http://websearch.oversearch.info

KeremTatli · 30.09.2013, 21:10

Hallo, seit ner Zeit spinnt mein Rechner...
Die Internetseiten sind langsamer geworden...
Sogar die Ordner gehen langsam auf...

Habe mir sagen lassen, dass ich ein Virus im Rechner habe, der sich in diverse Ordner versteckt
und man es nicht beliebig deinstallieren, bzw. löschen kann !

Hab versucht, dass Problem selber zu lösen, jedoch ohne Erfolg...
Kenne mich nicht soooo gut mit Pc aus !

Würde mich sehr freuen, wenn ihr mir hilft, diesen Virus aus meinem Rechner zu kicken

MEINE PROBLEME lauten:
1) hxxp://websearch.oversearch.info
2) Ads not by this site

Bedanke mir im Voraus für Eure Hilfe

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Keremino (administrator) on KEREM on 30-09-2013 22:05:05
Running from C:\Users\Veli\Downloads
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1565992 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm106Sound] - RunDll32 cm106.cpl,CMICtrlWnd
HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
MountPoints2: {45dd83b5-a2a6-11e2-8a8a-001e682e4752} - E:\AutoRun.exe
MountPoints2: {45dd83ca-a2a6-11e2-8a8a-001e682e4752} - E:\AutoRun.exe
MountPoints2: {569d3525-9b01-11e2-8d4d-001e682e4752} - E:\AutoRun.exe
MountPoints2: {569d3527-9b01-11e2-8d4d-001e682e4752} - E:\AutoRun.exe
MountPoints2: {569d3543-9b01-11e2-8d4d-001e682e4752} - E:\AutoRun.exe
MountPoints2: {569d3546-9b01-11e2-8d4d-001e682e4752} - E:\AutoRun.exe
MountPoints2: {9600f973-9d32-11e2-bd53-001e682e4752} - E:\AutoRun.exe
MountPoints2: {9600f975-9d32-11e2-bd53-001e682e4752} - E:\AutoRun.exe
MountPoints2: {9600f978-9d32-11e2-bd53-001e682e4752} - E:\AutoRun.exe
MountPoints2: {9600f9b2-9d32-11e2-bd53-001e682e4752} - E:\AutoRun.exe
MountPoints2: {9600f9b5-9d32-11e2-bd53-001e682e4752} - E:\AutoRun.exe
AppInit_DLLs:   [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1353DB05A536CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36
HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380108222358&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q={searchTerms}
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.oversearch.info/?l=1&q={searchTerms}&pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=F878001DE0866C33&affID=124776&tt=250913_nocpn&tsp=5016
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM160HI_S10UJF0S339133&ts=1377222735
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380108222358&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.oversearch.info/?l=1&q={searchTerms}&pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} hxxp://download.speakychat.com/speakyldr.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
FF user.js: detected! => C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\user.js
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=
FF NetworkProxy: "autoconfig_url", "chrome://viewtubes/content/viewtubes_false.pac"
FF NetworkProxy: "http", "98.109.199.166"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker - C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin: @segital.com/EartChat - C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\eartChat\NPEartChat.dll No File
FF Plugin: @speakychat.ch/SpeakyChatLB - C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SpeakyChatLB\NPspeakychatlb.dll No File
FF Plugin: @talkyroom.com/TalkyRoom - C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\TalkyRoom\NPTalkyRoom.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Complete YouTube Saver - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
FF Extension: jid0-c1av474BVPIHcGJfBp3GkhlhAa4 - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
FF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
FF Extension: jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
FF Extension: jid1-qj0w91o64N7Eeg - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
FF Extension: screwads - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\screwads@airtint.com.xpi
FF Extension: smarterwiki - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: stefanvandamme - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\stefanvandamme@stefanvd.net.xpi
FF Extension: YouTubeAutoReplay - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\YouTubeAutoReplay@arikv.com.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
FF Extension: No Name - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM\...\Firefox\Extensions: [{FEFE89E5-A43F-4f4b-8211-B11D91D02135}] - C:\Program Files\CoolPic - Fun Social Pictures\Firefox
FF HKLM\...\Firefox\Extensions: [{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}] - C:\Program Files\WBC Engine\Firefox
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM160HI_S10UJF0S339133&ts=1377222734

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-09-25] ()
S4 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43088 2013-05-18] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-08-24] (GFI Software)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1255296 2011-09-13] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl0e5c58ca; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{188C18EE-EB54-4F38-88AB-B196BB17403A}\MpKsl0e5c58ca.sys [40392 2013-09-30] (Microsoft Corporation)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-06-24] (Nuvoton Technology Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 22:04 - 2013-09-30 22:04 - 01086873 _____ (Farbar) C:\Users\Veli\Downloads\FRST.exe
2013-09-30 22:04 - 2013-09-30 22:04 - 00000000 ____D C:\FRST
2013-09-30 21:20 - 2013-09-30 21:41 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-09-30 21:16 - 2013-09-30 21:17 - 52176608 _____ (GridinSoft LLC) C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 21:08 - 2013-09-30 21:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 21:08 - 2013-09-30 21:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-30 21:08 - 2013-09-30 21:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-30 17:51 - 2013-09-30 17:51 - 00000000 ____D C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-30 17:50 - 2013-09-30 17:50 - 04373560 _____ (NCH Software) C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 17:49 - 2013-09-30 19:21 - 00000000 ___HD C:\Users\Veli\Desktop\VideoPadCache
2013-09-30 13:52 - 2013-09-30 13:52 - 00000056 _____ C:\Windows\setupact.log
2013-09-30 13:52 - 2013-09-30 13:52 - 00000000 _____ C:\Windows\setuperr.log
2013-09-30 13:51 - 2013-09-30 13:51 - 00001500 _____ C:\Windows\PFRO.log
2013-09-30 05:58 - 2013-09-30 05:58 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-29 23:08 - 2013-09-29 23:12 - 05425477 _____ C:\Users\Veli\Desktop\Kerem.rar
2013-09-29 22:52 - 2013-09-29 22:52 - 00000088 _____ C:\Windows\system32\8386410878598694804.log
2013-09-28 08:27 - 2013-09-28 08:28 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-26 19:25 - 2013-09-26 19:25 - 00002141 _____ C:\Users\Veli\Downloads\0B346DBFB7830BD90F12F52F673CC93F186A8AD3.torrent
2013-09-26 18:38 - 2013-09-28 06:13 - 00000062 _____ C:\Users\Veli\Desktop\Reyyan Account.txt
2013-09-26 09:23 - 2013-09-30 13:51 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-09-26 09:23 - 2013-09-30 13:51 - 00000000 ____D C:\Program Files\WebSearch
2013-09-26 09:23 - 2013-09-26 12:24 - 00000000 ____D C:\Users\Veli\AppData\Roaming\SkypEmoticons
2013-09-26 09:23 - 2013-09-26 09:23 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-26 09:22 - 2013-09-26 09:30 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-09-26 09:21 - 2013-09-30 13:51 - 00000000 ____D C:\ProgramData\DownnlOad kuEeper
2013-09-26 09:21 - 2013-09-30 13:51 - 00000000 ____D C:\Program Files\Ss.Helper
2013-09-26 09:21 - 2013-09-29 22:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-26 09:20 - 2013-09-26 09:20 - 00328384 _____ (SummerSoft) C:\Users\Veli\Downloads\jogangandotnetCrackVideopadVideoEditor.rar.exe
2013-09-25 18:30 - 2013-09-25 18:30 - 00729736 _____ C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 18:14 - 2013-09-25 18:14 - 01238384 _____ (Bitcoktail                                                  ) C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 13:45 - 2013-09-25 13:48 - 00000000 ____D C:\Users\Veli\AppData\Roaming\eType
2013-09-25 13:43 - 2013-09-25 13:43 - 00140968 _____ () C:\Users\Veli\Downloads\etypesetup.exe
2013-09-25 13:27 - 2013-09-25 13:27 - 00000000 ____D C:\Users\Veli\Documents\Free YouTube Download Manager
2013-09-25 13:27 - 2013-09-25 13:27 - 00000000 ____D C:\Users\Veli\AppData\Local\Freetec
2013-09-25 13:26 - 2013-09-25 13:27 - 00000000 ____D C:\Program Files\SoftwareUpdater
2013-09-25 13:26 - 2013-09-25 13:26 - 00000000 ____D C:\Program Files\Freetec
2013-09-25 13:24 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-25 13:23 - 2013-09-25 13:24 - 00000000 ____D C:\Users\Veli\AppData\Local\DownloadGuide
2013-09-25 13:22 - 2013-09-25 13:22 - 00729736 _____ C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 12:54 - 2013-09-25 12:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk_01009.Wdf
2013-09-25 12:47 - 2013-09-25 12:47 - 02743968 _____ (The Nielsen Company) C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-25 12:47 - 2013-09-25 12:47 - 00000878 _____ C:\nsinst.log
2013-09-25 00:50 - 2013-09-25 00:50 - 03362400 _____ (SpeakyChat LB                                               ) C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-25 00:46 - 2013-09-25 00:46 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(3).exe
2013-09-24 01:01 - 2013-09-27 22:23 - 00000000 ____D C:\Users\Veli\AppData\Roaming\vlc
2013-09-23 18:30 - 2013-09-23 18:30 - 00009216 _____ (Mozilla Corporation) C:\Users\Veli\Downloads\plugin-container.exe
2013-09-23 18:28 - 2013-09-23 18:28 - 23003252 _____ C:\Users\Veli\Downloads\vlc-2.0.8-win32(1).exe
2013-09-23 02:56 - 2013-09-23 02:56 - 00000000 ____D C:\ProgramData\Oracle
2013-09-23 02:55 - 2013-09-23 02:55 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-23 02:55 - 2013-09-23 02:54 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-23 02:54 - 2013-09-23 02:54 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-23 02:54 - 2013-09-23 02:54 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-23 02:54 - 2013-09-23 02:54 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-23 02:54 - 2013-09-23 02:54 - 00000000 ____D C:\Program Files\Java
2013-09-23 02:52 - 2013-09-23 02:52 - 00913832 _____ (Oracle Corporation) C:\Users\Veli\Downloads\jxpiinstall(1).exe
2013-09-23 02:50 - 2013-09-23 02:50 - 07912440 _____ (Adobe Systems Inc.) C:\Users\Veli\Downloads\Shockwave_Installer_Slim(2).exe
2013-09-23 01:36 - 2013-09-23 01:36 - 03897343 _____ C:\Users\Veli\Desktop\Anonim - Göçmen Kızı _ Fly mix (Karaoke).WebM
2013-09-23 01:26 - 2013-09-23 01:27 - 04739040 _____ C:\Users\Veli\Desktop\▶ Kubat - Gülüm (Karaoke).WebM
2013-09-23 01:10 - 2013-09-23 01:10 - 06197508 _____ C:\Users\Veli\Desktop\Yaşar İpek - Gitme Kal (Karaoke).WebM
2013-09-22 23:30 - 2013-09-22 23:30 - 27354536 _____ C:\Users\Veli\Desktop\TURKISH KARAOKE BEYOGLUUNDA GEZERSIIN.WebM
2013-09-22 23:24 - 2013-09-22 23:24 - 05873978 _____ C:\Users\Veli\Desktop\▶ YAVUZ BINGÖL TANRIDAN DILEDIM karaoke version.WebM
2013-09-22 04:22 - 2013-09-22 04:31 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-22 02:41 - 2013-09-22 03:23 - 70399153 _____ C:\Users\Veli\Desktop\aaaa.rar
2013-09-20 20:57 - 2013-09-20 20:58 - 16326078 _____ C:\Users\Veli\Desktop\Site Sahibi Golden....avi
2013-09-20 20:32 - 2013-09-20 20:33 - 70832120 _____ C:\Users\Veli\Desktop\Site Sahibi Golden.avi
2013-09-20 04:50 - 2013-09-20 04:50 - 00206312 __RSH C:\XELDZ
2013-09-20 04:44 - 2013-09-20 04:44 - 00000000 ____D C:\Users\Veli\Documents\Top Eleven Hack v2 2013
2013-09-20 04:41 - 2013-09-25 13:44 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-19 01:05 - 2013-09-19 01:05 - 00001624 _____ C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk
2013-09-19 01:05 - 2013-09-19 01:05 - 00000000 ____D C:\Samata Dj Efektor v4.6
2013-09-19 00:57 - 2013-09-19 01:01 - 65182837 _____ C:\Users\Veli\Downloads\Samata Dj Efektor v4.6 Setup.rar
2013-09-18 23:55 - 2013-09-18 23:55 - 00000000 ____D C:\ProgramData\Browser Manager
2013-09-18 21:43 - 2013-09-18 21:43 - 00000000 ____D C:\Users\Veli\Documents\Optimizer Pro
2013-09-14 02:50 - 2013-09-22 04:36 - 00000000 ____D C:\Users\Veli\Desktop\Karaoke
2013-09-12 10:43 - 2013-09-12 10:43 - 00000000 ____D C:\Users\Veli\Documents\VideoPad Projects
2013-09-12 03:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 03:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 03:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 03:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 03:04 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 03:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 02:48 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 02:48 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 02:48 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 02:48 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 02:48 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 02:48 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 02:48 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 02:48 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 02:48 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 23:32 - 2013-09-11 23:35 - 16295067 _____ C:\Users\Veli\Desktop\My Video - 0010.mp4
2013-09-11 22:44 - 2013-09-30 17:51 - 00001070 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2013-09-11 21:47 - 2013-09-11 21:47 - 00000052 _____ C:\Users\Veli\Desktop\kefimüzik sifre.txt
2013-09-10 07:45 - 2013-09-10 07:45 - 00795213 _____ C:\Users\Veli\Documents\Unbenannt (3).wma
2013-09-09 20:11 - 2013-09-09 20:11 - 00202533 _____ C:\Users\Veli\Documents\Unbenannt (2).wma
2013-09-07 16:58 - 2013-09-07 16:58 - 02223033 _____ C:\Users\Veli\Desktop\Kerem - Oy Turnam.wma
2013-09-07 16:38 - 2013-09-07 16:38 - 01706683 _____ C:\Users\Veli\Desktop\0.wma
2013-09-06 23:33 - 2013-09-06 23:33 - 00871543 _____ C:\Users\Veli\Desktop\Kerem - Yüregim Agir Yarali Derinden.wma
2013-09-06 22:03 - 2013-09-06 22:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-05 06:04 - 2013-09-05 06:04 - 01634843 _____ C:\Users\Veli\Desktop\Kerem - Fatiha & Bakara.wma
2013-09-04 09:42 - 2013-09-04 09:42 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(2).exe
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\Users\Veli\Downloads\Complete YouTube Saver
2013-09-04 02:16 - 2013-09-04 02:16 - 01818933 _____ C:\Users\Veli\Desktop\ezan.wma
2013-09-03 07:29 - 2013-09-03 07:29 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(1).exe
2013-09-03 05:48 - 2013-09-03 05:48 - 00098304 _____ C:\Users\Veli\fbchathistory.dat
2013-09-03 05:11 - 2013-09-03 05:11 - 23003252 _____ C:\Users\Veli\Downloads\vlc-2.0.8-win32.exe
2013-09-03 03:23 - 2013-09-03 05:03 - 00001740 _____ C:\Users\Veli\Desktop\Dualar.txt
2013-09-02 09:49 - 2013-09-02 09:50 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Veli\Downloads\Shockwave_Installer_Slim(1).exe
2013-09-02 07:02 - 2013-09-02 07:02 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Veli\Downloads\Shockwave_Installer_Slim.exe
2013-09-01 16:47 - 2013-09-01 16:47 - 01378913 _____ C:\Users\Veli\Desktop\Iste.wma
2013-09-01 07:09 - 2013-09-01 07:09 - 00000486 __RSH C:\Users\Veli\ntuser.pol
2013-09-01 06:33 - 2013-09-30 06:10 - 00000000 ____D C:\Program Files\Pamela RichMood Editor
2013-09-01 06:33 - 2013-09-01 06:33 - 00000000 ____D C:\Users\Veli\AppData\Roaming\Pamela
2013-09-01 06:25 - 2013-09-01 06:25 - 00153496 _____ C:\Users\Veli\Downloads\fasterfox-3.9.81-fx(1).zip
2013-09-01 06:24 - 2013-09-01 06:24 - 00153496 _____ C:\Users\Veli\Downloads\fasterfox-3.9.81-fx.zip
2013-09-01 06:22 - 2013-09-01 06:22 - 00118080 _____ C:\Users\Veli\Downloads\fasterfox-2.0.0-fx.zip
2013-09-01 05:34 - 2013-09-01 05:34 - 00000000 ____D C:\Windows\pss
2013-09-01 02:13 - 2013-09-01 02:13 - 00000000 ____D C:\ProgramData\Macrovision
2013-09-01 02:06 - 2013-09-01 02:06 - 01110476 _____ C:\Users\Veli\Downloads\7z920.exe
2013-09-01 02:06 - 2013-09-01 02:06 - 00000000 ____D C:\Program Files\7-Zip

