.G -Logger Initialized
2015-11-11 10:53:50,953 AbSettings.G -Logger initialized
2015-11-11 10:53:50,953 AbSettings.G -Initialization of log4net took 531 milliseconds
2015-11-11 10:53:50,953 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: ToolbarTerminator Version: 3.0
2015-11-11 10:53:51,125 AbSettings.G -[Method CheckShippedPlist]: [Method get_Instance]: Reading info.plist from zipped data file.
2015-11-11 10:53:51,500 AbSettings.G -[Method <.ctor>b__1]: [Method <.ctor>b__1]: InfoVersion = 18
2015-11-11 10:54:01,894 AbSettings.G -[Method InitApp]: [Method InitApp]: System: Microsoft Windows 8.1, x64bit
2015-11-11 10:54:01,894 AbSettings.G -[Method InitApp]: [Method InitApp]: Starting toolbar scan...
2015-11-11 10:54:01,894 AbSettings.G -[Method Application_Startup]: [Method Application_Startup]: Verbinden
2015-11-11 10:54:01,909 AbSettings.G -[Method InitApp]: [Method Application_Startup]: Logging initialize
2015-11-11 10:54:01,925 AbSettings.G -[Method ShowAppWindow]: [Method ShowAppWindow]: MainWindow constructor called after static initialization: 919ms
2015-11-11 10:54:01,940 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Loading toolbar definitions...
2015-11-11 10:54:02,868 AbSettings.G -[Method .cctor]: [Method .cctor]: Checking Firefox installation
2015-11-11 10:54:02,955 AbSettings.G -[Method .cctor]: [Method .cctor]: No Firefox installation found. #2
2015-11-11 10:54:02,969 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Firefox installation
2015-11-11 10:54:02,970 AbSettings.G -[Method ScanAction]: [Method ScanAction]: No Firefox installation found. #2
2015-11-11 10:54:02,984 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Checking Chrome installation
2015-11-11 10:54:03,113 AbSettings.G -[Method get_Definitions]: [Method get_Definitions]: Toolbar definitions loaded.
2015-11-11 10:54:03,858 AbSettings.G -[Method GetIeHomepage]: [Method GetIeHomepage]: Checking IE installation
2015-11-11 10:54:03,874 AbSettings.G -[Method WorkerThreadStart]: [Method _PrivateProcessMessage]: User doesn't have administrator privileges.
2015-11-11 10:54:05,068 AbSettings.G -[Method <InitiateApiCall>b__1]: [Method <InitiateApiCall>b__1]: Response: <xml>
  <!--TextMessage>Response from API-Textmessage</TextMessage-->
  <AnalyticsSaved success="true"></AnalyticsSaved>
  <Promotions>
    <Promo>
      <image>https://abelssoft.de/api/promo/picolino_9.90.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-pic</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/smideohd_50.png</image>
      <target>https://shop.abelssoft.de/angebote.php?angebot=cross-smideo</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiBrowserSpy_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_abs_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/AntiLogger_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_anl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Artipic_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_api_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/checkdrive_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_chk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/CryptBox_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_cbx_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/EverDoc_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_evd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/GoogleClean_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_gcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/KeyDepot_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_key_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/mp3cutter_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_m3s_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/MyKeyFinder_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_mfk_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/RegistryCleaner_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_rcl_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Schirmfoto_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sft_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/SSD_Fresh_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_ssd_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/StartupStar_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_sta_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/Tagman_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_tam_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
    <ignoredPromo>toolbar</ignoredPromo>
    <Promo>
      <image>https://abelssoft.de/api/promo/de/WashAndGo_de.png</image>
      <target>https://go.abelssoft.de/prod_intern_wgo_de</target>
      <from>11.03.2013</from>
      <until>30.12.2018</until>
    </Promo>
  </Promotions>
</xml>
2015-11-11 10:54:05,319 AbSettings.G -[Method Call]: [Method Call]: Last API Call made at 11/11/2015 10:54:05
2015-11-11 10:54:09,153 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Executing Command RetrieveRegistrySubkeysCommand.
2015-11-11 10:54:09,153 AbSettings.G -[Method _PrivateProcessMessage]: [Method _PrivateProcessMessage]: Admin-Log: Number of Subkeys: 5853
2015-11-11 10:54:10,004 AbSettings.G -[Method InvokeHandlersImpl]: [Method InvokeHandlersImpl]: MainWindow Loaded finished after calling Regscreen-Test after: 996ms (False)
2015-11-11 10:54:10,913 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: FirefoxScanner
2015-11-11 10:54:10,914 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ChromeScanner
2015-11-11 10:54:11,178 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY In die Zwischenablage kopiert NOT SET! Replacing with DefaultValue In die Zwischenablage kopiert
2015-11-11 10:54:11,179 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Das Setup kann die Schriftarten nur mit Administrator Rechten reparieren. Bitte erlauben Sie die Reparatur. NOT SET! Replacing with DefaultValue Das Setup kann die Schriftarten nur mit Administrator Rechten reparieren. Bitte erlauben Sie die Reparatur.
2015-11-11 10:54:11,181 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Eine Schriftart auf Ihrem System scheint defekt zu sein: {0}. Versuchen, diese zu reparieren? NOT SET! Replacing with DefaultValue Eine Schriftart auf Ihrem System scheint defekt zu sein: {0}. Versuchen, diese zu reparieren?
2015-11-11 10:54:11,183 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Es werden gerade Wartungsarbeiten am Server durchgeführt. Die Anwendung funktioniert evtl. momentan nicht. NOT SET! Replacing with DefaultValue Es werden gerade Wartungsarbeiten am Server durchgeführt. Die Anwendung funktioniert evtl. momentan nicht.
2015-11-11 10:54:11,186 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Kommentar NOT SET! Replacing with DefaultValue Kommentar
2015-11-11 10:54:11,187 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Diesen Kommentar hinzufügen NOT SET! Replacing with DefaultValue Diesen Kommentar hinzufügen
2015-11-11 10:54:11,188 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Bitte geben Sie uns Hinweise, wie wir den Fehler reproduzieren können. NOT SET! Replacing with DefaultValue Bitte geben Sie uns Hinweise, wie wir den Fehler reproduzieren können.
2015-11-11 10:54:11,190 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Kommentar wurde hinzugefügt. Jetzt abschicken? NOT SET! Replacing with DefaultValue Kommentar wurde hinzugefügt. Jetzt abschicken?
2015-11-11 10:54:11,194 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Wenn Ihnen das Programm gefällt, zeigen Sie dies doch auf unserer Facebook Seite.  NOT SET! Replacing with DefaultValue Wenn Ihnen das Programm gefällt, zeigen Sie dies doch auf unserer Facebook Seite.
2015-11-11 10:54:11,207 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Schließen NOT SET! Replacing with DefaultValue Schließen
2015-11-11 10:54:11,213 AbSettings.G -[Method Fill]: [Method CreateInstance]: PROPERTY Wollen sie ihren Computer wirklich neu starten? NOT SET! Replacing with DefaultValue Wollen sie ihren Computer wirklich neu starten?
2015-11-11 10:54:11,253 AbSettings.G -[Method <HandleElementPromotions>b__c]: [Method InvokeMethod]: System.Threading.Timer is initialized
2015-11-11 10:54:11,267 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: SystemScanner
2015-11-11 10:54:11,496 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKCU: 2
2015-11-11 10:54:11,496 AbSettings.G -[Method ScanAction]: [Method ScanAction]: Number of Subkeys HKLM: 5853
2015-11-11 10:54:11,999 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: IeScanner
2015-11-11 10:54:13,108 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: AutostartScanner
2015-11-11 10:54:15,416 AbSettings.G -[Method Completed]: [Method Completed]: Toolbar scan endet.
2015-11-11 10:54:16,647 AbSettings.G -[Method TryCatchWhen]: [Method TryCatchWhen]: Completed Scan: ShortcutScanner

Stanzer 11.11.2015 20:39
Und hier die Ergebnisse vom Scan mit Farbar's Recovery Scan Tool (FRST)

FRST.txt ist:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
durchgeführt von Verena (Administrator) auf STANZER (11-11-2015 20:25:29)
Gestartet von C:\Users\Verena\AppData\Local\Microsoft\Windows\INetCache\IE\2PTMEHQS
Geladene Profile: Verena (Verfügbare Profile: Verena & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Ascora GmbH) C:\Program Files (x86)\ToolbarTerminator\AbAdminService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AVAST Software) C:\Users\Verena\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-27]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKU\S-1-5-21-2984353058-443001783-614742438-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8F730AD0-818D-493B-A178-B5676DF2C8FA}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F401B118-9576-46B2-B5D4-50DDA14CC7D1}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2984353058-443001783-614742438-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-004752
HKU\S-1-5-21-2984353058-443001783-614742438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://about:blank
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.reimageplus.com/?sp=reimb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2013-02-18] (Sun Microsystems, Inc.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll [2011-04-22] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2013-02-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> Kein Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} -  Keine Datei
IE Session Restore: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> ist aktiviert.
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2013-02-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden

