Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Optimizer Pro v3.2 incl. Crash Monitor enfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.10.2014, 17:53   #1
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo,
womit ich mir dieses Preogram "eingefangen" habe ist mir unbekannt. Eine plötzliche Häufung von Werbungen auf dem PC liesen mich stutzig werden und dabei stieß ich auf dieses unerwünschte Program. Nach dem Lesen von Beschreibungen im Internet ist dieses Program alles andere als harmlos.
Zum Loswerden habe ich folgende Handlungen vorgenommen:
- Deinstallieren des Programs in Systemsteuerung. Dies gelang.
Aber es war weiterhin in: C:\Program Files (x86) präsent. Hier gelang es mir alle Dateien bis auf: OptPtoCrash.dll zu löschen. Beim "Klick" auf diese Datei kam der Hinweis: "Die Aktion kann nicht abgeschlossen werden, da die Datei in Optimizer Pro Crash Monitor geöffnet ist.
Diesen ... Monitor habe ich in der Systemconfiguration unter Dienste gefunden. Ich habe ihn deaktiviert. Das System neu gestartet. Danach konnte ich den Ordner Optimizer Pro mit der o.g. Datei löschen. Soweit meine bisherigen Handlungen. Ich bin mir aber unsicher, ob ich dieses Program damit los bin oder ob noch weitere Handlungen erforderlich sind. Dies ist nun mein Anliegen an das Forum.

Entsprechend den Hinweisen zur Vorbereitung von Informationen zur Eröffnung von Themen hier im Forum habe ich:
- defogger herunter geladen. Aber leider nicht starten können.
- Die anderen Systemscan`s habe ich mit den ang. Tools vor und nach meinen Aktionen durchgeführt. (Dateien ..-1.txt sind die Dateien nach meinen Aktionen).
Mit diesem Stand nun meine Fragen:
- In der Systemkonfiguration (Dienste) ist der Optimizer Pro Crash Monitor noch eingetragen aber auf beendet gesetzt. Kann das so bleiben oder soll er auch dort entfernt werden. Wenn Ja, wie mache ich das??
- In der Logdatei FRST-1.txt befindet sich noch der Eintrag: "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT. Diesen Eintrag gibt es aber nicht mehr im Program-Ordner "Program Files (x86). Gegenüber der Logdatei "FRST.txt ist hier der Eintrag "ENT". Was bedeutet das? Entfernt??
- In der Logdatei Addition-1.txt befindet sich noch der Eintrag: MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
Diesen Eintrag finde ich nicht.
- In den Logdateien GMER finde ich keine Einträge zu Optimizer.

- Ich arbeite mit Kaspersky Internet Security.

Über eine Antwort würde ich mich freuen. Was ist noch zu tun?

Für eure Mühe möchte ich mich schon im Voraus bedanken.

mfg Thomas

Alt 08.10.2014, 18:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.10.2014, 20:39   #3
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo Schrauber,
ich hoffe so klappt es jetzt. Ich muss die Files auf drei Antworten aufgrund der Länge aufteilen. Wenn etwas noch gebraucht wird, ich sitze momentan am PC. Gruß Thomas

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Gabi (administrator) on GABI-DIETER on 07-10-2014 20:56:38
Running from C:\Users\Gabi\Downloads
Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Windows\System32\ipstrmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
() C:\oracle10g\bin\TNSLSNR.EXE
(Oracle Corporation) C:\oracle10g\bin\oracle.exe
() C:\Program Files (x86)\Search\WebSearch.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [RegistryQuick.exe] => C:\Program Files (x86)\ReQuick\RegistryQuick.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Intermediate] => C:\Users\Gabi\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/
URLSearchHook: HKLM-x32 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
SearchScopes: HKCU - {0213547C-6002-469C-BA82-6863B3C1D7B8} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=da13e098000000000000000000000000&toi=16094&r=616
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true
SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7234E9B8-551C-4612-AF57-BA7AC109CD0E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN29167070491981215&UM=2
SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1251611358&ir=
SearchScopes: HKCU - {C43BBC1B-D6AA-459A-9D03-5284B44E912E} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bdf839-3107-4fcf-a915-433807fd60f1&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/03/2013&type=hp1000
SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}] - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com