==================== One Month Modified Files and Folders =======

2013-09-30 22:04 - 2013-09-30 22:04 - 01086873 _____ (Farbar) C:\Users\Veli\Downloads\FRST.exe
2013-09-30 22:04 - 2013-09-30 22:04 - 00000000 ____D C:\FRST
2013-09-30 21:41 - 2013-09-30 21:20 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-09-30 21:39 - 2013-04-11 15:51 - 00000000 ____D C:\Users\Veli\AppData\Roaming\Skype
2013-09-30 21:23 - 2013-06-08 00:23 - 00000286 _____ C:\Windows\Tasks\Dealply.job
2013-09-30 21:22 - 2013-09-30 21:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 21:17 - 2013-09-30 21:16 - 52176608 _____ (GridinSoft LLC) C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 21:08 - 2013-09-30 21:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-30 21:08 - 2013-09-30 21:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-30 19:21 - 2013-09-30 17:49 - 00000000 ___HD C:\Users\Veli\Desktop\VideoPadCache
2013-09-30 17:51 - 2013-09-30 17:51 - 00000000 ____D C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-30 17:51 - 2013-09-11 22:44 - 00001070 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2013-09-30 17:50 - 2013-09-30 17:50 - 04373560 _____ (NCH Software) C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 15:20 - 2013-04-11 12:17 - 01679512 _____ C:\Windows\WindowsUpdate.log
2013-09-30 13:59 - 2009-07-14 06:34 - 00023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 13:59 - 2009-07-14 06:34 - 00023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 13:52 - 2013-09-30 13:52 - 00000056 _____ C:\Windows\setupact.log
2013-09-30 13:52 - 2013-09-30 13:52 - 00000000 _____ C:\Windows\setuperr.log
2013-09-30 13:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-30 13:51 - 2013-09-30 13:51 - 00001500 _____ C:\Windows\PFRO.log
2013-09-30 13:51 - 2013-09-26 09:23 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-09-30 13:51 - 2013-09-26 09:23 - 00000000 ____D C:\Program Files\WebSearch
2013-09-30 13:51 - 2013-09-26 09:21 - 00000000 ____D C:\ProgramData\DownnlOad kuEeper
2013-09-30 13:51 - 2013-09-26 09:21 - 00000000 ____D C:\Program Files\Ss.Helper
2013-09-30 12:35 - 2013-08-28 16:34 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-09-30 06:10 - 2013-09-01 06:33 - 00000000 ____D C:\Program Files\Pamela RichMood Editor
2013-09-30 06:10 - 2013-04-17 20:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-30 05:58 - 2013-09-30 05:58 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-29 23:12 - 2013-09-29 23:08 - 05425477 _____ C:\Users\Veli\Desktop\Kerem.rar
2013-09-29 22:52 - 2013-09-29 22:52 - 00000088 _____ C:\Windows\system32\8386410878598694804.log
2013-09-29 22:52 - 2013-09-26 09:21 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-29 03:56 - 2010-11-20 23:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 08:29 - 2013-04-05 22:15 - 00000000 ____D C:\ProgramData\SpeakyChat
2013-09-28 08:28 - 2013-09-28 08:27 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-28 06:13 - 2013-09-26 18:38 - 00000062 _____ C:\Users\Veli\Desktop\Reyyan Account.txt
2013-09-27 22:23 - 2013-09-24 01:01 - 00000000 ____D C:\Users\Veli\AppData\Roaming\vlc
2013-09-26 23:26 - 2013-04-01 09:30 - 00000000 ___RD C:\Users\Veli\Desktop\Privat
2013-09-26 19:25 - 2013-09-26 19:25 - 00002141 _____ C:\Users\Veli\Downloads\0B346DBFB7830BD90F12F52F673CC93F186A8AD3.torrent
2013-09-26 12:24 - 2013-09-26 09:23 - 00000000 ____D C:\Users\Veli\AppData\Roaming\SkypEmoticons
2013-09-26 09:30 - 2013-09-26 09:22 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-09-26 09:23 - 2013-09-26 09:23 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-26 09:20 - 2013-09-26 09:20 - 00328384 _____ (SummerSoft) C:\Users\Veli\Downloads\jogangandotnetCrackVideopadVideoEditor.rar.exe
2013-09-26 03:31 - 2013-04-11 16:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-25 18:30 - 2013-09-25 18:30 - 00729736 _____ C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 18:14 - 2013-09-25 18:14 - 01238384 _____ (Bitcoktail                                                  ) C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 13:48 - 2013-09-25 13:45 - 00000000 ____D C:\Users\Veli\AppData\Roaming\eType
2013-09-25 13:44 - 2013-09-20 04:41 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-25 13:43 - 2013-09-25 13:43 - 00140968 _____ () C:\Users\Veli\Downloads\etypesetup.exe
2013-09-25 13:27 - 2013-09-25 13:27 - 00000000 ____D C:\Users\Veli\Documents\Free YouTube Download Manager
2013-09-25 13:27 - 2013-09-25 13:27 - 00000000 ____D C:\Users\Veli\AppData\Local\Freetec
2013-09-25 13:27 - 2013-09-25 13:26 - 00000000 ____D C:\Program Files\SoftwareUpdater
2013-09-25 13:26 - 2013-09-25 13:26 - 00000000 ____D C:\Program Files\Freetec
2013-09-25 13:24 - 2013-09-25 13:23 - 00000000 ____D C:\Users\Veli\AppData\Local\DownloadGuide
2013-09-25 13:24 - 2013-08-11 06:56 - 00000975 _____ C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-25 13:22 - 2013-09-25 13:22 - 00729736 _____ C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 12:54 - 2013-09-25 12:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk_01009.Wdf
2013-09-25 12:47 - 2013-09-25 12:47 - 02743968 _____ (The Nielsen Company) C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-25 12:47 - 2013-09-25 12:47 - 00000878 _____ C:\nsinst.log
2013-09-25 00:50 - 2013-09-25 00:50 - 03362400 _____ (SpeakyChat LB                                               ) C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-25 00:46 - 2013-09-25 00:46 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(3).exe
2013-09-24 02:07 - 2013-04-09 16:06 - 00000000 ____D C:\Windows\Minidump
2013-09-23 18:30 - 2013-09-23 18:30 - 00009216 _____ (Mozilla Corporation) C:\Users\Veli\Downloads\plugin-container.exe
2013-09-23 18:28 - 2013-09-23 18:28 - 23003252 _____ C:\Users\Veli\Downloads\vlc-2.0.8-win32(1).exe
2013-09-23 03:26 - 2013-04-01 12:57 - 00000000 ____D C:\Users\Veli\AppData\Local\Adobe
2013-09-23 02:56 - 2013-09-23 02:56 - 00000000 ____D C:\ProgramData\Oracle
2013-09-23 02:55 - 2013-09-23 02:55 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-23 02:54 - 2013-09-23 02:55 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-23 02:54 - 2013-09-23 02:54 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-23 02:54 - 2013-09-23 02:54 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-23 02:54 - 2013-09-23 02:54 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-23 02:54 - 2013-09-23 02:54 - 00000000 ____D C:\Program Files\Java
2013-09-23 02:54 - 2013-08-30 15:18 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-23 02:54 - 2013-08-30 15:18 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-23 02:52 - 2013-09-23 02:52 - 00913832 _____ (Oracle Corporation) C:\Users\Veli\Downloads\jxpiinstall(1).exe
2013-09-23 02:50 - 2013-09-23 02:50 - 07912440 _____ (Adobe Systems Inc.) C:\Users\Veli\Downloads\Shockwave_Installer_Slim(2).exe
2013-09-23 01:36 - 2013-09-23 01:36 - 03897343 _____ C:\Users\Veli\Desktop\Anonim - Göçmen Kızı _ Fly mix (Karaoke).WebM
2013-09-23 01:27 - 2013-09-23 01:26 - 04739040 _____ C:\Users\Veli\Desktop\▶ Kubat - Gülüm (Karaoke).WebM
2013-09-23 01:10 - 2013-09-23 01:10 - 06197508 _____ C:\Users\Veli\Desktop\Yaşar İpek - Gitme Kal (Karaoke).WebM
2013-09-22 23:30 - 2013-09-22 23:30 - 27354536 _____ C:\Users\Veli\Desktop\TURKISH KARAOKE BEYOGLUUNDA GEZERSIIN.WebM
2013-09-22 23:24 - 2013-09-22 23:24 - 05873978 _____ C:\Users\Veli\Desktop\▶ YAVUZ BINGÖL TANRIDAN DILEDIM karaoke version.WebM
2013-09-22 04:39 - 2013-08-22 16:27 - 00000000 ____D C:\ProgramData\eSafe
2013-09-22 04:36 - 2013-09-14 02:50 - 00000000 ____D C:\Users\Veli\Desktop\Karaoke
2013-09-22 04:31 - 2013-09-22 04:22 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-22 03:23 - 2013-09-22 02:41 - 70399153 _____ C:\Users\Veli\Desktop\aaaa.rar
2013-09-20 20:58 - 2013-09-20 20:57 - 16326078 _____ C:\Users\Veli\Desktop\Site Sahibi Golden....avi
2013-09-20 20:33 - 2013-09-20 20:32 - 70832120 _____ C:\Users\Veli\Desktop\Site Sahibi Golden.avi
2013-09-20 19:33 - 2013-04-11 12:15 - 00000000 ____D C:\Users\Veli
2013-09-20 18:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-20 04:50 - 2013-09-20 04:50 - 00206312 __RSH C:\XELDZ
2013-09-20 04:44 - 2013-09-20 04:44 - 00000000 ____D C:\Users\Veli\Documents\Top Eleven Hack v2 2013
2013-09-19 01:05 - 2013-09-19 01:05 - 00001624 _____ C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk
2013-09-19 01:05 - 2013-09-19 01:05 - 00000000 ____D C:\Samata Dj Efektor v4.6
2013-09-19 01:01 - 2013-09-19 00:57 - 65182837 _____ C:\Users\Veli\Downloads\Samata Dj Efektor v4.6 Setup.rar
2013-09-18 23:55 - 2013-09-18 23:55 - 00000000 ____D C:\ProgramData\Browser Manager
2013-09-18 21:43 - 2013-09-18 21:43 - 00000000 ____D C:\Users\Veli\Documents\Optimizer Pro
2013-09-18 00:22 - 2011-05-28 18:27 - 00000000 ____D C:\Windows\Panther
2013-09-12 20:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-12 19:25 - 2009-07-14 06:33 - 01615200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 10:43 - 2013-09-12 10:43 - 00000000 ____D C:\Users\Veli\Documents\VideoPad Projects
2013-09-12 03:03 - 2013-08-15 03:08 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:00 - 2011-05-28 17:40 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 23:35 - 2013-09-11 23:32 - 16295067 _____ C:\Users\Veli\Desktop\My Video - 0010.mp4
2013-09-11 22:44 - 2013-04-01 01:00 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-11 22:44 - 2013-04-01 01:00 - 00000000 ____D C:\Program Files\NCH Software
2013-09-11 22:44 - 2013-04-01 00:59 - 00000000 ____D C:\Users\Veli\AppData\Roaming\NCH Software
2013-09-11 21:47 - 2013-09-11 21:47 - 00000052 _____ C:\Users\Veli\Desktop\kefimüzik sifre.txt
2013-09-10 07:45 - 2013-09-10 07:45 - 00795213 _____ C:\Users\Veli\Documents\Unbenannt (3).wma
2013-09-09 20:11 - 2013-09-09 20:11 - 00202533 _____ C:\Users\Veli\Documents\Unbenannt (2).wma
2013-09-07 16:58 - 2013-09-07 16:58 - 02223033 _____ C:\Users\Veli\Desktop\Kerem - Oy Turnam.wma
2013-09-07 16:38 - 2013-09-07 16:38 - 01706683 _____ C:\Users\Veli\Desktop\0.wma
2013-09-06 23:33 - 2013-09-06 23:33 - 00871543 _____ C:\Users\Veli\Desktop\Kerem - Yüregim Agir Yarali Derinden.wma
2013-09-06 22:03 - 2013-09-06 22:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-05 06:04 - 2013-09-05 06:04 - 01634843 _____ C:\Users\Veli\Desktop\Kerem - Fatiha & Bakara.wma
2013-09-04 09:42 - 2013-09-04 09:42 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(2).exe
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\Users\Veli\Downloads\Complete YouTube Saver
2013-09-04 02:16 - 2013-09-04 02:16 - 01818933 _____ C:\Users\Veli\Desktop\ezan.wma
2013-09-03 07:29 - 2013-09-03 07:29 - 02681224 _____ (avidoNET GmbH) C:\Users\Veli\Downloads\speakychatinstall(1).exe
2013-09-03 06:18 - 2013-06-30 23:09 - 00000000 ___RD C:\Sandbox
2013-09-03 05:48 - 2013-09-03 05:48 - 00098304 _____ C:\Users\Veli\fbchathistory.dat
2013-09-03 05:17 - 2013-06-13 16:26 - 00000000 ____D C:\Users\Veli\AppData\Local\benimolsun.com
2013-09-03 05:11 - 2013-09-03 05:11 - 23003252 _____ C:\Users\Veli\Downloads\vlc-2.0.8-win32.exe
2013-09-03 05:03 - 2013-09-03 03:23 - 00001740 _____ C:\Users\Veli\Desktop\Dualar.txt
2013-09-02 09:50 - 2013-09-02 09:49 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Veli\Downloads\Shockwave_Installer_Slim(1).exe
2013-09-02 07:02 - 2013-09-02 07:02 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Veli\Downloads\Shockwave_Installer_Slim.exe
2013-09-01 16:47 - 2013-09-01 16:47 - 01378913 _____ C:\Users\Veli\Desktop\Iste.wma
2013-09-01 07:09 - 2013-09-01 07:09 - 00000486 __RSH C:\Users\Veli\ntuser.pol
2013-09-01 07:08 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-09-01 06:33 - 2013-09-01 06:33 - 00000000 ____D C:\Users\Veli\AppData\Roaming\Pamela
2013-09-01 06:25 - 2013-09-01 06:25 - 00153496 _____ C:\Users\Veli\Downloads\fasterfox-3.9.81-fx(1).zip
2013-09-01 06:24 - 2013-09-01 06:24 - 00153496 _____ C:\Users\Veli\Downloads\fasterfox-3.9.81-fx.zip
2013-09-01 06:22 - 2013-09-01 06:22 - 00118080 _____ C:\Users\Veli\Downloads\fasterfox-2.0.0-fx.zip
2013-09-01 05:34 - 2013-09-01 05:34 - 00000000 ____D C:\Windows\pss
2013-09-01 02:16 - 2013-06-09 03:37 - 00000000 ____D C:\Users\Veli\AppData\Local\Macromedia
2013-09-01 02:16 - 2013-04-11 13:17 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-01 02:13 - 2013-09-01 02:13 - 00000000 ____D C:\ProgramData\Macrovision
2013-09-01 02:13 - 2013-04-11 16:10 - 00000000 ____D C:\Users\Veli\AppData\Roaming\Macromedia
2013-09-01 02:06 - 2013-09-01 02:06 - 01110476 _____ C:\Users\Veli\Downloads\7z920.exe
2013-09-01 02:06 - 2013-09-01 02:06 - 00000000 ____D C:\Program Files\7-Zip

Files to move or delete:
====================
C:\Users\Veli\fbchathistory.dat


Some content of TEMP:
====================
C:\Users\Veli\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-24 21:48

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by Keremino at 2013-09-30 22:06:06
Running from C:\Users\Veli\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20
Acer Crystal Eye Webcam (Version: 5.2.7.1)
AdblockIE (Version: 1.2)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
CCleaner (Version: 4.04)
Creative Audio-Systemsteuerung (Version: 3.00)
Debut Video Capture Software
Free YouTube Download version 3.2.3.610 (Version: 3.2.3.610)
Free YouTube to MP3 Converter version 3.12.3.610 (Version: 3.12.3.610)
Gamesurround Muse Pocket
HyperCam 2 (Version: 2.27.01)
Jasc Animation Shop 3 (Version: 3.05.0000)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Nuvoton CIR Device Driver (Version: 8.60.1000)
NVIDIA Drivers (Version: 1.7)
Opera 12.15 (Version: 12.15.1748)
Pavtube Video Converter version 3.5.1.2185
PhotoScape
RICOH R5U8xx Media Driver ver.3.62.02 (Version: 3.62.02)
Skype™ 6.6 (Version: 6.6.106)
SplitCam (Version: 5.4.6.0)
SWFText
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
TeamViewer 8 (Version: 8.0.20768)
Ulead GIF Animator 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
USB Multi-Channel Audio Device
VideoPad Video Editor (Version: 3.14)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
YTD Video Downloader 4.0 (Version: 4.0)

==================== Restore Points  =========================

25-09-2013 11:25:02 Free YouTube Download Manager
25-09-2013 11:33:21 Free YouTube Download Manager
25-09-2013 16:31:43 Free YouTube Download Manager
25-09-2013 16:37:02 Free YouTube Download Manager
28-09-2013 14:06:46 Windows Update
30-09-2013 04:00:58 Installed SpyHunter
30-09-2013 10:34:06 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-09-20 04:50 - 00000864 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com