Chrome:
=======
CHR Profile: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google-Suche) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Tabellen) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (EasyCalendar) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-11-11]
CHR Extension: (Skype Click to Call) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Google Mail) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AbAdminService; C:\Program Files (x86)\ToolbarTerminator\AbAdminService.exe [34568 2015-08-19] (Ascora GmbH)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-08-14] (Freemake) [Datei ist nicht signiert]
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [14848 2013-10-10] (Haufe-Lexware GmbH & Co. KG) [Datei ist nicht signiert]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2013-08-16] (Haufe-Lexware GmbH & Co. KG) [Datei ist nicht signiert]
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2012-05-11] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-11-09] (Enigma Software Group USA, LLC.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-12-08] (Samsung Electronics)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-11-09] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-09] ()
R1 Eve; C:\Windows\system32\DRIVERS\eve.sys [41304 2015-01-21] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-02] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-11 20:24 - 2015-11-11 20:25 - 00000000 ____D C:\FRST
2015-11-11 07:13 - 2015-11-11 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 23:55 - 2015-11-10 23:55 - 00000077 _____ C:\WINDOWS\setupact.log
2015-11-10 23:55 - 2015-11-10 23:55 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-10 23:54 - 2015-11-10 23:54 - 00000324 _____ C:\WINDOWS\PFRO.log
2015-11-10 22:56 - 2015-11-10 22:56 - 00003188 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_IEXPLORE.EXE
2015-11-10 00:26 - 2015-11-10 00:26 - 00000000 ____D C:\Users\Verena\AppData\LocalLow\PaybackToolbar32
2015-11-10 00:26 - 2015-11-10 00:26 - 00000000 ____D C:\Program Files (x86)\Payback
2015-11-09 23:53 - 2015-11-10 00:32 - 00000000 ____D C:\Program Files\iGraal
2015-11-09 23:53 - 2015-11-10 00:32 - 00000000 ____D C:\Program Files (x86)\iGraal
2015-11-09 23:53 - 2015-11-09 23:53 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iGraal
2015-11-09 23:47 - 2015-11-09 23:47 - 02543272 _____ (Microsoft Corporation) C:\Users\Verena\Downloads\InternetExplorerDefault.EXE
2015-11-09 23:04 - 2015-11-09 23:04 - 00002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-09 23:04 - 2015-11-09 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-09 23:02 - 2015-11-11 20:12 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 23:02 - 2015-11-11 11:07 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 23:02 - 2015-11-09 23:04 - 00000000 ____D C:\Users\Verena\AppData\Local\Google
2015-11-09 23:02 - 2015-11-09 23:02 - 00004098 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-09 23:02 - 2015-11-09 23:02 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-09 22:47 - 2015-11-11 20:20 - 00392866 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-09 22:01 - 2015-11-09 22:01 - 00000056 _____ C:\WINDOWS\Reimage.ini
2015-11-09 12:08 - 2015-11-09 12:08 - 00000000 ____D C:\Users\Verena\AppData\Local\Apple Inc
2015-11-09 12:07 - 2015-11-09 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-09 11:52 - 2015-11-09 11:52 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-09 11:52 - 2015-11-09 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-09 11:48 - 2015-11-09 11:52 - 00000000 ____D C:\Program Files\iTunes
2015-11-09 10:27 - 2015-11-11 01:23 - 00001149 _____ C:\Users\Verena\Desktop\SpyHunter.lnk
2015-11-09 10:27 - 2015-11-09 10:27 - 00003328 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-11-09 10:27 - 2015-11-09 10:27 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Enigma Software Group
2015-11-09 10:27 - 2015-11-09 10:27 - 00000000 ____D C:\sh4ldr
2015-11-09 10:26 - 2015-11-09 10:26 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-11-09 10:25 - 2015-11-09 10:25 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Verena\Downloads\SpyHunter-Installer (1).exe
2015-11-08 13:18 - 2015-11-08 13:18 - 02830336 ____R C:\Users\Verena\Desktop\2015-11-08_13-18-47_ups1516.dat
2015-11-08 13:18 - 2015-11-08 13:18 - 00000000 ____D C:\Users\Verena\Desktop\!Quando_Backup
2015-11-07 10:25 - 2015-11-11 20:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 10:25 - 2015-11-07 10:25 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-07 10:25 - 2015-11-07 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-07 10:25 - 2015-11-07 10:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-07 10:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-07 10:25 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-07 10:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-07 10:24 - 2015-11-07 10:25 - 01713664 _____ C:\Users\Verena\Downloads\adwcleaner_5.018 (1).exe
2015-11-07 10:24 - 2015-11-07 10:24 - 22908888 _____ (Malwarebytes ) C:\Users\Verena\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-11-07 10:13 - 2015-11-07 10:13 - 01713664 _____ C:\Users\Verena\Downloads\adwcleaner_5.018.exe
2015-11-07 10:12 - 2015-11-07 10:12 - 04383048 _____ (Google) C:\Users\Verena\Downloads\software_removal_tool.exe
2015-11-06 10:31 - 2015-11-07 10:23 - 00000396 _____ C:\Users\Verena\Downloads\debug.log
2015-11-06 00:00 - 2015-11-06 00:00 - 00000000 ____D C:\Users\Verena\AppData\Local\CEF
2015-11-05 23:58 - 2015-11-09 10:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-05 23:58 - 2015-11-05 23:58 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-05 23:47 - 2015-11-11 20:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2984353058-443001783-614742438-1001
2015-11-05 23:26 - 2015-11-05 23:26 - 00001129 _____ C:\Users\Public\Desktop\ToolbarTerminator.lnk
2015-11-05 23:26 - 2015-11-05 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolbar Terminator
2015-11-05 23:26 - 2015-11-05 23:26 - 00000000 ____D C:\Program Files (x86)\ToolbarTerminator
2015-11-05 23:25 - 2015-11-05 23:25 - 03436096 _____ (Abelssoft ) C:\Users\Verena\Downloads\toolbarterminator2016 (1).exe
2015-11-05 23:18 - 2015-11-05 23:19 - 00000000 ____D C:\Users\Verena\AppData\Local\Abelssoft
2015-11-05 23:18 - 2015-11-05 23:18 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Abelssoft
2015-11-05 23:18 - 2015-11-05 23:18 - 00000000 ____D C:\ProgramData\XDMessagingv4
2015-11-05 23:17 - 2015-11-05 23:17 - 03436096 _____ (Abelssoft ) C:\Users\Verena\Downloads\toolbarterminator2016.exe
2015-11-05 23:15 - 2015-11-07 22:30 - 00003208 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe
2015-11-05 23:05 - 2015-11-05 23:05 - 00004230 _____ C:\WINDOWS\System32\Tasks\avast! BCU UpdateS-1-5-21-2984353058-443001783-614742438-1001
2015-11-05 23:05 - 2015-11-05 23:05 - 00003370 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-2984353058-443001783-614742438-1001
2015-11-05 23:05 - 2015-11-05 23:05 - 00001157 _____ C:\Users\Verena\Desktop\Avast Browser Cleanup.lnk
2015-11-05 23:05 - 2015-11-05 23:05 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-11-05 23:05 - 2015-11-05 23:05 - 00000000 ____D C:\Users\Verena\AppData\Roaming\AVAST Software
2015-11-05 23:04 - 2015-11-05 23:05 - 03824464 _____ (AVAST Software) C:\Users\Verena\Downloads\avast-browser-cleanup-sfx_1032223.exe
2015-11-05 22:25 - 2015-11-05 22:26 - 00000000 ____D C:\ProgramData\AntiToolbar
2015-11-05 22:25 - 2015-11-05 22:25 - 00001744 _____ C:\Users\Public\Desktop\AntiToolbar.lnk
2015-11-05 22:25 - 2015-11-05 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiToolbar
2015-11-05 22:07 - 2015-11-05 22:07 - 02953520 _____ (AVAST Software) C:\Users\Verena\Downloads\avast-browser-cleanup.exe
2015-11-05 11:02 - 2015-11-05 11:02 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-10-28 18:54 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-10-28 18:54 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-10-28 18:32 - 2015-10-28 18:32 - 02830336 ____R C:\Users\Verena\Desktop\2015-10-28_18-32-30_ups1516.dat
2015-10-25 23:08 - 2015-11-09 23:02 - 00000000 ____D C:\Users\Verena\AppData\Local\Deployment
2015-10-25 22:19 - 2015-10-25 22:19 - 00929872 _____ (Google Inc.) C:\Users\Verena\Downloads\ChromeSetup.exe
2015-10-25 17:19 - 2015-10-25 17:20 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-10-25 17:19 - 2015-10-25 17:19 - 00000000 ____D C:\Program Files (x86)\1acb24ed-a38a-4375-a71d-36453c2f8d62
2015-10-25 17:14 - 2015-10-25 17:14 - 00003200 _____ C:\WINDOWS\System32\Tasks\Sunrise
2015-10-25 17:08 - 2015-10-25 17:08 - 00000000 ____D C:\Program Files (x86)\60eecc96-9251-4102-9f94-27849f3e38d1
2015-10-25 17:05 - 2015-10-25 17:05 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-10-25 17:05 - 2015-10-25 17:05 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-10-25 16:04 - 2015-10-25 16:04 - 01110476 _____ C:\Users\Verena\Downloads\7z920.exe
2015-10-21 07:49 - 2015-10-21 07:49 - 02830336 _____ C:\Users\Verena\Desktop\2015-10-21_08-49-11_ups1516.dat
2015-10-16 09:43 - 2015-10-16 09:43 - 00016384 _____ C:\Users\Verena\Downloads\Sitzplan.xls
2015-10-15 10:18 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-15 10:18 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-15 10:18 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-15 10:18 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-15 10:18 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-15 10:18 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-15 10:18 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 11:37 - 2015-10-14 11:37 - 02684816 _____ C:\Users\Verena\Downloads\30776565.zip
2015-10-14 09:19 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 09:19 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 09:19 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 09:19 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 09:19 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 09:19 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 09:19 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 09:19 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 09:19 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 09:19 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 09:19 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 09:19 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 09:19 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 09:19 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 09:19 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 09:19 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 09:19 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 09:19 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 09:19 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 09:19 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 09:19 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 09:18 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 09:18 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 09:18 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 09:18 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 09:18 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 09:18 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 09:18 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 09:18 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 09:18 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 09:18 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 09:18 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 09:18 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 09:18 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 09:18 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 09:18 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 09:18 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 09:18 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 09:18 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 09:18 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 09:18 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 09:18 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 09:18 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 09:18 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 09:18 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 09:18 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 09:18 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 09:18 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 09:18 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 09:18 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 09:18 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 09:18 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 09:18 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 09:18 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 09:18 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 09:18 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 09:18 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 09:18 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 09:17 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 09:17 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 09:17 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 09:17 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 09:17 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 09:17 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 09:17 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 09:17 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 09:17 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 09:17 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 09:17 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 09:17 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:17 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:17 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-11 20:14 - 2014-02-18 10:44 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F5120CD-6898-4418-A612-6B5E92AF44A1}
2015-11-11 20:13 - 2015-09-09 17:04 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Skype
2015-11-11 20:13 - 2013-07-19 14:27 - 00000000 ___RD C:\Users\Verena\Dropbox
2015-11-11 20:12 - 2013-07-19 14:22 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Dropbox
2015-11-11 20:11 - 2013-04-17 09:22 - 00000000 __RDO C:\Users\Verena\SkyDrive
2015-11-11 20:10 - 2015-09-30 20:59 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-11 20:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-11 11:08 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 11:04 - 2015-09-30 20:59 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-11 11:04 - 2013-02-18 21:49 - 00000000 ____D C:\Users\Verena\AppData\Roaming\vlc
2015-11-11 10:25 - 2013-09-01 00:07 - 00000000 ____D C:\AdwCleaner
2015-11-11 07:14 - 2015-09-30 20:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-10 23:55 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-09 23:04 - 2014-01-10 16:40 - 01300992 ___SH C:\Users\Verena\Desktop\Thumbs.db
2015-11-09 23:03 - 2013-02-13 21:52 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-09 22:40 - 2014-01-09 13:27 - 00000000 ____D C:\Users\Verena
2015-11-09 21:51 - 2013-02-16 09:44 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-09 11:49 - 2013-02-16 11:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-09 11:49 - 2013-02-14 22:26 - 00000000 ____D C:\Program Files\iPod
2015-11-09 11:49 - 2013-02-14 22:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-09 10:26 - 2013-08-07 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-11-08 10:13 - 2015-09-09 17:04 - 00000000 ____D C:\ProgramData\Skype
2015-11-07 14:18 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-07 10:25 - 2013-07-18 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-07 10:16 - 2014-01-09 14:14 - 00000919 _____ C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-07 10:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-06 00:00 - 2013-02-16 09:54 - 00000000 ____D C:\Users\Verena\AppData\Local\Adobe
2015-11-05 23:58 - 2014-12-24 11:36 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-05 23:58 - 2012-08-17 01:52 - 00000000 ____D C:\ProgramData\Adobe
2015-11-05 23:58 - 2012-08-17 01:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-05 23:41 - 2013-08-22 15:44 - 00588592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-05 22:27 - 2013-12-19 11:44 - 00000000 ____D C:\Temp
2015-11-05 22:26 - 2013-10-01 20:59 - 00000000 ____D C:\Program Files\AntiToolbar
2015-11-05 11:02 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-11-05 11:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-11-05 10:57 - 2012-12-28 11:59 - 00000000 ___HD C:\Users\Verena\Documents\VSO Downloader
2015-10-27 23:31 - 2014-02-20 08:51 - 00003096 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2984353058-443001783-614742438-1001
2015-10-27 16:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-26 21:44 - 2013-11-14 08:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-26 21:44 - 2013-11-14 08:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-26 21:44 - 2013-11-14 08:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-25 17:14 - 2015-09-09 12:11 - 00001877 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-25 17:14 - 2015-08-30 09:14 - 00000777 _____ C:\Users\Public\Desktop\Digitale Schulbücher.lnk
2015-10-25 17:14 - 2015-05-13 18:35 - 00001099 _____ C:\Users\Public\Desktop\XMedia Recode.lnk
2015-10-25 17:14 - 2015-01-30 19:44 - 00002087 _____ C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-10-25 17:14 - 2014-05-25 22:50 - 00001312 _____ C:\Users\Verena\Desktop\VSO Downloader 4.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-25 17:14 - 2013-08-31 09:49 - 00000907 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-25 17:14 - 2013-08-15 11:31 - 00000978 _____ C:\Users\Verena\Desktop\RegCleaner.lnk
2015-10-25 17:14 - 2013-08-15 11:31 - 00000978 _____ C:\Users\Administrator\Desktop\RegCleaner.lnk
2015-10-25 17:14 - 2012-10-27 06:22 - 00001652 _____ C:\Users\Public\Desktop\ASUS Install.lnk
2015-10-16 05:51 - 2014-10-17 16:44 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2014-10-17 16:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 18:40 - 2014-12-10 15:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 18:40 - 2014-07-11 01:30 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 12:37 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 09:47 - 2015-09-09 17:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-14 23:56 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-14 10:29 - 2013-06-04 09:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 10:19 - 2013-08-14 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 10:03 - 2013-02-17 14:21 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-08-19 22:35 - 2015-05-13 19:58 - 0073216 _____ () C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 08:51 - 2013-10-03 08:55 - 0088806 _____ () C:\ProgramData\1380786719.1964.bin
2013-10-03 08:52 - 2013-10-03 08:56 - 0000462 _____ () C:\ProgramData\1380786719.4056.bin
2013-10-03 08:52 - 2013-10-03 08:56 - 0000189 _____ () C:\ProgramData\1380786719.4192.bin
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2015-10-25 17:19 - 2015-10-25 17:20 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Einige Dateien in TEMP:
====================
C:\Users\Verena\AppData\Local\Temp\AntiToolbarPackage.exe
C:\Users\Verena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxtd1pu.dll
C:\Users\Verena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-09 14:03