Chrome: 
=======
CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Gabi\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3541448 2014-10-04] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 credwizd; C:\Windows\system32\ipstrmgr.exe [114176 2013-02-18] () [File not signed]
R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-07-31] (Dailytools GmbH) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] ()
S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed]
S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed]
R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed]
R2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-08] ()
R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] ()
R2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S1 StarOpen; No ImagePath
S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 20:56 - 2014-10-07 20:57 - 00030450 _____ () C:\Users\Gabi\Downloads\FRST.txt
2014-10-07 20:56 - 2014-10-07 20:56 - 00000000 ____D () C:\FRST
2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2014-10-07 20:49 - 2014-10-07 20:49 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log
2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe
2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable
2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick
2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe
2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71}
2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk
2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe
2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe
2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg
2014-10-04 21:08 - 2014-10-04 21:08 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Astromenda
2014-10-04 20:32 - 2014-10-04 20:32 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Optimizer Pro
2014-10-04 20:27 - 2014-10-06 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-10-04 20:26 - 2014-10-06 13:11 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-10-04 20:26 - 2014-10-06 10:58 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\WSE_Astromenda
2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe
2014-10-03 19:37 - 2014-10-04 20:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N
2014-10-03 19:36 - 2014-10-04 19:52 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe
2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 20:53 - 2010-01-15 19:07 - 01307223 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 20:44 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi
2014-10-07 20:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 20:18 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 20:06 - 2014-01-23 12:01 - 00000928 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-10-07 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-07 19:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 19:51 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-07 19:07 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-07 17:47 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981}
2014-10-07 15:56 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 15:56 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 15:47 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2
2014-10-07 15:46 - 2014-02-25 12:08 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-10-07 15:45 - 2014-03-10 13:06 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Fifth
2014-10-07 15:45 - 2014-01-23 12:01 - 00000924 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-10-07 15:45 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-07 15:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600
2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2}
2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E}
2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704}
2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196}
2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282}
2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A}
2014-10-06 12:30 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk
2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup
2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing
2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-04 20:28 - 2014-01-23 12:01 - 00000000 ____D () C:\Users\Gabi\AppData\Local\SaveSense
2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat
2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk
2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk
2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-01 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job
2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 16:59 - 2014-01-26 15:19 - 00000408 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter
2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe
2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype
2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Gabi\SSBCUninstall.exe
C:\Users\Gabi\SSSDUninstall.exe
C:\Users\Gabi\SS_Uninstall.exe
C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat


Some content of TEMP:
====================
C:\Users\Gabi\AppData\Local\Temp\MovieStudioPro.exe
C:\Users\Gabi\AppData\Local\Temp\optprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-21 19:39

==================== End Of Log ============================
         
--- --- ---


FRST-1.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Gabi (administrator) on GABI-DIETER on 07-10-2014 22:04:45
Running from C:\Users\Gabi\Downloads
Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Windows\System32\ipstrmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\oracle10g\bin\oracle.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [RegistryQuick.exe] => C:\Program Files (x86)\ReQuick\RegistryQuick.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Intermediate] => C:\Users\Gabi\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/
URLSearchHook: HKLM-x32 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
SearchScopes: HKCU - {0213547C-6002-469C-BA82-6863B3C1D7B8} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=da13e098000000000000000000000000&toi=16094&r=616
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true
SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7234E9B8-551C-4612-AF57-BA7AC109CD0E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN29167070491981215&UM=2
SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1251611358&ir=
SearchScopes: HKCU - {C43BBC1B-D6AA-459A-9D03-5284B44E912E} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bdf839-3107-4fcf-a915-433807fd60f1&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/03/2013&type=hp1000
SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}] - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com