==================== Scheduled Tasks (whitelisted) =============

Task: {17882981-A36A-4648-A2AE-D50604145B11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {2B9AA71B-02BC-4F6C-ADD4-BB46A5080F81} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe
Task: {2F3FFE9F-6536-4B6E-8DD4-8134D10EBC53} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {607639B1-E3AE-47A9-8CE8-1F4B37F7E83E} - System32\Tasks\EPUpdater => C:\Users\Veli\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {758E7CEB-2791-4AC0-BF82-D3FE17F8EDCD} - System32\Tasks\NCH Software\DebutReminder => C:\Program Files\NCH Software\Debut\Debut.exe [2013-03-07] (NCH Software)
Task: {821C5474-9955-49A2-B9B2-DAFB64F0D181} - System32\Tasks\4581 => C:\Users\Veli\AppData\Local\Temp\launchie.vbsC:\Users\Veli\AppData\Local\Temp\launchie.vbs //B
Task: {89727239-3E6C-437D-8A79-F7ABF218E422} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {9B960702-51D7-4993-A736-9093A6E9C943} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-08-26] ()
Task: {ADB48586-1A57-491F-9F3C-8FDD561A618A} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe
Task: {B9B80BD7-A927-43AE-A3DC-086675DC6034} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30] (Adobe Systems Incorporated)
Task: {C6FE3B67-67F4-4C87-A610-A48CAE58591A} - System32\Tasks\Dealply => C:\Users\Veli\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-06-08] ()
Task: {CFB27B75-3933-47F0-9205-18F347BB1E10} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-09-25] ()
Task: {FD1F9EDD-4BC9-4D87-9037-82EB182DA317} - System32\Tasks\0 => Iexplore.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Veli\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE

==================== Loaded Modules (whitelisted) =============

2013-04-05 18:48 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2013-04-05 18:48 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2012-02-24 09:50 - 2012-02-24 09:50 - 00094208 _____ () C:\Program Files\SplitCam\SplitCamFilter.ax
2012-01-03 09:03 - 2012-01-03 09:03 - 00876544 _____ () C:\Program Files\SplitCam\cv110.dll
2012-01-03 09:03 - 2012-01-03 09:03 - 00958464 _____ () C:\Program Files\SplitCam\cxcore110.dll
2012-01-03 09:03 - 2012-01-03 09:03 - 00630784 _____ () C:\Program Files\SplitCam\highgui110.dll
2013-06-09 03:33 - 2013-08-22 15:32 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-10 19:27 - 2013-09-30 21:08 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9F5DDD64

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2013 09:07:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc1d5
Name des fehlerhaften Moduls: NPSWF32_11_8_800_168.dll, Version: 11.8.800.168, Zeitstempel: 0x52223de3
Ausnahmecode: 0x80000003
Fehleroffset: 0x00343e9d
ID des fehlerhaften Prozesses: 0x1044
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (09/30/2013 09:07:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017e40
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_168.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe2
Berichtskennung: FlashPlayerPlugin_11_8_800_168.exe3

Error: (09/30/2013 01:53:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2013 07:15:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2013 07:14:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: MSACM32.DLL, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bda4e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004d91
ID des fehlerhaften Prozesses: 0xb6c
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (09/29/2013 06:15:00 PM) (Source: OptimizerProUpdater) (User: )
Description: URLMON download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed BINDSTATUS=2 (12029)

Error: (09/29/2013 06:14:39 PM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed 5:-2147012894 (null)

Error: (09/29/2013 05:42:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16686, Zeitstempel: 0x52058cf0
Name des fehlerhaften Moduls: msf266A.tmp_unloaded, Version: 0.0.0.0, Zeitstempel: 0x517e80d8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0f9d0e68
ID des fehlerhaften Prozesses: 0x170c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (09/29/2013 00:51:33 PM) (Source: OptimizerProUpdater) (User: )
Description: URLMON download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed BINDSTATUS=2 (12029)

Error: (09/29/2013 00:51:12 PM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed 5:-2147012894 (null)


System errors:
=============
Error: (09/30/2013 04:00:38 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/29/2013 07:13:38 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎09.‎2013 um 19:12:12 unerwartet heruntergefahren.

Error: (09/29/2013 02:15:42 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/28/2013 03:11:07 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/26/2013 07:37:11 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (09/26/2013 03:27:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update LemurLeap" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/25/2013 01:24:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Wsys Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/24/2013 03:57:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (09/24/2013 07:07:50 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/24/2013 02:08:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (09/30/2013 09:07:43 PM) (Source: Application Error)(User: )
Description: plugin-container.exe23.0.1.4974520bc1d5NPSWF32_11_8_800_168.dll11.8.800.16852223de38000000300343e9d104401cebe101c4458e7C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll9520930b-2a03-11e3-b4c6-001e682e4752

Error: (09/30/2013 09:07:40 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_8_800_168.exe11.8.800.16852223bb7FlashPlayerPlugin_11_8_800_168.exe11.8.800.16852223bb74000001500017e40107c01cebe101c5dfbc7C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe934c1a4f-2a03-11e3-b4c6-001e682e4752

Error: (09/30/2013 01:53:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2013 07:15:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2013 07:14:37 PM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7MSACM32.DLL6.1.7600.163854a5bda4ec000000500004d91b6c01cebd37591eb334C:\Windows\system32\DllHost.exeC:\Windows\system32\MSACM32.DLL9da6a17f-292a-11e3-b4d2-001e682e4752

Error: (09/29/2013 06:15:00 PM) (Source: OptimizerProUpdater)(User: )
Description: URLMON download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed BINDSTATUS=2 (12029)

Error: (09/29/2013 06:14:39 PM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed 5:-2147012894 (null)

Error: (09/29/2013 05:42:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1668652058cf0msf266A.tmp_unloaded0.0.0.0517e80d8c00000050f9d0e68170c01cebd19106bf04aC:\Program Files\Internet Explorer\iexplore.exemsf266A.tmpc5719f6d-291d-11e3-b4f2-001e682e4752

Error: (09/29/2013 00:51:33 PM) (Source: OptimizerProUpdater)(User: )
Description: URLMON download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed BINDSTATUS=2 (12029)

Error: (09/29/2013 00:51:12 PM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bj%2BVmsv%2BxztvDUKWLkLKiGVK2xOT%2BvsqNFnrLPk9sSYR5gRRWGNY%2BQ%2FX3GADAxjuT%2BQJIYdZpo3VMz4iSSmSr0O1A6qr3p7upDo%2Bx3TgJ%2FV3Jnhtb9Ag7dKjCvTupm8OHniF4tFz5rcHYXKvDSyBNkLo5Y2FN3x%2Bxk0omxNk5vSwnUjDJ5OMKNEbks%2BBH2V6lR0s%2BI0hWkne5GzDkUY59jmWIpDp5TmV%2BYGUGAglS3O9byPgrAHMh3MoJmiNu4ac1xN4pkfbJG3u134rDIJ0hEoxVMKUxC%2FnMWlhF1FSsK26iLWmWJn%2BXGB7QKpIxyzE8%2BRjjSISTBCcvSxUnPuKrvVKhDiMrVI5G7s2l0eoiRXIljxPMR5v3VzQqELRTgR04sugrfcNybMarfqF5yfBi9VTnPVyIWDDxKNQpUOviDEWZa40sz2sRoDo52TNUWJGFQlZxA2lhOcFJh1h0Ww8yYcyMfoE4mkHy35FcaBRFafIiOkPzxfkynDmd51G54ojTYtSEqWTdygsah5 failed 5:-2147012894 (null)


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3070.43 MB
Available physical RAM: 1472.85 MB
Total Pagefile: 6139.15 MB
Available Pagefile: 4537.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.57 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:149.04 GB) (Free:109.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 12B012AF)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

smeenk · 01.10.2013, 08:25

Ich bin smeenk und ich werde versuchen dir zu helfen

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.

Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:

Code:

ATTFilter

firefoxlook;
filesrcm;
{33BB0A4E-99AF-4226-BDF6-49120163DE86};c
{BB74DE59-BC4C-4172-9AC4-73315F71CFFE};c
{006ee092-9658-4fd6-bd8e-a21a348e59f5};c
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9};c
{afdbddaa-5d3f-42ee-b79c-185a7020515b};c
{ae07101b-46d4-4a98-af68-0333ea26e113};c
C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Ask.xml;f
C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\babylon.xml;f
C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Web Search.xml;f
C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\WebSearch.xml;f
C:\Program Files\mozilla firefox\searchplugins\Ask.xml;f
C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml;f
C:\Program Files\mozilla firefox\searchplugins\qvo6.xml;f
C:\Program Files\mozilla firefox\searchplugins\Web Search.xml;f
C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml;f
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser;f
C:\Program Files\WBC Engine;fs
SystemStoreService;s
WsysSvc;s
C:\Users\Veli\AppData\Local\DownloadGuide;fs
C:\Windows\System32\Tasks\EPUpdater;f
C:\Program Files\CoolPic - Fun Social Pictures;fs
C:\Windows\System32\Tasks\4581;f
C:\Windows\System32\Tasks\Software Updater;f
C:\Windows\System32\Tasks\YourFile DownloaderUpdate;f
C:\Program Files\YourFileDownloader;fs
C:\Windows\System32\Tasks\Dealply;f
C:\Windows\System32\Tasks\Software Updater Ui;f
C:\Windows\System32\Tasks\0;f
C:\Windows\Tasks\Dealply.job;f
C:\Users\Veli\AppData\Roaming\Dealply;fs
iedefaults;http://www.google.de
ffdefaults;http://www.google.de
C:\ProgramData\DSearchLink;fs
C:\ProgramData\Browser Manager;fs
C:\Users\Veli\Documents\Optimizer Pro;fs
C:\ProgramData\SearchNewTab;fs
C:\Program Files\WebSearch;fs
C:\ProgramData\SummerSoft;fs
C:\Program Files\Optimizer Pro;fs
C:\ProgramData\DownnlOad kuEeper;fs
C:\Program Files\Ss.Helper;fs
C:\ProgramData\InstallMate;fs
C:\Users\Veli\Downloads\jogangandotnetCrackVideopadVideoEditor.rar.exe;f
C:\Users\Veli\AppData\Roaming\eType;fs
C:\Users\Veli\Downloads\etypesetup.exe;f
installedprogs;
chromelook;
startupall;

Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

KeremTatli · 01.10.2013, 17:06

Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by Keremino on 01.10.2013 at 15:39:19,34.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Veli\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Script inserted]

==== System Restore Info ======================

01.10.2013 15:42:48 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Installed Programs ======================

7-Zip 9.20
Acer Crystal Eye Webcam
AdblockIE
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04) - Deutsch
CCleaner
Creative Audio-Systemsteuerung
Debut Video Capture Software
Free YouTube Download version 3.2.3.610
Free YouTube to MP3 Converter version 3.12.3.610
Gamesurround Muse Pocket
HyperCam 2
Jasc Animation Shop 3
Java 7 Update 40
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0.1 (x86 de)
Nuvoton CIR Device Driver
NVIDIA Drivers
Opera 12.15
Pavtube Video Converter version 3.5.1.2185
PhotoScape
RICOH R5U8xx Media Driver ver.3.62.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SkypeT 6.6
SplitCam
SWFText
swMSM
Synaptics Pointing Device Driver
TeamViewer 8
Ulead GIF Animator 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
USB Multi-Channel Audio Device
VideoPad Video Editor
WinRAR 4.20 (32-Bit)
YTD Video Downloader 4.0