==================== Ende von FRST.txt ============================
Addition.txt ist:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-11-2015
durchgeführt von Verena (2015-11-11 20:28:39)
Gestartet von C:\Users\Verena\AppData\Local\Microsoft\Windows\INetCache\IE\2PTMEHQS
Windows 8.1 (X64) (2014-01-09 13:14:13)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2984353058-443001783-614742438-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-2984353058-443001783-614742438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2984353058-443001783-614742438-1003 - Limited - Enabled)
Verena (S-1-5-21-2984353058-443001783-614742438-1001 - Administrator - Enabled) => C:\Users\Verena

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{69AD9F5D-5FF4-384F-1F29-85CBDD366DAB}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4192.0 - Lavasoft) Hidden
AntiToolbar (HKLM\...\AntiToolbar) (Version: 1.0.1.1 - Reimage)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Browser Cleanup (HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
CTO Warenwirtschaft 2013 Schulversion (HKLM-x32\...\{6E8AC3BE-67B9-4FD1-B5AE-6DBC7C6DB537}_is1) (Version: CTO Warenwirtschaft 2013 Schulversion - CTO Software GmbH)
Digitale Schulbücher (HKLM-x32\...\{DE24A5DA-8CE2-4BF8-AE5E-125FBC70BE9B}) (Version: 1.1.0.65 - VBM Service GmbH)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Freemake Video Converter Version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
iGraal Toolbar for Internet Explorer (HKLM\...\{240373D3-4199-4F41-BB4D-15D5B830C82D}) (Version:  - iGraal) <==== ACHTUNG
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Datenbank plus 2014 (x32 Version: 14.00.00.0058 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster (HKLM-x32\...\{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}) (Version: 13.00.00.0027 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.00.00.0007 - Haufe-Lexware GmbH Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware reisekosten plus 2014 (x32 Version: 14.50.00.0190 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware reisekosten plus 2014 Client (HKLM-x32\...\{14f5fd58-b258-45e3-add4-ffba9a503225}) (Version: 14.50.0.190 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus Gratisversion 2014 (HKLM-x32\...\{d9f64277-f45d-4950-b05f-ae2c0179374d}) (Version: 14.50.0.190 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Server Plus 2014 (x32 Version: 14.1.0.1 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Services (x32 Version: 2.00.00.0024 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PAYBACK Toolbar 1.2 (HKLM-x32\...\PAYBACK Toolbar_is1) (Version: 1.2.0 - PAYBACK GmbH)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.75.0 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.09.00(08/03/2013) - Samsung Electronics Co., Ltd.)
Samsung SCX-4200 Series (HKLM-x32\...\Samsung SCX-4200 Series) (Version:  - Samsung Electronics CO.,LTD)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Sybase12ConversionPlus (x32 Version: 14.25.00.0056 - Haufe Lexware GmbH Co.KG) Hidden
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.08.00.0003 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM-x32\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.06.00.0001 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2015 (HKLM-x32\...\{5613CAD3-71ED-4207-95A0-1BA0BF465E38}) (Version: 20.27.130 - Haufe-Lexware GmbH & Co.KG)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbar Terminator (HKLM-x32\...\Toolbar Terminator_is1) (Version: 3.0 - Abelssoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Downloader 3.2.0.6 (HKLM-x32\...\{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1) (Version: 3.2.0.6 - VSO Software)
VSO Downloader 4.4.0.8 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.4.0.8 - VSO Software)
VSO EVE Network Driver version 1.0.0.27 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software)
VSO Media Player 1.4.12.503 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.12.503 - VSO Software)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
XMedia Recode Version 3.2.2.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.9 - XMedia Recode)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

23-10-2015 09:33:19 Windows Update
25-10-2015 15:51:34 AA11
28-10-2015 18:50:29 Windows Update
01-11-2015 19:21:44 Windows Update
05-11-2015 11:05:50 Windows Update
08-11-2015 11:31:45 Windows Update