Chrome: 
=======
CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Gabi\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 credwizd; C:\Windows\system32\ipstrmgr.exe [114176 2013-02-18] () [File not signed]
R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-07-31] (Dailytools GmbH) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] ()
S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed]
S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed]
R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed]
S2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-08] ()
R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] ()
S4 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT
S2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S1 StarOpen; No ImagePath
S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 21:32 - 2014-10-07 21:57 - 00000392 _____ () C:\Windows\setupact.log
2014-10-07 21:32 - 2014-10-07 21:55 - 00000592 _____ () C:\Windows\PFRO.log
2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-07 21:18 - 2014-10-07 21:18 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt
2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe
2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt
2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt
2014-10-07 20:57 - 2014-10-07 21:00 - 00060992 _____ () C:\Users\Gabi\Downloads\Addition.txt
2014-10-07 20:56 - 2014-10-07 22:04 - 00030079 _____ () C:\Users\Gabi\Downloads\FRST.txt
2014-10-07 20:56 - 2014-10-07 22:04 - 00000000 ____D () C:\FRST
2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log
2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe
2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable
2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick
2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe
2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71}
2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk
2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe
2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe
2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg
2014-10-04 21:08 - 2014-10-04 21:08 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Astromenda
2014-10-04 20:26 - 2014-10-06 10:58 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\WSE_Astromenda
2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe
2014-10-03 19:37 - 2014-10-04 20:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N
2014-10-03 19:36 - 2014-10-04 19:52 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe
2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 22:06 - 2014-01-23 12:01 - 00000928 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-10-07 22:00 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 22:00 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-07 21:58 - 2014-03-10 13:06 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Fifth
2014-10-07 21:58 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2
2014-10-07 21:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-07 21:56 - 2014-02-25 12:08 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-10-07 21:56 - 2014-01-23 12:01 - 00000924 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-10-07 21:56 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-07 21:56 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 21:56 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-07 21:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 21:54 - 2010-01-15 19:07 - 01320962 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 21:43 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 21:43 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 21:38 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981}
2014-10-07 21:32 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_
2014-10-07 21:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 20:44 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi
2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600
2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2}
2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E}
2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704}
2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196}
2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282}
2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A}
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk
2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup
2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing
2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-04 20:28 - 2014-01-23 12:01 - 00000000 ____D () C:\Users\Gabi\AppData\Local\SaveSense
2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat
2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk
2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk
2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-01 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job
2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 16:59 - 2014-01-26 15:19 - 00000408 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter
2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe
2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype
2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Gabi\SSBCUninstall.exe
C:\Users\Gabi\SSSDUninstall.exe
C:\Users\Gabi\SS_Uninstall.exe
C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat


Some content of TEMP:
====================
C:\Users\Gabi\AppData\Local\Temp\MovieStudioPro.exe
C:\Users\Gabi\AppData\Local\Temp\optprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-21 19:39

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 08.10.2014, 20:46   #4
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Teil 2