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\prefs.js:
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.de");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36");
user_pref("browser.search.defaulturl", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=");
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("keyword.URL", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\prefs.js:

Deleted from C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\prefs.js:
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\prefs.js:

==== Deleting Files \ Folders ======================

"C:\Program Files\WBC Engine" not found
"C:\Program Files\YourFileDownloader" not found
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Ask.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\babylon.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Web Search.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\WebSearch.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\Ask.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\qvo6.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\Web Search.xml" deleted
"C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml" deleted
"C:\Windows\System32\Tasks\Desk 365 RunAsStdUser" deleted
"C:\Windows\System32\Tasks\EPUpdater" deleted
"C:\Windows\System32\Tasks\4581" deleted
"C:\Windows\System32\Tasks\Software Updater" deleted
"C:\Windows\System32\Tasks\YourFile DownloaderUpdate" deleted
"C:\Windows\System32\Tasks\Dealply" deleted
"C:\Windows\System32\Tasks\Software Updater Ui" deleted
"C:\Windows\System32\Tasks\0" deleted
"C:\Windows\Tasks\Dealply.job" deleted
"C:\Users\Veli\Downloads\jogangandotnetCrackVideopadVideoEditor.rar.exe" deleted
"C:\Users\Veli\Downloads\etypesetup.exe" deleted
"C:\Users\Veli\AppData\Local\DownloadGuide" deleted
"C:\Program Files\CoolPic - Fun Social Pictures" deleted
"C:\Users\Veli\AppData\Roaming\Dealply" deleted
"C:\ProgramData\DSearchLink" deleted
"C:\ProgramData\Browser Manager" deleted
"C:\Users\Veli\Documents\Optimizer Pro" deleted
"C:\ProgramData\SearchNewTab" deleted
"C:\Program Files\WebSearch" deleted
"C:\ProgramData\SummerSoft" deleted
"C:\Program Files\Optimizer Pro" deleted
"C:\ProgramData\DownnlOad kuEeper" deleted
"C:\Program Files\Ss.Helper" deleted
"C:\ProgramData\InstallMate" deleted
"C:\Users\Veli\AppData\Roaming\eType" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-09-25 11:24:28 1B2CE85F36F5BB6DEC7AE685978DB825 32328 ----a-w- C:\Windows\Launcher.exe
====== C:\Users\Veli\AppData\Local\Temp ====
2013-09-30 03:58:48 09869C37B1CAE90A6275D4DE0E91D099 45868112 ----a-w- C:\Users\Veli\AppData\Local\Temp\SHSetup.exe
====== Java Cache =====
2013-09-08 19:55:05 5FD0F92A70CF369EC5B687D9C56531BC 17530 ----a-w- C:\Users\Veli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\2ea66e94-506a0138
====== C:\Windows\system32 =====
2013-09-30 19:08:47 4CAC856E64F96C6949B0931964F9EE42 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2013-09-30 19:08:46 184021B2B95F3BE1B8FD7EA4F8F23C38 71048 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-23 00:55:12 ACA17F8E1F9E8891DE15E2527D8D74D0 264616 ----a-w- C:\Windows\System32\javaws.exe
2013-09-23 00:54:58 EC94122E6DCB6E731D8513A89AC9CF12 175016 ----a-w- C:\Windows\System32\javaw.exe
2013-09-23 00:54:58 EC2A0F271C0FD4AD57B137845577F539 175016 ----a-w- C:\Windows\System32\java.exe
2013-09-23 00:54:58 65F0FBCDBBA20FC4B0DADCA922150A99 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-09-25 10:54:13 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
2013-09-12 00:48:47 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-06 20:03:00 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2013-09-30 19:08:48 5B12B28D98BF11F73A1C467764AAF0D4 884 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 19:08:48 35FF0B400A83D1EE852F416D9A56632E 3822 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater
2013-09-20 03:33:36 8CFC135F4BDE75CF76B6A2925910A8C0 3414 ----a-w- C:\Windows\system32\Tasks\{4CFD8C3F-62D5-42F7-B501-E5C559EE202A}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-30 19:20:24 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2013-09-25 11:26:33 -------- d-----w- C:\Program Files\SoftwareUpdater
2013-09-25 11:26:31 -------- d-----w- C:\Program Files\Freetec
2013-09-23 00:55:27 -------- d-----w- C:\Program Files\Common Files\Java
2013-09-23 00:54:40 -------- d-----w- C:\Program Files\Java
======= C: =====
2013-09-20 02:50:26 68DA3EA204996EC4B63A9568B5D99C25 206312 --sh--r- C:\XELDZ
====== C:\Users\Veli\AppData\Roaming ======
2013-09-30 15:51:36 -------- d-----w- C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-26 07:23:22 -------- d-----w- C:\Users\Veli\AppData\Roaming\SkypEmoticons
2013-09-25 11:27:25 -------- d-----w- C:\Users\Veli\AppData\Local\Freetec
2013-09-25 11:23:42 -------- d-----w- C:\Users\Veli\AppData\Locallow\SimplyTech
2013-09-23 23:01:12 -------- d-----w- C:\Users\Veli\AppData\Roaming\vlc
2013-09-18 19:37:49 -------- d-----w- C:\Users\Veli\AppData\Locallow\DataMngr
2013-09-18 19:37:45 -------- d-----w- C:\Users\Veli\AppData\Local\Programs
====== C:\Users\Veli ======
2013-09-30 20:04:16 E8DD5929CDAA01730F7C536D044F1389 1086873 ----a-w- C:\Users\Veli\Downloads\FRST.exe
2013-09-30 19:16:13 50A05EDC87893F62268E374C19BFBEB3 52176608 ----a-w- C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 15:50:53 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 03:58:37 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-28 06:27:57 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-25 16:30:55 9A9B114CBD554C4A1BF9E2FCAB08B460 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 16:14:44 FAC0845F41DC78C51B12AC090379B344 1238384 ----a-w- C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 11:22:57 86BA054C43FA55D6CA581EFA6772DA1C 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 10:47:04 A509EB9A2388D2A329B9847E8D66FC2C 2743968 ----a-w- C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-24 22:50:48 FEAFF13AD04D5D945EF13587E92C3336 3362400 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-24 22:46:29 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(3).exe
2013-09-23 16:30:55 1A31EC98651A9176A3669459F2EDFB78 9216 ----a-w- C:\Users\Veli\Downloads\plugin-container.exe
2013-09-23 16:28:23 B22198403FFEAF57BE49FF5A08DA1EF4 23003252 ----a-w- C:\Users\Veli\Downloads\vlc-2.0.8-win32(1).exe
2013-09-23 00:56:15 -------- d-----w- C:\ProgramData\Oracle
2013-09-23 00:54:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2013-09-23 00:52:28 2755BAEDEB84972D1621B9166CE29B0B 913832 ----a-w- C:\Users\Veli\Downloads\jxpiinstall(1).exe
2013-09-23 00:50:20 A4022823CFBF2C1A97BD01CCF7FE976C 7912440 ----a-w- C:\Users\Veli\Downloads\Shockwave_Installer_Slim(2).exe
2013-09-20 17:33:19 -------- d-----w- C:\Users\Veli\Videos
2013-09-18 19:38:31 -------- d-----w- C:\Users\Veli\Local Settings
2013-09-11 20:44:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-03 03:48:43 74E7F684F2198114E4AE1F6524A1653C 98304 ----a-w- C:\Users\Veli\fbchathistory.dat

====== C: exe-files ==
2013-09-30 20:04:46 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L213I0D\FRST[1].exe
2013-09-30 20:04:16 E8DD5929CDAA01730F7C536D044F1389 1086873 ----a-w- C:\Users\Veli\Downloads\FRST.exe
2013-09-30 19:16:13 50A05EDC87893F62268E374C19BFBEB3 52176608 ----a-w- C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 19:08:47 4CAC856E64F96C6949B0931964F9EE42 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2013-09-30 15:51:36 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Program Files\NCH Software\VideoPad\videopadsetup_v3.14.exe
2013-09-30 15:50:53 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 10:34:32 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla18.exe
2013-09-30 03:58:48 09869C37B1CAE90A6275D4DE0E91D099 45868112 ----a-w- C:\Users\Veli\AppData\Local\Temp\SHSetup.exe
2013-09-30 03:58:37 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-28 06:27:57 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-26 07:27:28 01E1B94A8C0011F206DF0C997EA287F4 165 ----a-w- C:\$Recycle.Bin\S-1-5-21-3610243647-955691083-3180197658-1000\$RSN6AFQ\Crack VideoPad Video Editor.exe
2013-09-26 07:23:47 A8E982D615D2FFD066F591B6E4EABBE0 5842336 ----a-w- C:\Users\Veli\AppData\Roaming\SkypEmoticons\SE.exe
2013-09-25 16:30:55 9A9B114CBD554C4A1BF9E2FCAB08B460 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 16:14:44 FAC0845F41DC78C51B12AC090379B344 1238384 ----a-w- C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 11:27:22 4D52CFCFF7AA93ED16461705B5131235 74752 ----a-w- C:\Program Files\SoftwareUpdater\Maintenance.exe
2013-09-25 11:27:09 87E0F79093A22946A9D1ED1DF2F284C9 902144 ----a-w- C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe
2013-09-25 11:26:54 9D40AC2003DCA9F045181241C2BF47A2 296448 ----a-w- C:\Program Files\SoftwareUpdater\SystemStore.exe
2013-09-25 11:26:37 5CF463EA5AD05F5DE0BB5BBA6AA2092C 6656 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}\chrome\bin\cmdproxy.exe
2013-09-25 11:24:28 1B2CE85F36F5BB6DEC7AE685978DB825 32328 ----a-w- C:\Windows\Launcher.exe
2013-09-25 11:22:57 86BA054C43FA55D6CA581EFA6772DA1C 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 10:47:04 A509EB9A2388D2A329B9847E8D66FC2C 2743968 ----a-w- C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-24 22:50:48 FEAFF13AD04D5D945EF13587E92C3336 3362400 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-24 22:46:29 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(3).exe
=== C: other files ==
2013-10-01 04:30:30 642DB546B8E5380410C4B110C222E13F 79139 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPKEMNJ\de_DE[1].zip
2013-10-01 04:30:07 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XDS773D\flXHR[1].vbs
2013-09-29 21:02:39 51555013F2F820E6A20E991E754752D8 123385 ----a-w- C:\Users\Veli\AppData\Local\Temp\tmp-ifv.xpi
2013-09-25 11:26:35 F28E6D902D5782720F216207ECFBC07F 18753 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
2013-09-25 11:26:35 ED10614EC981DB30789CC7EC4B229AB9 13955 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\admin@proxy-listen.de.xpi
2013-09-25 11:26:35 E23928ED13449168CB9F26BBE67BC95F 353425 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\smarterwiki@wikiatic.com.xpi
2013-09-25 11:26:35 C9F1A4E3D10AC900B022F8F45152A3E1 194311 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
2013-09-25 11:26:35 BD76955067E069A01B9A0392DEA4D10B 178395 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
2013-09-25 11:26:35 B60381F680B593366B51DE45829C179F 31123 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
2013-09-25 11:26:35 AC13FB2840845FE8B03E0EC579B8EA90 723773 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\stefanvandamme@stefanvd.net.xpi
2013-09-25 11:26:35 97AA187E8476935D2933E462E7A14D06 166436 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
2013-09-25 11:26:35 967246D501D0F4379C673099996CF121 16117 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
2013-09-25 11:26:35 73E5FCA06973ADD85D7CA071F89853A0 76810 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\screwads@airtint.com.xpi
2013-09-25 11:26:35 4ACEE5217E47CBA244D165C0414AA7CB 409220 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
2013-09-25 11:26:35 4155DB098E14F2A8CB7BAC0FD10D9FB0 210138 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
2013-09-25 11:26:35 3D7728D85556F98F4F967AD9F288D8F6 18509 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
2013-09-25 11:26:35 1D062796A5FF05D60F20A97677EDD437 824302 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-09-25 11:26:35 0FD6A9943787EE1A75FD810FE2DCD58C 14810 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\YouTubeAutoReplay@arikv.com.xpi
2013-09-25 11:26:35 0B240AC326EF16591C39AE84B2958659 171002 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
2013-09-25 10:37:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Veli\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\index\cdn-a.sponsorpay.com