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 06:26 - 2013-10-01 21:14 - 00447822 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15368 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0C7B8D93-0AC1-470C-A6CF-F2AB4961D4B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {0E4E0065-8764-4E18-ACE2-C027E57FB880} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {11194FB1-BEFA-4ACC-8727-D4D84BA119B8} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\st8..exe
Task: {1C84E18A-AE0F-4C8C-9876-5A3FBFDF6176} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {20453B25-2290-4C45-BC5B-4D2CE1616D4B} - System32\Tasks\{95378C4F-0D57-489B-9045-ED4F9270B27A} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {2D4CC52A-D90D-4BA4-A55C-29762F918DFD} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {2FBEF094-19D1-4CB8-92BE-353EE5FC044C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {450E07C5-787C-472B-91E1-D72918E8DF22} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {61B2A7AF-9C6A-42FC-94F8-8AB7D1301767} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {6A69F2D3-BD95-493E-B1AE-B6326CC46D9F} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {6E408EFA-C377-4A3A-AF00-263014F689EF} - System32\Tasks\avastBCLS-1-5-21-2984353058-443001783-614742438-1001 => C:\Users\Verena\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-11-09] (AVAST Software)
Task: {751A3E70-3748-401A-B993-234DC6240A1B} - System32\Tasks\avastBCLRestart_IEXPLORE.EXE => Iexplore.exe
Task: {7C21820D-9397-4E49-BC58-B4E5D36CE9A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {7C8F9E01-6CC9-44DE-B279-C24D29EC28C6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-09] (Enigma Software Group USA, LLC.)
Task: {ABE21F96-0E89-406F-B6F3-1E955FC02BD5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {ADE58D91-3352-4B84-90E5-1F8699372141} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2984353058-443001783-614742438-1001
Task: {C4C44050-28B6-4DD1-BBCD-93C53329943B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {EB20ED54-C705-4B9D-8BFE-8AEBB249B90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {F550F261-6B0D-4E7C-AE65-47DDBD4B4892} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {F5EE92C8-A4DD-4135-B475-A428853A5622} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2984353058-443001783-614742438-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F9059E72-8492-44AC-88A0-34C1332A8EA0} - System32\Tasks\avast! BCU UpdateS-1-5-21-2984353058-443001783-614742438-1001 => C:\Users\Verena\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {FCF534B5-4362-4390-840E-534CD6B57902} - System32\Tasks\{C278AD16-5EDB-4B57-BD3A-BDE539293EB1} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: {FF878A0E-282C-4E3D-A0F3-9CF007FC737F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2009-11-19 02:34 - 2009-11-19 02:34 - 00022016 _____ () C:\WINDOWS\System32\suge1l6.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 14:54 - 2015-08-27 14:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 14:57 - 2015-08-27 14:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2014-05-26 23:07 - 2013-07-17 16:09 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2015-11-07 11:25 - 2015-11-07 11:26 - 00875352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-11-07 11:25 - 2015-11-07 11:26 - 00741952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-11-07 11:26 - 2015-11-07 11:26 - 02800952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-11-07 11:26 - 2015-11-07 11:26 - 01413024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-11-05 23:26 - 2015-08-19 12:00 - 00056320 _____ () C:\Program Files (x86)\ToolbarTerminator\AbSettings.dll
2012-08-04 09:34 - 2012-08-04 09:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-07-19 09:31 - 2012-10-25 16:26 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-19 09:31 - 2012-10-25 16:26 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 14:57 - 2015-08-27 14:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-15 09:48 - 2012-03-15 09:48 - 00221184 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2015-11-11 20:12 - 2015-11-11 20:12 - 00071168 _____ () c:\users\verena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxtd1pu.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7823 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2984353058-443001783-614742438-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run: => "SpywareTerminatorUpdater"
HKLM\...\StartupApproved\Run: => "SpywareTerminatorShield"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LexwareInfoService"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Samsung PanelMgr"
HKLM\...\StartupApproved\Run32: => "Search Protection"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\StartupApproved\Run: => "Yontoo Desktop"
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F4C8DB46-6FBA-4180-849F-F583F6F514EA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9CF78AE2-486E-4753-ABD5-AAEAC182BB4E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F025F797-5B65-4F10-869E-504100F2EDBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D6FC7CD7-0866-4903-9CEE-B479866D8BEF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{14EB3879-4E4C-4D79-928E-9C81F7485350}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{A688B320-AFE9-4A68-82FA-66E4B09AEBBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{31054F11-F528-46A0-A7C1-7C46733536A8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{4EB44F9C-AC81-4839-900D-8713B484C1C5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{BF76CB53-81CB-4392-9549-7A95FF313236}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{957DF167-1588-4BC7-89DC-58942C184CCE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{5C937942-0156-49DC-9992-39DC706D9451}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D59E12AC-2DAF-4033-856B-4759BB0ADAEF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{663E68AE-0330-42C1-B6D0-D208BC7BD7B7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{8EE0D6D4-C16B-4693-9DA9-B6D5E5BE5662}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [UDP Query User{D13AD787-715F-4E7C-8193-9512DDC4039D}C:\program files (x86)\lexware\taxman\2013\steuer.exe] => (Allow) C:\program files (x86)\lexware\taxman\2013\steuer.exe
FirewallRules: [TCP Query User{E5378BE5-5397-47D4-9B88-E75668093D06}C:\program files (x86)\lexware\taxman\2013\steuer.exe] => (Allow) C:\program files (x86)\lexware\taxman\2013\steuer.exe
FirewallRules: [{BFEF1572-E39F-4A44-8406-4D0CF18EDE81}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
FirewallRules: [{C2987D8E-14DE-4905-B327-A4BDA248D397}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
FirewallRules: [{E7EC74DD-D015-42DF-9AEF-AB8E7CC16D48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CDA8F6FF-1C63-4A19-B266-A610F1E59F00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6991362D-6191-4928-859A-85CAFCBB3396}] => (Allow) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
FirewallRules: [{73101AB0-4523-45E6-AF53-42388DC0384C}] => (Allow) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
FirewallRules: [{720E4AD5-9F55-40FE-9F5F-E4331AD50C91}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbeng9.exe
FirewallRules: [{1B30EC0A-D546-48F6-81BE-0A917E7097E0}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbeng9.exe
FirewallRules: [TCP Query User{057E7C0F-0464-4C0A-8835-48E64F823ABF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A9729F1B-D0CF-40DB-B826-DA5E8596F27D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5D4CFA54-A66A-43F5-A79C-227712168FB6}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\3\VsoDownloader.exe
FirewallRules: [{BCA24B34-0201-454A-A2A3-4A4C1D8308A1}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\3\VsoDownloader.exe
FirewallRules: [{99F929E1-3679-48BD-A54F-7DBEE9D2342D}] => (Allow) E:\fsetup.exe
FirewallRules: [{89C5D0FB-A79D-40DB-B9B7-6783AA927A8A}] => (Allow) E:\fsetup.exe
FirewallRules: [{F0D3E2BC-625F-4EF1-9B32-95C9BBC19223}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\4\VsoDownloader.exe
FirewallRules: [{BAB88195-631B-4016-BB37-9197D994C3CE}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\4\VsoDownloader.exe
FirewallRules: [{6CC5B3E2-D6DF-4FD3-9B55-769D7ABCDC53}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{94140A5F-55CB-4AD5-B14E-8067BCA06208}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{E94319BA-D5EB-48B6-9B3D-943A880F6ED3}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [{672E6D2D-41B9-4262-85F7-18B1A2B50CFA}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [TCP Query User{CFF22B48-B00F-4BFD-88F1-D91FC64B1622}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{47875A03-1128-45A8-810E-4FE1BADFAB60}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E1717D40-272B-4DC4-A7AB-6274675B8455}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3CD84590-347A-4B81-B791-692A1DB20384}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{46D96C11-A75A-4263-B464-A79C72572C86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9688E90D-3BB0-46AB-8EE0-E518216A75F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF93D449-FA61-4982-9E79-94E7F6E38087}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDB0217E-F5F4-4ED4-9F3E-EF154DB05412}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{176A3583-F117-482A-BFD5-F008AF91AC29}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{18033E79-1CDF-437D-9517-94C5DBE9257C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6878C292-5A60-43CF-A9CA-EDCD0322FD34}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/11/2015 08:09:19 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (11/11/2015 11:32:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31313

Error: (11/11/2015 11:32:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31313

Error: (11/11/2015 11:32:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/11/2015 11:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (11/11/2015 11:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (11/11/2015 11:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/11/2015 06:46:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FreemakeUtilsService.exe, Version: 1.0.0.0, Zeitstempel: 0x520b7c0a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x6c0
Startzeit der fehlerhaften Anwendung: 0xFreemakeUtilsService.exe0
Pfad der fehlerhaften Anwendung: FreemakeUtilsService.exe1
Pfad des fehlerhaften Moduls: FreemakeUtilsService.exe2
Berichtskennung: FreemakeUtilsService.exe3
Vollständiger Name des fehlerhaften Pakets: FreemakeUtilsService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FreemakeUtilsService.exe5

Error: (11/11/2015 05:56:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
  bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
  bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
  bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
  bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
  bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
  bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
  bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
  bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/10/2015 11:43:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30750


Systemfehler:
=============
Error: (11/11/2015 08:09:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Haufe FabricHostService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/11/2015 07:15:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/11/2015 04:48:24 AM) (Source: DCOM) (EventID: 10010) (User: STANZER)
Description: {04F3B937-6C9D-4DAC-9477-8C35E24B25D1}

Error: (11/10/2015 11:55:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (11/10/2015 11:55:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/10/2015 11:55:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (11/10/2015 11:55:25 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (11/10/2015 11:55:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎11.‎2015 um 23:47:55 unerwartet heruntergefahren.

Error: (11/10/2015 11:42:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AMD External Events Utility erreicht.

Error: (11/10/2015 08:35:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f024b fehlgeschlagen: Samsung - Printers - Samsung Universal Print Driver 3


CodeIntegrity:
===================================
  Date: 2015-10-25 17:21:54.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:53.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:47.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:47.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:36.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:35.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:34.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:33.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-07 13:32:26.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-07 13:32:25.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 3673.35 MB
Verfügbarer physikalischer RAM: 1305.27 MB
Summe virtueller Speicher: 5657.35 MB
Verfügbarer virtueller Speicher: 2412.94 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:40.52 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:104.65 GB) NTFS

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ============================

cosinus 11.11.2015 20:53
Ist das ein gewerblich genutztes System? Ich da einiges an Software, die dafür spricht.

Stanzer 11.11.2015 20:56
Nein.
Ist mein Privater Rechner in meinem Wohnzimmer.

Bzw. meine Frau nutzt ihn manchmal für Ihre Schulvorbereitungen.
Sie ist Lehrerin.

Stanzer 14.11.2015 00:41
Weiß Jemand einen Rat?
Ich freue mich über jede Hilfe!

cosinus 14.11.2015 18:33
Sry dein Beitrag ist durchgerutscht...