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Gabi at 2014-10-07 20:57:45
Running from C:\Users\Gabi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.115 - ACD Systems International)
ACDSee Image Decoder Update (HKLM-x32\...\{047A167B-0C6B-41F3-B5E6-E968F92468C1}) (Version: 2.0.5 - ACD Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Movie Studio Pro v.1.0.7 (HKLM-x32\...\{91B33C97-EC92-2CD7-E21F-4FEF6AA572AA}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Browser Guard (HKLM-x32\...\Browser Guard) (Version:  - )
BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
BurnAware Free Download Packages (HKCU\...\BurnAware Free Download Packages) (Version:  - ) <==== ATTENTION
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Document Express DjVu Plug-in (HKLM-x32\...\{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}) (Version: 6.1.27549 - Caminova, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Freemake Video Converter Free Download Packages (HKCU\...\Freemake Video Converter Free Download Packages) (Version:  - ) <==== ATTENTION
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Inpaint 5.2 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IrfanView Download Packages (HKCU\...\IrfanView Download Packages) (Version:  - ) <==== ATTENTION
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version:  - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Media Center SDK 6.0 (HKLM-x32\...\{E363B2CF-627B-492D-8881-702D0AE4F50C}) (Version: 7.0.0.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 8.15 - Ocster GmbH & Co. KG)
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Free Download Packages (HKCU\...\Skype Free Download Packages) (Version:  - ) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.00.004 - PIXELA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.25 - NCH Software)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software)
Windows Internet Explorer 10 (x32 Version: 10.0 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-10-2014 15:56:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02BAD771-29AE-4F87-86E2-66724A4AE0AD} - System32\Tasks\{EFE0F532-2A73-4D21-8AED-C0836875B018} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {053A5F36-8158-460E-92F5-5269606A2376} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {05792E62-12F2-44BE-89D2-47E5850BF6D2} - System32\Tasks\{A60B9513-5CA7-461C-B77C-9F1E2250410E} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe
Task: {068D666E-6AA6-44B3-8018-F9E7469CC7F1} - System32\Tasks\{DFB0BA80-18E0-4EEC-86C3-EAF7F33D5BB8} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {06EB6EA9-685B-48A5-A88B-B17BA213A01C} - System32\Tasks\{2DAB612D-4CCC-4DAB-9F94-FB2B9EF0B9E3} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {0B54D784-BADC-45E9-B85A-947E461A000C} - System32\Tasks\{D5D0C80E-CFBD-4E8E-A106-1038B1435F23} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {0E601114-0C97-4CF7-8592-1FEBBD63B008} - System32\Tasks\{16930FA3-9E2F-41EF-A083-5F1D19AFE9D3} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-05-15] (Microsoft Corporation)
Task: {0EB211BD-53FC-46B3-99D3-FFAF4B6E62DF} - System32\Tasks\{80E296E5-37D4-409E-9D44-F5E897EA8744} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {106D5C8B-0887-4182-A073-558F6CC015AA} - System32\Tasks\{975DF8E9-A2F1-4163-9C55-8C0AA4FF8A3F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {1170F6B0-C61C-43A9-9453-514F9DEFC700} - System32\Tasks\{0E365111-C9A7-43CD-9015-AD0B4EDEC820} => Firefox.exe 
Task: {12177FBD-A7F7-454E-91C2-0FD4F20678E2} - System32\Tasks\{FE3E02D9-54EB-4A9C-A76D-D0F3CE15C9CC} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {18A906B9-5326-4355-875E-83445512BAA2} - System32\Tasks\{748362AD-96C7-493C-8A0B-0EB4C75B3241} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {1A299CF4-EE5C-4645-8873-65819DBCBA09} - System32\Tasks\{8EB85395-6DF1-42D1-BCC9-6A2C39D0A06D} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {1C99D807-C487-4F14-9A8D-1B92041FB628} - System32\Tasks\{C6B60480-C4B3-4B93-BF85-919436F9DCF1} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {22A1E30A-D0A8-4E63-BAB6-6658ECB5570F} - System32\Tasks\{AEE9FDE0-A111-4974-999F-B408490B8D8C} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {2413C613-3EEA-42A9-A9EE-4050623C5F7E} - System32\Tasks\{D7BE9AF5-D625-4F96-8078-C3E51416D6DD} => C:\Program Files (x86)\Wetterbox\Wetterbox.exe [2010-02-05] (t-online.de                         )