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="C:\Windows\PLFSetI.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.09.2013 21:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default
- Undetermined - %ProfilePath%\extensions\tilt@mozilla.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- PlugIn-Checker - %ProfilePath%\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- FireTube - %ProfilePath%\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
- YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\screwads@airtint.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- YouTube Auto Replay - %ProfilePath%\extensions\YouTubeAutoReplay@arikv.com.xpi
- PDFescape Extension - %ProfilePath%\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
- Black Youtube - %ProfilePath%\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- Black Google Theme - %ProfilePath%\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049
- ColorfulTabs - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Complete YouTube Saver - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- Undetermined - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Facebook Photo Zoom - %ProfilePath%\extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- Proxy-Listen.de - Proxyswitcher - %ProfilePath%\extensions\admin@proxy-listen.de.xpi
- PlugIn-Checker - %ProfilePath%\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- FireTube - %ProfilePath%\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
- YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\screwads@airtint.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- YouTube Auto Replay - %ProfilePath%\extensions\YouTubeAutoReplay@arikv.com.xpi
- PDFescape Extension - %ProfilePath%\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
- Black Youtube - %ProfilePath%\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- Black Google Theme - %ProfilePath%\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\ffxtlbr@babylon.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
CD6D547D33C9D2935FC6F206DC4E2711 - C:\Users\Veli\AppData\Roaming\Mozilla\plugins\npspeakychat.dll - SpeakyChat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
CD6D547D33C9D2935FC6F206DC4E2711 - C:\Users\Veli\AppData\Roaming\Mozilla\plugins\npspeakychat.dll - SpeakyChat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hggpkhijoeadmdfmlbdepfbngmhaldci - C:\Program Files\DealPly\DealPly.crx[]
mmiopbgcekanlhpjkonogoljpfmhpkhf - C:\Program Files\LyricsPal\125.crx[]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Start Page"="hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013"
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013"
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"SearchAssistant"="hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013"
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

==== EOF on 01.10.2013 at 15:48:34,49 ======================

Hi Smeenk,

nachdem ich das mit dem "Zoek" gemacht habe,
sind "websearch.oversearch.info" & "Ads not by this site" verschwunden

habe vielen vielen Dank

ps: wars das, oder geht es weiter : )