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Stanzer 16.11.2015 02:48
Antwort zum 1. Punkt:

1. Schritt: Malwarebytes. Das Logfile von MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 15/11/2015 10:51, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 15/11/2015 10:51, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 15/11/2015 10:51, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 15/11/2015 10:53, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 15/11/2015 10:57, SYSTEM, STANZER, Manual, Remediation Database, 2015.11.10.2, 2015.11.13.1,
Update, 15/11/2015 10:57, SYSTEM, STANZER, Manual, IP Database, 2015.11.10.1, 2015.11.13.1,
Update, 15/11/2015 10:57, SYSTEM, STANZER, Manual, Rootkit Database, 2015.11.4.2, 2015.11.14.1,
Update, 15/11/2015 10:57, SYSTEM, STANZER, Manual, Domain Database, 2015.11.11.4, 2015.11.14.3,
Update, 15/11/2015 10:57, SYSTEM, STANZER, Manual, Malware Database, 2015.11.12.2, 2015.11.15.1,
Protection, 15/11/2015 10:57, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 15/11/2015 10:57, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 15/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 15/11/2015 10:58, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 15/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 15/11/2015 10:58, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Update, 15/11/2015 14:08, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.15.1, 2015.11.15.2,
Protection, 15/11/2015 14:08, SYSTEM, STANZER, Protection, Refresh, Starting,
Protection, 15/11/2015 14:08, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopping,
Protection, 15/11/2015 14:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Stopped,
Protection, 15/11/2015 14:09, SYSTEM, STANZER, Protection, Refresh, Success,
Protection, 15/11/2015 14:09, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Update, 15/11/2015 15:54, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.15.2, 2015.11.15.3,
Protection, 15/11/2015 15:54, SYSTEM, STANZER, Protection, Refresh, Starting,
Update, 15/11/2015 18:06, SYSTEM, STANZER, Scheduler, Malware Database, 2015.11.15.3, 2015.11.15.4,
Protection, 15/11/2015 21:02, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 15/11/2015 21:02, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 15/11/2015 21:02, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 15/11/2015 21:04, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,
Scan, 15/11/2015 22:40, SYSTEM, STANZER, Manual, Start: 15/11/2015 21:06, Dauer: 1 Std. 31 Min. 4 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 57 Nicht-Malware-Erkennungen,
Protection, 15/11/2015 22:44, SYSTEM, STANZER, Protection, Malware Protection, Starting,
Protection, 15/11/2015 22:44, SYSTEM, STANZER, Protection, Malware Protection, Started,
Protection, 15/11/2015 22:44, SYSTEM, STANZER, Protection, Malicious Website Protection, Starting,
Protection, 15/11/2015 22:45, SYSTEM, STANZER, Protection, Malicious Website Protection, Started,

(end)
Zum 2. Schritt:

adwCleaner

Beim ersten Bereinigen ist mein System "hängengeblieben".
Daher habe ich noch einen zweiten Durchlauf gestartet:

Hier das letzte Protokoll:
Code:
2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
"Tracing" Schlüssel löschen
Winsock Einstellungen zurücksetzen
Proxy Einstellungen zurücksetzen
Internet Explorer Richtlinien zurücksetzen
Chrome Richtlinien zurücksetzen
Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
3. Punkt.

JRT ausgeführt:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Verena on 16/11/2015 at  2:10:35.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9613CB43-EA4C-48B5-878D-13DFE1818EFE}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google



~~~ Files

Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Successfully deleted: [File] C:\ProgramData\1380786719.1964.bin
Successfully deleted: [File] C:\ProgramData\1380786719.4056.bin
Successfully deleted: [File] C:\ProgramData\1380786719.4192.bin



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\ToolbarTerminator



~~~ Chrome


[C:\Users\Verena\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Verena\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Verena\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Verena\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/11/2015 at  2:17:50.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. Punkt FRST.TXT

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
durchgeführt von Verena (Administrator) auf STANZER (16-11-2015 02:38:05)
Gestartet von C:\Users\Verena\Desktop
Geladene Profile: Verena (Verfügbare Profile: Verena & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software) C:\Users\Verena\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-27]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8F730AD0-818D-493B-A178-B5676DF2C8FA}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F401B118-9576-46B2-B5D4-50DDA14CC7D1}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2984353058-443001783-614742438-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-004752
HKU\S-1-5-21-2984353058-443001783-614742438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://about:blank
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2013-02-18] (Sun Microsystems, Inc.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll [2011-04-22] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2013-02-18] (Sun Microsystems, Inc.)
IE Session Restore: HKU\S-1-5-21-2984353058-443001783-614742438-1001 -> ist aktiviert.
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2013-02-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden

Chrome:
=======
CHR Profile: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google-Suche) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Tabellen) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (Skype Click to Call) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Google Mail) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-08-14] (Freemake) [Datei ist nicht signiert]
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [14848 2013-10-10] (Haufe-Lexware GmbH & Co. KG) [Datei ist nicht signiert]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2013-08-16] (Haufe-Lexware GmbH & Co. KG) [Datei ist nicht signiert]
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2012-05-11] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-11-09] (Enigma Software Group USA, LLC.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AbAdminService; "C:\Program Files (x86)\ToolbarTerminator\AbAdminService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-12-08] (Samsung Electronics)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-11-09] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-09] ()
R1 Eve; C:\Windows\system32\DRIVERS\eve.sys [41304 2015-01-21] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-02] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-16 02:38 - 2015-11-16 02:38 - 00027885 _____ C:\Users\Verena\Desktop\FRST.txt
2015-11-16 02:37 - 2015-11-16 02:37 - 02198528 _____ (Farbar) C:\Users\Verena\Desktop\FRST64.exe
2015-11-16 02:17 - 2015-11-16 02:17 - 00001656 _____ C:\Users\Verena\Desktop\JRT.txt
2015-11-16 00:19 - 2015-11-16 00:19 - 01798976 _____ (Malwarebytes) C:\Users\Verena\Desktop\JRT.exe
2015-11-15 23:04 - 2015-11-15 23:05 - 01732096 _____ C:\Users\Verena\Downloads\adwcleaner_5.021.exe
2015-11-15 22:49 - 2015-11-15 22:49 - 00003298 _____ C:\Users\Verena\Desktop\mbam.txt
2015-11-11 21:16 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 21:16 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 21:16 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 21:16 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 21:16 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 21:16 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 21:16 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 21:16 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 21:16 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 21:16 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 21:16 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 21:16 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 21:16 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 21:16 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 21:16 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 21:16 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 21:16 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 21:16 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 21:16 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 21:16 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 21:16 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 21:09 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 21:09 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 21:09 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 21:09 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 21:09 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 21:09 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 21:09 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 21:09 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 21:09 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 21:09 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 21:09 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 21:09 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 21:09 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 21:09 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 21:09 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 21:09 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 21:09 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 21:09 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 21:07 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 21:07 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-11 21:07 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-11 21:04 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 21:02 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 21:02 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 20:55 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 20:55 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 20:48 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 20:48 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 20:48 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 20:48 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 20:48 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 20:48 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 20:48 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 20:48 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 20:48 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 20:48 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 20:47 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 20:47 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 20:47 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 20:47 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 20:47 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 20:47 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 20:47 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 20:47 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 20:47 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 20:47 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 20:47 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 20:47 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 20:47 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 20:46 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 20:41 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 20:41 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 20:41 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 20:41 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 20:41 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 20:41 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 20:41 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-11 20:24 - 2015-11-16 02:38 - 00000000 ____D C:\FRST
2015-11-11 07:13 - 2015-11-11 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 23:55 - 2015-11-16 02:32 - 00000693 _____ C:\WINDOWS\setupact.log
2015-11-10 23:55 - 2015-11-10 23:55 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-10 23:54 - 2015-11-12 10:41 - 00005888 _____ C:\WINDOWS\PFRO.log
2015-11-10 22:56 - 2015-11-10 22:56 - 00003188 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_IEXPLORE.EXE
2015-11-10 00:26 - 2015-11-10 00:26 - 00000000 ____D C:\Users\Verena\AppData\LocalLow\PaybackToolbar32
2015-11-10 00:26 - 2015-11-10 00:26 - 00000000 ____D C:\Program Files (x86)\Payback
2015-11-09 23:53 - 2015-11-09 23:53 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iGraal
2015-11-09 23:47 - 2015-11-09 23:47 - 02543272 _____ (Microsoft Corporation) C:\Users\Verena\Downloads\InternetExplorerDefault.EXE
2015-11-09 23:04 - 2015-11-12 11:33 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-09 23:04 - 2015-11-09 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-09 23:02 - 2015-11-16 02:33 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 23:02 - 2015-11-16 02:08 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 23:02 - 2015-11-09 23:04 - 00000000 ____D C:\Users\Verena\AppData\Local\Google
2015-11-09 23:02 - 2015-11-09 23:02 - 00004098 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-09 23:02 - 2015-11-09 23:02 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-09 22:47 - 2015-11-16 02:31 - 00988127 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-09 12:08 - 2015-11-09 12:08 - 00000000 ____D C:\Users\Verena\AppData\Local\Apple Inc
2015-11-09 12:07 - 2015-11-09 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-09 11:52 - 2015-11-09 11:52 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-09 11:52 - 2015-11-09 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-09 11:48 - 2015-11-09 11:52 - 00000000 ____D C:\Program Files\iTunes
2015-11-09 10:27 - 2015-11-11 01:23 - 00001149 _____ C:\Users\Verena\Desktop\SpyHunter.lnk
2015-11-09 10:27 - 2015-11-09 10:27 - 00003328 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-11-09 10:27 - 2015-11-09 10:27 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Enigma Software Group
2015-11-09 10:27 - 2015-11-09 10:27 - 00000000 ____D C:\sh4ldr
2015-11-09 10:26 - 2015-11-09 10:26 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-11-09 10:25 - 2015-11-09 10:25 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Verena\Downloads\SpyHunter-Installer (1).exe
2015-11-08 13:18 - 2015-11-08 13:18 - 02830336 ____R C:\Users\Verena\Desktop\2015-11-08_13-18-47_ups1516.dat
2015-11-08 13:18 - 2015-11-08 13:18 - 00000000 ____D C:\Users\Verena\Desktop\!Quando_Backup
2015-11-07 10:25 - 2015-11-16 02:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 10:25 - 2015-11-07 10:25 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-07 10:25 - 2015-11-07 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-07 10:25 - 2015-11-07 10:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-07 10:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-07 10:25 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-07 10:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-07 10:24 - 2015-11-07 10:25 - 01713664 _____ C:\Users\Verena\Downloads\adwcleaner_5.018 (1).exe
2015-11-07 10:24 - 2015-11-07 10:24 - 22908888 _____ (Malwarebytes ) C:\Users\Verena\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-11-07 10:13 - 2015-11-07 10:13 - 01713664 _____ C:\Users\Verena\Downloads\adwcleaner_5.018.exe
2015-11-07 10:12 - 2015-11-07 10:12 - 04383048 _____ (Google) C:\Users\Verena\Downloads\software_removal_tool.exe
2015-11-06 10:31 - 2015-11-07 10:23 - 00000396 _____ C:\Users\Verena\Downloads\debug.log
2015-11-06 00:00 - 2015-11-06 00:00 - 00000000 ____D C:\Users\Verena\AppData\Local\CEF
2015-11-05 23:58 - 2015-11-09 10:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-05 23:58 - 2015-11-05 23:58 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-05 23:47 - 2015-11-16 02:39 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2984353058-443001783-614742438-1001
2015-11-05 23:26 - 2015-11-05 23:26 - 00001129 _____ C:\Users\Public\Desktop\ToolbarTerminator.lnk
2015-11-05 23:26 - 2015-11-05 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolbar Terminator
2015-11-05 23:25 - 2015-11-05 23:25 - 03436096 _____ (Abelssoft ) C:\Users\Verena\Downloads\toolbarterminator2016 (1).exe
2015-11-05 23:18 - 2015-11-05 23:19 - 00000000 ____D C:\Users\Verena\AppData\Local\Abelssoft
2015-11-05 23:18 - 2015-11-05 23:18 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Abelssoft
2015-11-05 23:18 - 2015-11-05 23:18 - 00000000 ____D C:\ProgramData\XDMessagingv4
2015-11-05 23:17 - 2015-11-05 23:17 - 03436096 _____ (Abelssoft ) C:\Users\Verena\Downloads\toolbarterminator2016.exe
2015-11-05 23:15 - 2015-11-07 22:30 - 00003208 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe
2015-11-05 23:05 - 2015-11-05 23:05 - 00004230 _____ C:\WINDOWS\System32\Tasks\avast! BCU UpdateS-1-5-21-2984353058-443001783-614742438-1001
2015-11-05 23:05 - 2015-11-05 23:05 - 00003370 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-2984353058-443001783-614742438-1001
2015-11-05 23:05 - 2015-11-05 23:05 - 00001157 _____ C:\Users\Verena\Desktop\Avast Browser Cleanup.lnk
2015-11-05 23:05 - 2015-11-05 23:05 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-11-05 23:05 - 2015-11-05 23:05 - 00000000 ____D C:\Users\Verena\AppData\Roaming\AVAST Software
2015-11-05 23:04 - 2015-11-05 23:05 - 03824464 _____ (AVAST Software) C:\Users\Verena\Downloads\avast-browser-cleanup-sfx_1032223.exe
2015-11-05 22:25 - 2015-11-05 22:26 - 00000000 ____D C:\ProgramData\AntiToolbar
2015-11-05 22:25 - 2015-11-05 22:25 - 00001744 _____ C:\Users\Public\Desktop\AntiToolbar.lnk
2015-11-05 22:25 - 2015-11-05 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiToolbar
2015-11-05 22:07 - 2015-11-05 22:07 - 02953520 _____ (AVAST Software) C:\Users\Verena\Downloads\avast-browser-cleanup.exe
2015-10-28 18:54 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-10-28 18:54 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-10-28 18:32 - 2015-10-28 18:32 - 02830336 ____R C:\Users\Verena\Desktop\2015-10-28_18-32-30_ups1516.dat
2015-10-25 23:08 - 2015-11-09 23:02 - 00000000 ____D C:\Users\Verena\AppData\Local\Deployment
2015-10-25 22:19 - 2015-10-25 22:19 - 00929872 _____ (Google Inc.) C:\Users\Verena\Downloads\ChromeSetup.exe
2015-10-25 17:19 - 2015-10-25 17:19 - 00000000 ____D C:\Program Files (x86)\1acb24ed-a38a-4375-a71d-36453c2f8d62
2015-10-25 17:14 - 2015-10-25 17:14 - 00003200 _____ C:\WINDOWS\System32\Tasks\Sunrise
2015-10-25 17:08 - 2015-10-25 17:08 - 00000000 ____D C:\Program Files (x86)\60eecc96-9251-4102-9f94-27849f3e38d1
2015-10-25 16:04 - 2015-10-25 16:04 - 01110476 _____ C:\Users\Verena\Downloads\7z920.exe
2015-10-21 07:49 - 2015-10-21 07:49 - 02830336 _____ C:\Users\Verena\Desktop\2015-10-21_08-49-11_ups1516.dat

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-16 02:37 - 2015-09-09 17:04 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Skype
2015-11-16 02:37 - 2013-07-19 14:27 - 00000000 ___RD C:\Users\Verena\Dropbox
2015-11-16 02:36 - 2013-07-19 14:22 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Dropbox
2015-11-16 02:36 - 2013-04-17 09:22 - 00000000 __RDO C:\Users\Verena\SkyDrive
2015-11-16 02:33 - 2015-09-30 20:59 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-16 02:33 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-16 02:07 - 2014-01-09 13:27 - 00000000 ____D C:\Users\Verena
2015-11-16 02:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-16 00:08 - 2013-09-01 00:07 - 00000000 ____D C:\AdwCleaner
2015-11-16 00:04 - 2015-09-30 20:59 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-15 21:08 - 2014-02-18 10:44 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F5120CD-6898-4418-A612-6B5E92AF44A1}
2015-11-13 09:51 - 2013-02-18 21:49 - 00000000 ____D C:\Users\Verena\AppData\Roaming\vlc
2015-11-12 12:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 10:48 - 2012-12-28 11:59 - 00000000 ___HD C:\Users\Verena\Documents\VSO Downloader
2015-11-12 10:41 - 2013-08-22 15:44 - 00588592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-12 00:35 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-11 22:19 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 22:18 - 2013-06-04 09:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 22:00 - 2013-08-14 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 21:50 - 2013-02-17 14:21 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 07:14 - 2015-09-30 20:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-09 23:04 - 2014-01-10 16:40 - 01300992 ___SH C:\Users\Verena\Desktop\Thumbs.db
2015-11-09 23:03 - 2013-02-13 21:52 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-09 21:51 - 2013-02-16 09:44 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-09 11:49 - 2013-02-16 11:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-09 11:49 - 2013-02-14 22:26 - 00000000 ____D C:\Program Files\iPod
2015-11-09 11:49 - 2013-02-14 22:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-09 10:26 - 2013-08-07 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-11-08 10:13 - 2015-09-09 17:04 - 00000000 ____D C:\ProgramData\Skype
2015-11-07 14:18 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-07 10:25 - 2013-07-18 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-07 10:16 - 2014-01-09 14:14 - 00000919 _____ C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-07 10:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-06 00:00 - 2013-02-16 09:54 - 00000000 ____D C:\Users\Verena\AppData\Local\Adobe
2015-11-05 23:58 - 2014-12-24 11:36 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-05 23:58 - 2012-08-17 01:52 - 00000000 ____D C:\ProgramData\Adobe
2015-11-05 23:58 - 2012-08-17 01:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-05 22:27 - 2013-12-19 11:44 - 00000000 ____D C:\Temp
2015-11-05 22:26 - 2013-10-01 20:59 - 00000000 ____D C:\Program Files\AntiToolbar
2015-11-05 11:02 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-11-05 11:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-11-03 01:23 - 2014-10-17 16:44 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-10-17 16:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-27 23:31 - 2014-02-20 08:51 - 00003096 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2984353058-443001783-614742438-1001
2015-10-27 16:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-26 21:44 - 2013-11-14 08:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-26 21:44 - 2013-11-14 08:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-26 21:44 - 2013-11-14 08:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-25 17:14 - 2015-09-09 12:11 - 00001877 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-25 17:14 - 2015-08-30 09:14 - 00000777 _____ C:\Users\Public\Desktop\Digitale Schulbücher.lnk
2015-10-25 17:14 - 2015-05-13 18:35 - 00001099 _____ C:\Users\Public\Desktop\XMedia Recode.lnk
2015-10-25 17:14 - 2015-01-30 19:44 - 00002087 _____ C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-10-25 17:14 - 2014-05-25 22:50 - 00001312 _____ C:\Users\Verena\Desktop\VSO Downloader 4.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-25 17:14 - 2014-04-22 21:13 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-25 17:14 - 2013-08-31 09:49 - 00000907 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-25 17:14 - 2013-08-15 11:31 - 00000978 _____ C:\Users\Verena\Desktop\RegCleaner.lnk
2015-10-25 17:14 - 2013-08-15 11:31 - 00000978 _____ C:\Users\Administrator\Desktop\RegCleaner.lnk
2015-10-25 17:14 - 2012-10-27 06:22 - 00001652 _____ C:\Users\Public\Desktop\ASUS Install.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-08-19 22:35 - 2015-05-13 19:58 - 0073216 _____ () C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Einige Dateien in TEMP:
====================
C:\Users\Verena\AppData\Local\Temp\AntiToolbarPackage.exe
C:\Users\Verena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsamarp.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-16 02:18