smeenk · 01.10.2013, 18:43

Sieht schon besser aus

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
Code:
ATTFilter
```
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

KeremTatli · 01.10.2013, 19:17

Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by Keremino on 01.10.2013 at 19:58:15,41.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Veli\AppData\Local\Temp\Temp1_zoek(1).zip\zoek.com [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2013-10-01-134834.log 41608 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default

---- Lines delta removed from prefs.js ----

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

---- Lines certified-toolbar removed from prefs.js ----

user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60");
user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60");

---- Lines certified-toolbar modified from prefs.js ----

---- Lines certified-toolbar removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user__1543_.backup
user__2004_.backup
prefs__1543_.backup
prefs__2004_.backup

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default

---- Lines delta removed from prefs.js ----

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "f8784e71000000000000001de0866c33");
user_pref("extensions.delta.instlDay", "15973");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.613:44:48");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=124776&tt=250913_nocpn&tsp=5016");
user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "f8784e71000000000000001de0866c33");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15973");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.613:44:48");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=124776&tt=250913_nocpn&tsp=5016");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines certified-toolbar removed from prefs.js ----

---- Lines certified-toolbar modified from prefs.js ----

---- Lines certified-toolbar removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user__1543_.backup
user__2004_.backup
prefs__1543_.backup
prefs__2004_.backup

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049

---- Lines delta removed from prefs.js ----

---- Lines delta modified from prefs.js ----

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "f8784e71000000000000001de0866c33");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15968");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.64:42:03");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=124784&tt=160913_m1&tsp=5011");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines certified-toolbar removed from prefs.js ----

---- Lines certified-toolbar modified from prefs.js ----

---- Lines certified-toolbar removed from user.js ----

---- Lines browser.startup.page removed from prefs.js ----

---- Lines browser.startup.page modified from prefs.js ----

---- Lines browser.startup.page removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user__1543_.backup
user__2004_.backup
prefs__1543_.backup
prefs__2004_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Veli\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com" deleted
"C:\END" deleted
"C:\Windows\Launcher.exe" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\searchplugins\Web Search.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\foxydeal.sqlite" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\foxydeal.sqlite" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\Invalidprefs.js" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\searchplugins\babylon.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\searchplugins\Ask.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\searchplugins\Web Search.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\foxydeal.sqlite" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\Invalidprefs.js" deleted
"C:\Users\Veli\AppData\Roaming\Yandex\ui" deleted
"C:\Users\Veli\AppData\Roaming\Pamela" deleted
"C:\Users\Veli\AppData\Roaming\Yandex" deleted
"C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com" deleted
"C:\Program Files\SoftwareUpdater" deleted
"C:\Program Files\WinZipper" deleted
"C:\Program Files\Common Files\DVDVideoSoft\bin" deleted
"C:\Program Files\LyricsPal" deleted
"C:\Program Files\Desk 365" deleted
"C:\SearchProtect" deleted
"C:\Users\Veli\AppData\Roaming\WinZipper" deleted
"C:\Users\Veli\AppData\Roaming\Desk 365" deleted
"C:\Users\Veli\AppData\Roaming\eIntaller" deleted
"C:\Users\Veli\AppData\Roaming\DVDVideoSoftIEHelpers" deleted
"C:\Users\Veli\AppData\Roaming\BabSolution" deleted
"C:\Users\Veli\AppData\Roaming\Babylon" deleted
"C:\Users\Veli\AppData\Roaming\YourFileDownloader" deleted
"C:\Users\Veli\AppData\Roaming\OpenCandy" deleted
"C:\ProgramData\APN" deleted
"C:\ProgramData\eSafe" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\YTD Video Downloader" deleted
"C:\Users\Veli\AppData\Local\adawarebp" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader" deleted
"C:\Users\Veli\AppData\LocalLow\Delta" deleted
"C:\Users\Veli\AppData\LocalLow\DataMngr" deleted
"C:\Users\Veli\AppData\LocalLow\SimplyTech" deleted
"C:\Users\Veli\AppData\LocalLow\Conduit" deleted
"C:\Windows\System32\searchplugins" deleted
"C:\Windows\System32\Extensions" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\jetpack" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\jetpack" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Veli\AppData\Local\Temp ====
2013-09-30 03:58:48 09869C37B1CAE90A6275D4DE0E91D099 45868112 ----a-w- C:\Users\Veli\AppData\Local\Temp\SHSetup.exe
====== Java Cache =====
2013-09-08 19:55:05 5FD0F92A70CF369EC5B687D9C56531BC 17530 ----a-w- C:\Users\Veli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\2ea66e94-506a0138
====== C:\Windows\system32 =====
2013-09-30 19:08:47 4CAC856E64F96C6949B0931964F9EE42 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2013-09-30 19:08:46 184021B2B95F3BE1B8FD7EA4F8F23C38 71048 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-23 00:55:12 ACA17F8E1F9E8891DE15E2527D8D74D0 264616 ----a-w- C:\Windows\System32\javaws.exe
2013-09-23 00:54:58 EC94122E6DCB6E731D8513A89AC9CF12 175016 ----a-w- C:\Windows\System32\javaw.exe
2013-09-23 00:54:58 EC2A0F271C0FD4AD57B137845577F539 175016 ----a-w- C:\Windows\System32\java.exe
2013-09-23 00:54:58 65F0FBCDBBA20FC4B0DADCA922150A99 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-09-25 10:54:13 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
2013-09-12 00:48:47 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-06 20:03:00 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2013-09-30 19:08:48 35FF0B400A83D1EE852F416D9A56632E 3822 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater
2013-09-30 19:08:48 1F2ECBAC56D1E67D86A8132181D2518A 884 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-20 03:33:36 8CFC135F4BDE75CF76B6A2925910A8C0 3414 ----a-w- C:\Windows\system32\Tasks\{4CFD8C3F-62D5-42F7-B501-E5C559EE202A}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-30 19:20:24 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2013-09-25 11:26:31 -------- d-----w- C:\Program Files\Freetec
2013-09-23 00:55:27 -------- d-----w- C:\Program Files\Common Files\Java
2013-09-23 00:54:40 -------- d-----w- C:\Program Files\Java
======= C: =====
2013-09-20 02:50:26 68DA3EA204996EC4B63A9568B5D99C25 206312 --sh--r- C:\XELDZ
====== C:\Users\Veli\AppData\Roaming ======
2013-09-30 15:51:36 -------- d-----w- C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-26 07:23:22 -------- d-----w- C:\Users\Veli\AppData\Roaming\SkypEmoticons
2013-09-25 11:27:25 -------- d-----w- C:\Users\Veli\AppData\Local\Freetec
2013-09-23 23:01:12 -------- d-----w- C:\Users\Veli\AppData\Roaming\vlc
2013-09-18 19:37:45 -------- d-----w- C:\Users\Veli\AppData\Local\Programs
====== C:\Users\Veli ======
2013-10-01 17:57:04 5611140E8CC5927D371C27EA1F9E71A6 1045226 ----a-w- C:\Users\Veli\Downloads\adwcleaner.exe
2013-09-30 20:04:16 E8DD5929CDAA01730F7C536D044F1389 1086873 ----a-w- C:\Users\Veli\Downloads\FRST.exe
2013-09-30 19:16:13 50A05EDC87893F62268E374C19BFBEB3 52176608 ----a-w- C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 15:50:53 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 03:58:37 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-28 06:27:57 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-25 16:30:55 9A9B114CBD554C4A1BF9E2FCAB08B460 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 16:14:44 FAC0845F41DC78C51B12AC090379B344 1238384 ----a-w- C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 11:22:57 86BA054C43FA55D6CA581EFA6772DA1C 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 10:47:04 A509EB9A2388D2A329B9847E8D66FC2C 2743968 ----a-w- C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-24 22:50:48 FEAFF13AD04D5D945EF13587E92C3336 3362400 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-24 22:46:29 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(3).exe
2013-09-23 16:30:55 1A31EC98651A9176A3669459F2EDFB78 9216 ----a-w- C:\Users\Veli\Downloads\plugin-container.exe
2013-09-23 16:28:23 B22198403FFEAF57BE49FF5A08DA1EF4 23003252 ----a-w- C:\Users\Veli\Downloads\vlc-2.0.8-win32(1).exe
2013-09-23 00:56:15 -------- d-----w- C:\ProgramData\Oracle
2013-09-23 00:54:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2013-09-23 00:52:28 2755BAEDEB84972D1621B9166CE29B0B 913832 ----a-w- C:\Users\Veli\Downloads\jxpiinstall(1).exe
2013-09-23 00:50:20 A4022823CFBF2C1A97BD01CCF7FE976C 7912440 ----a-w- C:\Users\Veli\Downloads\Shockwave_Installer_Slim(2).exe
2013-09-20 17:33:19 -------- d-----w- C:\Users\Veli\Videos
2013-09-18 19:38:31 -------- d-----w- C:\Users\Veli\Local Settings
2013-09-11 20:44:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-03 03:48:43 74E7F684F2198114E4AE1F6524A1653C 98304 ----a-w- C:\Users\Veli\fbchathistory.dat

====== C: exe-files ==
2013-10-01 17:57:04 5611140E8CC5927D371C27EA1F9E71A6 1045226 ----a-w- C:\Users\Veli\Downloads\adwcleaner.exe
2013-09-30 20:04:46 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L213I0D\FRST[1].exe
2013-09-30 20:04:16 E8DD5929CDAA01730F7C536D044F1389 1086873 ----a-w- C:\Users\Veli\Downloads\FRST.exe
2013-09-30 19:16:13 50A05EDC87893F62268E374C19BFBEB3 52176608 ----a-w- C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 19:08:47 4CAC856E64F96C6949B0931964F9EE42 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2013-09-30 15:51:36 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Program Files\NCH Software\VideoPad\videopadsetup_v3.14.exe
2013-09-30 15:50:53 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 10:34:32 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla18.exe
2013-09-30 03:58:48 09869C37B1CAE90A6275D4DE0E91D099 45868112 ----a-w- C:\Users\Veli\AppData\Local\Temp\SHSetup.exe
2013-09-30 03:58:37 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-28 06:27:57 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-26 07:27:28 01E1B94A8C0011F206DF0C997EA287F4 165 ----a-w- C:\$Recycle.Bin\S-1-5-21-3610243647-955691083-3180197658-1000\$RSN6AFQ\Crack VideoPad Video Editor.exe
2013-09-26 07:23:47 A8E982D615D2FFD066F591B6E4EABBE0 5842336 ----a-w- C:\Users\Veli\AppData\Roaming\SkypEmoticons\SE.exe
2013-09-25 16:30:55 9A9B114CBD554C4A1BF9E2FCAB08B460 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 16:14:44 FAC0845F41DC78C51B12AC090379B344 1238384 ----a-w- C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 11:26:37 5CF463EA5AD05F5DE0BB5BBA6AA2092C 6656 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}\chrome\bin\cmdproxy.exe
2013-09-25 11:22:57 86BA054C43FA55D6CA581EFA6772DA1C 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 10:47:04 A509EB9A2388D2A329B9847E8D66FC2C 2743968 ----a-w- C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-24 22:50:48 FEAFF13AD04D5D945EF13587E92C3336 3362400 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-24 22:46:29 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(3).exe
=== C: other files ==
2013-10-01 04:30:30 642DB546B8E5380410C4B110C222E13F 79139 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPKEMNJ\de_DE[1].zip
2013-10-01 04:30:07 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XDS773D\flXHR[1].vbs
2013-09-29 21:02:39 51555013F2F820E6A20E991E754752D8 123385 ----a-w- C:\Users\Veli\AppData\Local\Temp\tmp-ifv.xpi
2013-09-25 11:26:35 F28E6D902D5782720F216207ECFBC07F 18753 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
2013-09-25 11:26:35 ED10614EC981DB30789CC7EC4B229AB9 13955 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\admin@proxy-listen.de.xpi
2013-09-25 11:26:35 E23928ED13449168CB9F26BBE67BC95F 353425 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\smarterwiki@wikiatic.com.xpi
2013-09-25 11:26:35 C9F1A4E3D10AC900B022F8F45152A3E1 194311 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
2013-09-25 11:26:35 BD76955067E069A01B9A0392DEA4D10B 178395 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
2013-09-25 11:26:35 B60381F680B593366B51DE45829C179F 31123 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
2013-09-25 11:26:35 AC13FB2840845FE8B03E0EC579B8EA90 723773 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\stefanvandamme@stefanvd.net.xpi