==================== Ende von FRST.txt ============================
Addition.TXT

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-11-2015
durchgeführt von Verena (2015-11-16 02:41:50)
Gestartet von C:\Users\Verena\Desktop
Windows 8.1 (X64) (2014-01-09 13:14:13)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2984353058-443001783-614742438-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-2984353058-443001783-614742438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2984353058-443001783-614742438-1003 - Limited - Enabled)
Verena (S-1-5-21-2984353058-443001783-614742438-1001 - Administrator - Enabled) => C:\Users\Verena

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{69AD9F5D-5FF4-384F-1F29-85CBDD366DAB}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4192.0 - Lavasoft) Hidden
AntiToolbar (HKLM\...\AntiToolbar) (Version: 1.0.1.1 - Reimage)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Browser Cleanup (HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
CTO Warenwirtschaft 2013 Schulversion (HKLM-x32\...\{6E8AC3BE-67B9-4FD1-B5AE-6DBC7C6DB537}_is1) (Version: CTO Warenwirtschaft 2013 Schulversion - CTO Software GmbH)
Digitale Schulbücher (HKLM-x32\...\{DE24A5DA-8CE2-4BF8-AE5E-125FBC70BE9B}) (Version: 1.1.0.65 - VBM Service GmbH)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Freemake Video Converter Version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Datenbank plus 2014 (x32 Version: 14.00.00.0058 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster (HKLM-x32\...\{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}) (Version: 13.00.00.0027 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.00.00.0007 - Haufe-Lexware GmbH Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware reisekosten plus 2014 (x32 Version: 14.50.00.0190 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware reisekosten plus 2014 Client (HKLM-x32\...\{14f5fd58-b258-45e3-add4-ffba9a503225}) (Version: 14.50.0.190 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus Gratisversion 2014 (HKLM-x32\...\{d9f64277-f45d-4950-b05f-ae2c0179374d}) (Version: 14.50.0.190 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Server Plus 2014 (x32 Version: 14.1.0.1 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Services (x32 Version: 2.00.00.0024 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PAYBACK Toolbar 1.2 (HKLM-x32\...\PAYBACK Toolbar_is1) (Version: 1.2.0 - PAYBACK GmbH)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.75.0 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.09.00(08/03/2013) - Samsung Electronics Co., Ltd.)
Samsung SCX-4200 Series (HKLM-x32\...\Samsung SCX-4200 Series) (Version:  - Samsung Electronics CO.,LTD)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Sybase12ConversionPlus (x32 Version: 14.25.00.0056 - Haufe Lexware GmbH Co.KG) Hidden
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.08.00.0003 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM-x32\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.06.00.0001 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2015 (HKLM-x32\...\{5613CAD3-71ED-4207-95A0-1BA0BF465E38}) (Version: 20.27.130 - Haufe-Lexware GmbH & Co.KG)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbar Terminator (HKLM-x32\...\Toolbar Terminator_is1) (Version: 3.0 - Abelssoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Downloader 3.2.0.6 (HKLM-x32\...\{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1) (Version: 3.2.0.6 - VSO Software)
VSO Downloader 4.4.0.8 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.4.0.8 - VSO Software)
VSO EVE Network Driver version 1.0.0.27 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software)
VSO Media Player 1.4.12.503 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.12.503 - VSO Software)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
XMedia Recode Version 3.2.2.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.9 - XMedia Recode)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

05-11-2015 11:05:50 Windows Update
08-11-2015 11:31:45 Windows Update
11-11-2015 21:42:42 Windows Update
16-11-2015 00:20:44 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 06:26 - 2013-10-01 21:14 - 00447822 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15368 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0C7B8D93-0AC1-470C-A6CF-F2AB4961D4B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {0E4E0065-8764-4E18-ACE2-C027E57FB880} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {11194FB1-BEFA-4ACC-8727-D4D84BA119B8} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\st8..exe
Task: {1C84E18A-AE0F-4C8C-9876-5A3FBFDF6176} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {20453B25-2290-4C45-BC5B-4D2CE1616D4B} - System32\Tasks\{95378C4F-0D57-489B-9045-ED4F9270B27A} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {2D4CC52A-D90D-4BA4-A55C-29762F918DFD} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {2FBEF094-19D1-4CB8-92BE-353EE5FC044C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {450E07C5-787C-472B-91E1-D72918E8DF22} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5E57CCE4-D068-4B0C-AC2B-DAE73697F335} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {61B2A7AF-9C6A-42FC-94F8-8AB7D1301767} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {6A69F2D3-BD95-493E-B1AE-B6326CC46D9F} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {6E408EFA-C377-4A3A-AF00-263014F689EF} - System32\Tasks\avastBCLS-1-5-21-2984353058-443001783-614742438-1001 => C:\Users\Verena\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-11-09] (AVAST Software)
Task: {751A3E70-3748-401A-B993-234DC6240A1B} - System32\Tasks\avastBCLRestart_IEXPLORE.EXE => Iexplore.exe
Task: {7C8F9E01-6CC9-44DE-B279-C24D29EC28C6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-09] (Enigma Software Group USA, LLC.)
Task: {ABE21F96-0E89-406F-B6F3-1E955FC02BD5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {ADE58D91-3352-4B84-90E5-1F8699372141} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2984353058-443001783-614742438-1001
Task: {C4C44050-28B6-4DD1-BBCD-93C53329943B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {EB20ED54-C705-4B9D-8BFE-8AEBB249B90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {F550F261-6B0D-4E7C-AE65-47DDBD4B4892} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {F5EE92C8-A4DD-4135-B475-A428853A5622} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2984353058-443001783-614742438-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F9059E72-8492-44AC-88A0-34C1332A8EA0} - System32\Tasks\avast! BCU UpdateS-1-5-21-2984353058-443001783-614742438-1001 => C:\Users\Verena\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {FCF534B5-4362-4390-840E-534CD6B57902} - System32\Tasks\{C278AD16-5EDB-4B57-BD3A-BDE539293EB1} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: {FF878A0E-282C-4E3D-A0F3-9CF007FC737F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2009-11-19 02:34 - 2009-11-19 02:34 - 00022016 _____ () C:\WINDOWS\System32\suge1l6.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 14:54 - 2015-08-27 14:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 14:57 - 2015-08-27 14:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2014-05-26 23:07 - 2013-07-17 16:09 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2015-11-07 11:25 - 2015-11-07 11:26 - 00875352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-11-07 11:25 - 2015-11-07 11:26 - 00741952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-11-07 11:26 - 2015-11-07 11:26 - 02800952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-11-07 11:26 - 2015-11-07 11:26 - 01413024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2012-08-04 09:34 - 2012-08-04 09:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-07-19 09:31 - 2012-10-25 16:26 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-19 09:31 - 2012-10-25 16:26 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 14:57 - 2015-08-27 14:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-15 09:48 - 2012-03-15 09:48 - 00221184 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2015-11-16 02:36 - 2015-11-16 02:36 - 00071168 _____ () c:\users\verena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsamarp.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-11 05:35 - 2015-09-03 01:11 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7823 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2984353058-443001783-614742438-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run: => "SpywareTerminatorUpdater"
HKLM\...\StartupApproved\Run: => "SpywareTerminatorShield"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LexwareInfoService"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Samsung PanelMgr"
HKLM\...\StartupApproved\Run32: => "Search Protection"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\StartupApproved\Run: => "Yontoo Desktop"
HKU\S-1-5-21-2984353058-443001783-614742438-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F4C8DB46-6FBA-4180-849F-F583F6F514EA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9CF78AE2-486E-4753-ABD5-AAEAC182BB4E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F025F797-5B65-4F10-869E-504100F2EDBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D6FC7CD7-0866-4903-9CEE-B479866D8BEF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{14EB3879-4E4C-4D79-928E-9C81F7485350}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{A688B320-AFE9-4A68-82FA-66E4B09AEBBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{31054F11-F528-46A0-A7C1-7C46733536A8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{4EB44F9C-AC81-4839-900D-8713B484C1C5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{BF76CB53-81CB-4392-9549-7A95FF313236}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{957DF167-1588-4BC7-89DC-58942C184CCE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{5C937942-0156-49DC-9992-39DC706D9451}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D59E12AC-2DAF-4033-856B-4759BB0ADAEF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{663E68AE-0330-42C1-B6D0-D208BC7BD7B7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{8EE0D6D4-C16B-4693-9DA9-B6D5E5BE5662}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [UDP Query User{D13AD787-715F-4E7C-8193-9512DDC4039D}C:\program files (x86)\lexware\taxman\2013\steuer.exe] => (Allow) C:\program files (x86)\lexware\taxman\2013\steuer.exe
FirewallRules: [TCP Query User{E5378BE5-5397-47D4-9B88-E75668093D06}C:\program files (x86)\lexware\taxman\2013\steuer.exe] => (Allow) C:\program files (x86)\lexware\taxman\2013\steuer.exe
FirewallRules: [{BFEF1572-E39F-4A44-8406-4D0CF18EDE81}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
FirewallRules: [{C2987D8E-14DE-4905-B327-A4BDA248D397}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
FirewallRules: [{E7EC74DD-D015-42DF-9AEF-AB8E7CC16D48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CDA8F6FF-1C63-4A19-B266-A610F1E59F00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6991362D-6191-4928-859A-85CAFCBB3396}] => (Allow) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
FirewallRules: [{73101AB0-4523-45E6-AF53-42388DC0384C}] => (Allow) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
FirewallRules: [{720E4AD5-9F55-40FE-9F5F-E4331AD50C91}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbeng9.exe
FirewallRules: [{1B30EC0A-D546-48F6-81BE-0A917E7097E0}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbeng9.exe
FirewallRules: [TCP Query User{057E7C0F-0464-4C0A-8835-48E64F823ABF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A9729F1B-D0CF-40DB-B826-DA5E8596F27D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5D4CFA54-A66A-43F5-A79C-227712168FB6}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\3\VsoDownloader.exe
FirewallRules: [{BCA24B34-0201-454A-A2A3-4A4C1D8308A1}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\3\VsoDownloader.exe
FirewallRules: [{99F929E1-3679-48BD-A54F-7DBEE9D2342D}] => (Allow) E:\fsetup.exe
FirewallRules: [{89C5D0FB-A79D-40DB-B9B7-6783AA927A8A}] => (Allow) E:\fsetup.exe
FirewallRules: [{F0D3E2BC-625F-4EF1-9B32-95C9BBC19223}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\4\VsoDownloader.exe
FirewallRules: [{BAB88195-631B-4016-BB37-9197D994C3CE}] => (Allow) C:\Program Files (x86)\VSO\VSO Downloader\4\VsoDownloader.exe
FirewallRules: [{6CC5B3E2-D6DF-4FD3-9B55-769D7ABCDC53}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{94140A5F-55CB-4AD5-B14E-8067BCA06208}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{E94319BA-D5EB-48B6-9B3D-943A880F6ED3}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [{672E6D2D-41B9-4262-85F7-18B1A2B50CFA}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [TCP Query User{CFF22B48-B00F-4BFD-88F1-D91FC64B1622}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{47875A03-1128-45A8-810E-4FE1BADFAB60}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E1717D40-272B-4DC4-A7AB-6274675B8455}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3CD84590-347A-4B81-B791-692A1DB20384}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{46D96C11-A75A-4263-B464-A79C72572C86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9688E90D-3BB0-46AB-8EE0-E518216A75F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF93D449-FA61-4982-9E79-94E7F6E38087}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDB0217E-F5F4-4ED4-9F3E-EF154DB05412}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{176A3583-F117-482A-BFD5-F008AF91AC29}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6878C292-5A60-43CF-A9CA-EDCD0322FD34}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{98D4A625-E326-4DBE-B8A8-231F64162065}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/15/2015 11:11:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (11/15/2015 10:58:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 824