2013-09-25 11:26:35 97AA187E8476935D2933E462E7A14D06 166436 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
2013-09-25 11:26:35 967246D501D0F4379C673099996CF121 16117 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
2013-09-25 11:26:35 73E5FCA06973ADD85D7CA071F89853A0 76810 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\screwads@airtint.com.xpi
2013-09-25 11:26:35 4ACEE5217E47CBA244D165C0414AA7CB 409220 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
2013-09-25 11:26:35 4155DB098E14F2A8CB7BAC0FD10D9FB0 210138 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
2013-09-25 11:26:35 3D7728D85556F98F4F967AD9F288D8F6 18509 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
2013-09-25 11:26:35 1D062796A5FF05D60F20A97677EDD437 824302 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-09-25 11:26:35 0FD6A9943787EE1A75FD810FE2DCD58C 14810 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\YouTubeAutoReplay@arikv.com.xpi
2013-09-25 11:26:35 0B240AC326EF16591C39AE84B2958659 171002 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
2013-09-25 10:37:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Veli\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\index\cdn-a.sponsorpay.com

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="C:\Windows\PLFSetI.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.09.2013 21:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default
- Undetermined - %ProfilePath%\extensions\tilt@mozilla.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- PlugIn-Checker - %ProfilePath%\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- FireTube - %ProfilePath%\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
- YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\screwads@airtint.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- YouTube Auto Replay - %ProfilePath%\extensions\YouTubeAutoReplay@arikv.com.xpi
- PDFescape Extension - %ProfilePath%\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
- Black Youtube - %ProfilePath%\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- Black Google Theme - %ProfilePath%\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049
- ColorfulTabs - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Complete YouTube Saver - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- Undetermined - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Facebook Photo Zoom - %ProfilePath%\extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- Proxy-Listen.de - Proxyswitcher - %ProfilePath%\extensions\admin@proxy-listen.de.xpi
- PlugIn-Checker - %ProfilePath%\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- FireTube - %ProfilePath%\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
- YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\screwads@airtint.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- YouTube Auto Replay - %ProfilePath%\extensions\YouTubeAutoReplay@arikv.com.xpi
- PDFescape Extension - %ProfilePath%\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
- Black Youtube - %ProfilePath%\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- Black Google Theme - %ProfilePath%\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
CD6D547D33C9D2935FC6F206DC4E2711 - C:\Users\Veli\AppData\Roaming\Mozilla\plugins\npspeakychat.dll - SpeakyChat
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

Profilepath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
CD6D547D33C9D2935FC6F206DC4E2711 - C:\Users\Veli\AppData\Roaming\Mozilla\plugins\npspeakychat.dll - SpeakyChat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hggpkhijoeadmdfmlbdepfbngmhaldci - C:\Program Files\DealPly\DealPly.crx[]
mmiopbgcekanlhpjkonogoljpfmhpkhf - C:\Program Files\LyricsPal\125.crx[]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\Veli\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe
C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk - C:\Samata Dj Efektor v4.6\Samata Dj Efektor v4.6.exe
C:\Users\Veli\Desktop\Privat\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Veli\Desktop\Privat\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veli\Desktop\Privat\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\Desktop\Privat\Audio_Realtek_(ALC889)_v.6.0.1.5901_Win7x86x64.lnk -
C:\Users\Veli\Desktop\Privat\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\Desktop\Privat\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\Desktop\Privat\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\Doxillion\doxillion.exe
C:\Users\Veli\Desktop\Privat\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Privat\Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\Musecpl.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\Desktop\Privat\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (2).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (3).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (4).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung.lnk -
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe QVO6
C:\Users\Veli\Desktop\Privat\o.tel.o.lnk - C:\Program Files\o.tel.o\o.tel.o.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\Desktop\Privat\Pavtube Video Converter.lnk - C:\Program Files\Pavtube\Video Converter\Video Converter.exe
C:\Users\Veli\Desktop\Privat\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\Desktop\Privat\RichMood Editor for Skype.lnk - C:\Program Files\Pamela RichMood Editor\MoodEditor.exe
C:\Users\Veli\Desktop\Privat\Sandboxed Web Browser.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\Veli\Desktop\Privat\Skype...lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\Desktop\Privat\SplitCam.lnk - C:\Program Files\SplitCam\SplitCam.exe
C:\Users\Veli\Desktop\Privat\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\Desktop\Privat\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\Desktop\Privat\Tube-8 Downloader.lnk - C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Veli\Desktop\Privat\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\Desktop\Privat\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Videos\Desktop.lnk - C:\Users\Veli\Desktop
C:\Users\Veli\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe
C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk - C:\Samata Dj Efektor v4.6\Samata Dj Efektor v4.6.exe
C:\Users\Veli\Desktop\Privat\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Veli\Desktop\Privat\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veli\Desktop\Privat\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\Desktop\Privat\Audio_Realtek_(ALC889)_v.6.0.1.5901_Win7x86x64.lnk -
C:\Users\Veli\Desktop\Privat\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\Desktop\Privat\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\Desktop\Privat\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\Doxillion\doxillion.exe
C:\Users\Veli\Desktop\Privat\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Privat\Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\Musecpl.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\Desktop\Privat\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (2).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (3).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (4).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung.lnk -
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe QVO6
C:\Users\Veli\Desktop\Privat\o.tel.o.lnk - C:\Program Files\o.tel.o\o.tel.o.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\Desktop\Privat\Pavtube Video Converter.lnk - C:\Program Files\Pavtube\Video Converter\Video Converter.exe
C:\Users\Veli\Desktop\Privat\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\Desktop\Privat\RichMood Editor for Skype.lnk - C:\Program Files\Pamela RichMood Editor\MoodEditor.exe
C:\Users\Veli\Desktop\Privat\Sandboxed Web Browser.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\Veli\Desktop\Privat\Skype...lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\Desktop\Privat\SplitCam.lnk - C:\Program Files\SplitCam\SplitCam.exe
C:\Users\Veli\Desktop\Privat\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\Desktop\Privat\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\Desktop\Privat\Tube-8 Downloader.lnk - C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Veli\Desktop\Privat\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\Desktop\Privat\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Videos\Desktop.lnk - C:\Users\Veli\Desktop
C:\Users\Veli\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe
C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk - C:\Samata Dj Efektor v4.6\Samata Dj Efektor v4.6.exe
C:\Users\Veli\Desktop\Privat\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Veli\Desktop\Privat\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veli\Desktop\Privat\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\Desktop\Privat\Audio_Realtek_(ALC889)_v.6.0.1.5901_Win7x86x64.lnk -
C:\Users\Veli\Desktop\Privat\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\Desktop\Privat\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\Desktop\Privat\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\Doxillion\doxillion.exe
C:\Users\Veli\Desktop\Privat\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Privat\Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\Musecpl.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\Desktop\Privat\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (2).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (3).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (4).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung.lnk -
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe QVO6
C:\Users\Veli\Desktop\Privat\o.tel.o.lnk - C:\Program Files\o.tel.o\o.tel.o.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\Desktop\Privat\Pavtube Video Converter.lnk - C:\Program Files\Pavtube\Video Converter\Video Converter.exe
C:\Users\Veli\Desktop\Privat\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\Desktop\Privat\RichMood Editor for Skype.lnk - C:\Program Files\Pamela RichMood Editor\MoodEditor.exe
C:\Users\Veli\Desktop\Privat\Sandboxed Web Browser.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\Veli\Desktop\Privat\Skype...lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\Desktop\Privat\SplitCam.lnk - C:\Program Files\SplitCam\SplitCam.exe
C:\Users\Veli\Desktop\Privat\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\Desktop\Privat\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\Desktop\Privat\Tube-8 Downloader.lnk - C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Veli\Desktop\Privat\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\Desktop\Privat\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Videos\Desktop.lnk - C:\Users\Veli\Desktop
C:\Users\Veli\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe
C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk - C:\Samata Dj Efektor v4.6\Samata Dj Efektor v4.6.exe
C:\Users\Veli\Desktop\Privat\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Veli\Desktop\Privat\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veli\Desktop\Privat\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\Desktop\Privat\Audio_Realtek_(ALC889)_v.6.0.1.5901_Win7x86x64.lnk -
C:\Users\Veli\Desktop\Privat\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\Desktop\Privat\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\Desktop\Privat\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\Doxillion\doxillion.exe
C:\Users\Veli\Desktop\Privat\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Privat\Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\Musecpl.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\Desktop\Privat\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (2).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (3).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (4).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung.lnk -
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe QVO6
C:\Users\Veli\Desktop\Privat\o.tel.o.lnk - C:\Program Files\o.tel.o\o.tel.o.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\Desktop\Privat\Pavtube Video Converter.lnk - C:\Program Files\Pavtube\Video Converter\Video Converter.exe
C:\Users\Veli\Desktop\Privat\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\Desktop\Privat\RichMood Editor for Skype.lnk - C:\Program Files\Pamela RichMood Editor\MoodEditor.exe
C:\Users\Veli\Desktop\Privat\Sandboxed Web Browser.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\Veli\Desktop\Privat\Skype...lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\Desktop\Privat\SplitCam.lnk - C:\Program Files\SplitCam\SplitCam.exe
C:\Users\Veli\Desktop\Privat\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\Desktop\Privat\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\Desktop\Privat\Tube-8 Downloader.lnk - C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Veli\Desktop\Privat\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\Desktop\Privat\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Videos\Desktop.lnk - C:\Users\Veli\Desktop