Startzeit: 01d11f8b58f7cecb

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 4c2c98f7-8b7f-11e5-8016-08606e48b7aa

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (11/12/2015 02:34:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15344

Error: (11/12/2015 02:34:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15344

Error: (11/12/2015 02:34:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/11/2015 08:09:19 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (11/11/2015 11:32:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31313

Error: (11/11/2015 11:32:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31313

Error: (11/11/2015 11:32:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/11/2015 11:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625


Systemfehler:
=============
Error: (11/16/2015 02:33:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (11/16/2015 02:33:00 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/16/2015 02:32:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (11/16/2015 02:32:56 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (11/16/2015 02:19:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f024b fehlgeschlagen: Samsung - Printers - Samsung Universal Print Driver 3

Error: (11/16/2015 02:12:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/16/2015 02:12:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V12" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/16/2015 02:12:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/16/2015 02:12:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/16/2015 02:12:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-10-25 17:21:54.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:53.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:47.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:47.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:36.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:35.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:34.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 17:21:33.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-07 13:32:26.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-07 13:32:25.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 3673.35 MB
Verfügbarer physikalischer RAM: 1328.64 MB
Summe virtueller Speicher: 5465.35 MB
Verfügbarer virtueller Speicher: 2593.63 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:42.65 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:104.65 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 944CB54D)

Partition: GPT.

==================== Ende von Addition.txt ============================

cosinus 16.11.2015 09:22
Poste das richtige Log von MBAM, Suchlauf-Protokolle, und keine Protection-Logs.

Stanzer 16.11.2015 11:46
MBAM Suchlaufprotokoll:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 15/11/2015
Suchlaufzeit: 21:06
Protokolldatei: MBAMsuchlauf.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.15.04
Rootkit-Datenbank: v2015.11.14.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Verena

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 503535
Abgelaufene Zeit: 1 Std., 31 Min., 4 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.SnapDo, HKU\S-1-5-21-2984353058-443001783-614742438-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [c68abfbf503b0036f3d9989846bc4bb5],
PUP.Optional.iGraal, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{240373D3-4199-4F41-BB4D-15D5B830C82D}, In Quarantäne, [2b25146a3457af87396d969d41c160a0],
PUP.Optional.iGraal, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{240373D3-4199-4F41-BB4D-15D5B830C82D}, In Quarantäne, [2b25146a3457af87396d969d41c160a0],
PUP.Optional.iGraal, HKU\S-1-5-21-2984353058-443001783-614742438-1001\SOFTWARE\APPDATALOW\SOFTWARE\iGraal, In Quarantäne, [ec648fef1c6fc17583765b1d788b8878],

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 26
PUP.Optional.iGraal, C:\Program Files\iGraal, In Quarantäne, [3a16017dbecd80b6b703cba1da2834cc],
PUP.Optional.iGraal, C:\Program Files\iGraal\Microsoft.VC90.ATL, In Quarantäne, [3a16017dbecd80b6b703cba1da2834cc],
PUP.Optional.iGraal, C:\Program Files\iGraal\Microsoft.VC90.CRT, In Quarantäne, [3a16017dbecd80b6b703cba1da2834cc],
PUP.Optional.iGraal, C:\Program Files (x86)\iGraal, In Quarantäne, [fc541767e5a694a2c0fac3a9847e1be5],
PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\Microsoft.VC90.ATL, In Quarantäne, [fc541767e5a694a2c0fac3a9847e1be5],
PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\Microsoft.VC90.CRT, In Quarantäne, [fc541767e5a694a2c0fac3a9847e1be5],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en_US, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\pt_BR, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_metadata, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N\IPCSUpdateCache, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N\IPCSUpdateCache\DesktopToolMini_global, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\InstallHelper, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\nsm13E.tmp, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\ScreenSnapshot, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\uninstall_temp_8106890, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],

Dateien: 27
PUP.Optional.PricePeep, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, In Quarantäne, [6fe15529127976c03182bbced23107f9],
PUP.Optional.PricePeep, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, In Quarantäne, [92bea8d6c8c30531b0030188ae5516ea],
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage, In Quarantäne, [e868d8a6b1dad2649f8d14956d966b95],
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal, In Quarantäne, [bc94a4dae5a66fc79696d3d6cc377987],
PUP.Optional.iGraal, C:\Program Files\iGraal\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest, In Quarantäne, [3a16017dbecd80b6b703cba1da2834cc],
PUP.Optional.iGraal, C:\Program Files\iGraal\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, In Quarantäne, [3a16017dbecd80b6b703cba1da2834cc],
PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest, In Quarantäne, [fc541767e5a694a2c0fac3a9847e1be5],
PUP.Optional.iGraal, C:\Program Files (x86)\iGraal\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, In Quarantäne, [fc541767e5a694a2c0fac3a9847e1be5],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\background.html, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\background.js, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\ga.js, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\icon_128.png, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\icon_16.png, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\main.js, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\manifest.json, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\popup.html, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\popup.js, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en\messages.json, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en_US\messages.json, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\pt_BR\messages.json, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_metadata\computed_hashes.json, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_metadata\verified_contents.json, In Quarantäne, [ef6138465f2c55e19c61631e08fa6d93],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N\conf.db, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N\IPCSUpdateCache\DesktopToolMini_global\4088144562cfdce, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N\IPCSUpdateCache\DesktopToolMini_global\40884208562cfdbd, In Quarantäne, [91bfed918902da5cd0d36123e71be31d],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\conf.db, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],
PUP.Optional.ChinAd, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\uninstall_temp_8106890\38161840562d0105, In Quarantäne, [82ce502e3e4d3bfb6341dca8a9590ff1],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

cosinus 16.11.2015 19:40
Ich seh auch jetzt erst, dass auch das Log vom adwCleaner völlig falsch ist :balla:

Stanzer 17.11.2015 11:14
Oh, die adwcleaner Log war ja gigantisch!

Hier in besser:
Code:
# AdwCleaner v5.021 - Bericht erstellt am 15/11/2015 um 23:58:25
# Aktualisiert am 14/11/2015 von Xplode
# Datenbank : 2015-11-13.3 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Verena - STANZER
# Gestartet von : C:\Users\Verena\Downloads\adwcleaner_5.021.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

*************************

C:\AdwCleaner[R1].txt - [3470 Bytes] - [18/07/2013 22:30:58]
C:\AdwCleaner[R2].txt - [1160 Bytes] - [31/07/2013 19:37:44]
C:\AdwCleaner[R3].txt - [1221 Bytes] - [31/07/2013 19:39:48]
C:\AdwCleaner[R4].txt - [1246 Bytes] - [06/08/2013 11:06:46]
C:\AdwCleaner[R5].txt - [1367 Bytes] - [07/08/2013 09:11:28]
C:\AdwCleaner[R6].txt - [1487 Bytes] - [07/08/2013 09:16:44]
C:\AdwCleaner[R7].txt - [1786 Bytes] - [15/08/2013 11:15:40]
C:\AdwCleaner[S1].txt - [3419 Bytes] - [18/07/2013 22:32:16]
C:\AdwCleaner[S10].txt - [1910 Bytes] - [15/08/2013 11:49:49]
C:\AdwCleaner[S2].txt - [1283 Bytes] - [31/07/2013 19:40:51]
C:\AdwCleaner[S3].txt - [1309 Bytes] - [06/08/2013 11:07:35]
C:\AdwCleaner[S4].txt - [1429 Bytes] - [07/08/2013 09:12:18]
C:\AdwCleaner[S5].txt - [1549 Bytes] - [07/08/2013 09:18:48]
C:\AdwCleaner[S6].txt - [2034 Bytes] - [12/08/2013 22:00:07]
C:\AdwCleaner[S7].txt - [311 Bytes] - [13/08/2013 21:47:59]
C:\AdwCleaner[S8].txt - [1728 Bytes] - [14/08/2013 09:37:19]
C:\AdwCleaner[S9].txt - [1848 Bytes] - [15/08/2013 11:16:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1882 Bytes] ##########

cosinus 17.11.2015 11:38
Lad mal bitte die aktuelle Version von JRT => https://www.malwarebytes.org/junkwareremovaltool/

(wird bei malwarebytes gehostet)

Und wiederhol den Lauf. Log wie gehabt posten


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132