C:\Users\Veli\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe
C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk - C:\Samata Dj Efektor v4.6\Samata Dj Efektor v4.6.exe
C:\Users\Veli\Desktop\Privat\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Veli\Desktop\Privat\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veli\Desktop\Privat\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\Desktop\Privat\Audio_Realtek_(ALC889)_v.6.0.1.5901_Win7x86x64.lnk -
C:\Users\Veli\Desktop\Privat\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\Desktop\Privat\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\Desktop\Privat\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\Doxillion\doxillion.exe
C:\Users\Veli\Desktop\Privat\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Privat\Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\Musecpl.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\Desktop\Privat\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (2).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (3).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (4).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung.lnk -
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe QVO6
C:\Users\Veli\Desktop\Privat\o.tel.o.lnk - C:\Program Files\o.tel.o\o.tel.o.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\Desktop\Privat\Pavtube Video Converter.lnk - C:\Program Files\Pavtube\Video Converter\Video Converter.exe
C:\Users\Veli\Desktop\Privat\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\Desktop\Privat\RichMood Editor for Skype.lnk - C:\Program Files\Pamela RichMood Editor\MoodEditor.exe
C:\Users\Veli\Desktop\Privat\Sandboxed Web Browser.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\Veli\Desktop\Privat\Skype...lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\Desktop\Privat\SplitCam.lnk - C:\Program Files\SplitCam\SplitCam.exe
C:\Users\Veli\Desktop\Privat\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\Desktop\Privat\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\Desktop\Privat\Tube-8 Downloader.lnk - C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Veli\Desktop\Privat\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\Desktop\Privat\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Videos\Desktop.lnk - C:\Users\Veli\Desktop
C:\Users\Veli\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe
C:\Users\Veli\Desktop\Samata Dj Efektor Professional.lnk - C:\Samata Dj Efektor v4.6\Samata Dj Efektor v4.6.exe
C:\Users\Veli\Desktop\Privat\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Veli\Desktop\Privat\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veli\Desktop\Privat\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\Desktop\Privat\Audio_Realtek_(ALC889)_v.6.0.1.5901_Win7x86x64.lnk -
C:\Users\Veli\Desktop\Privat\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\Desktop\Privat\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\Desktop\Privat\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\Doxillion\doxillion.exe
C:\Users\Veli\Desktop\Privat\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Privat\Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\Musecpl.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\Desktop\Privat\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (2).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (3).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung (4).lnk -
C:\Users\Veli\Desktop\Privat\Kerem - Verknüpfung.lnk -
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe QVO6
C:\Users\Veli\Desktop\Privat\o.tel.o.lnk - C:\Program Files\o.tel.o\o.tel.o.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\Desktop\Privat\Pavtube Video Converter.lnk - C:\Program Files\Pavtube\Video Converter\Video Converter.exe
C:\Users\Veli\Desktop\Privat\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\Desktop\Privat\RichMood Editor for Skype.lnk - C:\Program Files\Pamela RichMood Editor\MoodEditor.exe
C:\Users\Veli\Desktop\Privat\Sandboxed Web Browser.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\Veli\Desktop\Privat\Skype...lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\Desktop\Privat\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\Desktop\Privat\SplitCam.lnk - C:\Program Files\SplitCam\SplitCam.exe
C:\Users\Veli\Desktop\Privat\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\Desktop\Privat\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\Desktop\Privat\Tube-8 Downloader.lnk - C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Veli\Desktop\Privat\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\Desktop\Privat\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Veli\Desktop\Privat\YouTube Cekim\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\Desktop\Videos\Desktop.lnk - C:\Users\Veli\Desktop

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressAccounts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ClassicFTP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Doxillion
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressBurn
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Express
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Rip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressZip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Pixillion
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind ExpressInvoice
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind MixPad
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Prism
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind RecordPad
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind SoundTap
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Switch
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind Debut
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe -extfind WavePad

==== shortcuts in Quick Launch ======================

C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe QVO6
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Animation Shop 3.lnk - C:\Windows\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Creative Sound Card.lnk - C:\Program Files\Creative\AudioCS\CTAudCS.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HyperCam 2.lnk - C:\Program Files\HyperCam 2\HyCam2.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sound Recorder.lnk - C:\Windows\system32\SoundRecorder.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SWFText.lnk - C:\Program Files\SWFText\SWFText.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ulead GIF Animator 5.lnk - C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe

==== shortcuts After Repair ======================

C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\Desktop\Privat\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\Desktop\Privat\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veli\Desktop\Privat\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Veli\Desktop\Privat\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Veli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk - C:\Program Files\Opera\opera.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully

==== Empty IE Cache ======================

C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D64B3QVL will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Veli\AppData\Local\Mozilla\Firefox\Profiles\qpbe3oiy.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Veli\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D64B3QVL" not found

==== EOF on 01.10.2013 at 20:10:54,51 ======================

KeremTatli · 01.10.2013, 19:18

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.006 - Bericht erstellt am 01/10/2013 um 20:13:53
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzername : Keremino - KEREM
# Gestartet von : C:\Users\Veli\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\user.js
Datei Gelöscht : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\user.js
Datei Gelöscht : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\user.js

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{607639B1-E3AE-47A9-8CE8-1F4B37F7E83E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{607639B1-E3AE-47A9-8CE8-1F4B37F7E83E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB27B75-3933-47F0-9205-18F347BB1E10}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFB27B75-3933-47F0-9205-18F347BB1E10}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B960702-51D7-4993-A736-9093A6E9C943}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B960702-51D7-4993-A736-9093A6E9C943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKCU\Software\ded9d1b069eb40
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3282495
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB9778AB-BAEF-49B9-96EE-D6E4BD0BCE68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\smartbar
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyricspal
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\prefs.js ]


[ Datei : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.fasterfox.addit.remoteInstallItems", "{ \"software\": {\"114\": {\"id\": \"114\",\"title\": \"RelevantKnowledge\",\"type\": \"EXE\",\"url\": \"hxxp://www.powerpackdl.com/download[...]

[ Datei : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\prefs.js ]


[ Datei : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\prefs.js ]


[ Datei : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\prefs.js ]


[ Datei : C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\prefs.js ]


*************************

AdwCleaner[R0].txt - [21751 octets] - [01/10/2013 19:59:09]
AdwCleaner[R1].txt - [12361 octets] - [01/10/2013 20:11:52]
AdwCleaner[S0].txt - [11929 octets] - [01/10/2013 20:13:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11990 octets] ##########

--- --- ---

smeenk · 02.10.2013, 07:33

Da waren wirklich viele Funde

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

KeremTatli · 02.10.2013, 17:19

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.02.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Keremino :: KEREM [Administrator]

02.10.2013 18:07:51
mbam-log-2013-10-02 (18-07-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 187399
Laufzeit: 9 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\AppID\{33CB14BC-58BB-4B3A-9877-7946A3F41BAE} (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{FEFE89E5-A43F-4f4b-8211-B11D91D02135} (PUP.Optional.CoolPic) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{FEFE89E5-A43F-4f4b-8211-B11D91D02135} (PUP.Optional.CoolPic) -> Daten: C:\Program Files\CoolPic - Fun Social Pictures\Firefox -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F} (PUP.Optional.WBCEngine) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{14DD0E04-D4F6-45d2-A958-F361FBD4F64F} (PUP.Optional.WBCEngine) -> Daten: C:\Program Files\WBC Engine\Firefox -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Veli\Downloads\PhotoScape_V3.6.5.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Java 7 Update 40
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

smeenk · 02.10.2013, 17:37

Meiner Meinung nach sieht alles wieder ganz OK aus

Tools deinstallieren

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Abschließend noch Tipps zu folgenden Themen:

Systemupdates

Softwareupdates

Sicherheitssoftware

Sicheres Surfen

Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:

Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.

Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:

Adobe Reader (Adobe - Adobe Reader herunterladen - Alle Versionen => Kein Haken bei "Ja, McAfee ...")
Flash Plugin (Adobe - Adobe Flash Player installieren => Kein Haken bei "Ja, McAfee ...")
Java (Download der kostenlosen Java-Software -> Kein Haken für die ASK-Toolbar während der Installation)
Dein Browser inklusive aller Add-Ons. Das Trojaner-Board bietet dir auch einen Browser-Check.

Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:

Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.

Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.

Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!

Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:

Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.

WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.

Firefox, Opera, Chrome, ...
... mehr findest du auf Microsofts eigener Browserauswahlwebseite.

Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Grüße
Smeenk

KeremTatli · 02.10.2013, 18:16

Smeenk, habe vielen vielen Dank

Alles läuft wirder wie früher

Selbstverständlich werde ich das Trojaner-Board unterstützen

Denn ohne Smeenk, hätte ich das ganze hier nicht geschafft

Benutze zwar keine Paypal, werde aber, mit einer Banküberweisung für die Unterstützung, teilnehmen.

Alles Gute und Liebe
wünscht dir Kerem
aus Düsseldorf

NOCHMALS DANKE FÜR ALLES SMEENK

http://websearch.oversearch.info

Plagegeister aller Art und deren Bekämpfung: http://websearch.oversearch.info