Task: {256667D3-6382-4C66-BC05-FE38C9A93824} - System32\Tasks\{B7573703-CF10-4CAD-9D0F-458B6E29B54A} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
Task: {284BB469-B242-4F40-AF2E-543E705B46D3} - System32\Tasks\{644C7C4C-8210-40F1-BEE8-A8BB25545919} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {2856A28F-8AE5-481E-A0C2-069AA946DBF8} - System32\Tasks\{21DBD499-C613-48BA-A0F0-186C4F747769} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {33876F9F-A8EB-491D-8DBC-F14DD846CFE1} - System32\Tasks\{28DBB7A7-6CD0-4781-B081-10048E698970} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {35A4AD38-C6FE-4CB1-956C-492E4FD00101} - System32\Tasks\{54516D7D-DE58-4952-BDB5-73924135CD01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {3CC6A791-14B7-4970-B342-9A3D349C78EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {3EF4827F-2181-45DB-99AF-C07C2DD54E7A} - System32\Tasks\{AB114C1D-7266-4AF7-A30E-11B26BE1615F} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {4F4374BC-3B7E-4A54-A1AA-8FD6ECA70275} - System32\Tasks\{105CE8C3-2ADC-430B-9358-49BB8319D8D3} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {53ACADDE-C9AF-4C03-86E9-CF2585090F4E} - System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {558ECEFA-C5F8-4FC0-9B26-0615C0130AAC} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {5598CCE9-982E-4477-A692-83B791D7C25D} - System32\Tasks\{BF9D57C8-4EB3-4197-B121-7DF9281C6E83} => C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
Task: {5FF0F40F-9D9C-4DDC-BF28-00EC30AF6836} - System32\Tasks\{F9E1DD75-D3E2-4306-A4E9-77AD1E3E440F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {661A0E7E-68C6-495E-A657-0315DE890E51} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc)
Task: {670F6793-B7C9-46E0-88CC-001E8D22E252} - System32\Tasks\Ashampoo UnInstaller 5 => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {6BAB4395-D4C6-477B-9F19-2F6F6A337259} - System32\Tasks\{9E7A4809-517D-41C6-A7FA-F9E5DF7A8CDF} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe
Task: {6DDAE403-6E11-4128-8F90-A2832FEA1DAB} - System32\Tasks\{338410F2-A2FB-4A54-BE0A-4F0DA5D119FE} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {74A7EC1B-857B-4488-82AF-03DED0AB0BE0} - System32\Tasks\{9E010073-9998-45F1-A581-5125A55A7A68} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {796B0B0F-B897-4953-B1B2-7E9EEBE90FE4} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {7B336E60-CD95-4216-9BCE-1C335774A8E7} - System32\Tasks\{BF75E81F-4726-488E-9F11-553D186A9250} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {7DF9475A-4849-4086-B12E-83014A46C879} - System32\Tasks\{CDB43B5A-D121-4DF5-A8DC-EF60D4BBE90A} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe
Task: {7EEA12D3-BBBA-4E8F-A91B-469BB8627671} - System32\Tasks\{465C18D9-E052-47EA-8392-BA413D7901C4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {847A94C0-07D3-41E5-A581-33085976608B} - System32\Tasks\{43DAF3C9-689E-4D7D-85B9-95CFDB2B56C2} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {85652B33-BBBA-4797-803B-01BD530137DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {894AD76D-CC3B-46B3-924E-F0276E7B039D} - System32\Tasks\{D754773D-5842-4673-856C-06A2F649C881} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {8A4BF58B-94B6-48DA-BC69-967673A37364} - System32\Tasks\{2A6D5D12-AC3F-4F56-9629-72EA3F526508} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe
Task: {8F33458C-9E20-4AEF-A183-9F68E06DA86A} - System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe
Task: {8F8DB379-D692-4E24-9CEF-F2819BE786E2} - System32\Tasks\{3EB5B1CC-807D-4893-992D-30D23BD96179} => C:\Program Files\Netzmanager\netzmanager.exe
Task: {90329D18-9C6D-455A-B027-4985FF013982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)
Task: {96987873-4F4F-4757-9B5C-58BAFCC841BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {971D492A-A3A0-4618-87C9-017E8472A04D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {9B79E0AD-BB8B-483E-93F3-0D0CEF74C9DF} - System32\Tasks\Fifth => C:\Users\Gabi\AppData\Roaming\Fifth\Fifth.exe [2014-03-04] () <==== ATTENTION
Task: {9E1DD50F-FC41-4E4F-9BFD-1EAD4F270FF7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3834002493-4226875369-3535069347-1000
Task: {A05925C6-2CDE-40BF-A026-1BFCE77C1527} - System32\Tasks\{C048A249-E48A-4BC2-B15F-0656BF27CD91} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-10] (Mozilla Corporation)
Task: {A411E66A-04F8-4DC8-A593-7BEEE4FC8332} - System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {A7AFD7CB-818A-4F4A-B457-2E056AA4F30C} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {A7E6E67A-5808-49DF-9000-0677CD3FD176} - System32\Tasks\{082DAF34-EDA8-4AA9-A383-820499D2C4BE} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {A94B14D7-E7B5-43CA-B0F4-1ECD9D8A6C51} - System32\Tasks\{263E2A6B-FA6C-49FB-9759-B42DDE9A1DE6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.104.259/de/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {AE0ECA0A-9100-4606-B346-9533B0740B85} - System32\Tasks\OMESupervisor => C:\Users\Gabi\AppData\Local\omesuperv.exe [2014-03-04] () <==== ATTENTION
Task: {AEE815BD-928E-4B21-BF78-46CF8A65685C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B0DC6A06-C9EB-439A-9E53-A44B57FE51B8} - System32\Tasks\{A34CF5D2-DAC1-432A-81AF-6425F048C6FA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {B8987F0B-334B-44D1-A148-B40D5D8609CE} - System32\Tasks\{97F0DC32-C1D9-4A2B-9146-8537D344C587} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {BA763B54-1804-4A7F-A217-A4B373ECDE60} - System32\Tasks\{A20E6AF9-41D6-405A-9C39-FF7DAC239F01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {BB3AFC41-279A-44CB-96B2-D6311FF68DE2} - System32\Tasks\{5CADFEFE-2B94-4C93-87C6-636B34D6999E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {BF4D038D-7799-4F95-B5EB-83FCCD4B1AC6} - System32\Tasks\{8A366ACA-B741-43B8-A420-7E8198D17C16} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {C47F34BA-36CE-414F-8177-CA148D440196} - System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe
Task: {CFEA226E-049F-42F2-ABCA-D61A7452E32C} - System32\Tasks\{4F3981A5-7150-42B7-92C3-DAF194629515} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {D2169E60-748D-4B7A-8DC5-CEDB3C66EB10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)
Task: {D4272719-3868-4884-A970-831A6CA33768} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7182F84-461D-45E4-8FDC-129C38C5E621} - System32\Tasks\{105A440F-9E8E-42C5-A748-DD8EADA8806B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {DE954CDE-798E-4E69-B460-3A2F3127FF10} - System32\Tasks\{5DB777F1-762D-4651-BCA7-35B55C2265C6} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {DEA23593-53A0-467E-AA02-6B5B42C82F1A} - System32\Tasks\{25E094D2-9767-42EC-90A0-892447BFE019} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {DF628A14-5E6C-4E41-9B9A-0B0B788C22C9} - System32\Tasks\{FBAC92AE-D39B-4816-94CF-D8F2C22C0BAD} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {E3ADE583-B6C3-4C4C-9E8C-0E748AECCC6D} - System32\Tasks\{A96C6382-D8C3-40AE-9E0A-FC4DB6A55BB5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E49BEDBC-E14E-4857-B001-BBD40F81C7A9} - System32\Tasks\{BCBCB7CF-C380-4F68-8B5F-1C6B713DC81D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E50AB573-B841-4E33-8140-A8D5FE95E0BA} - System32\Tasks\{317A7A4E-2D2E-4FE7-A2B8-E7CE255820D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E7E2BD4B-CAB0-4C67-8422-AA82F3B97B47} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-04] (Trusted Software ApS) <==== ATTENTION
Task: {EAE9BD8C-2D63-4F21-81DB-49ABF3E93CEB} - System32\Tasks\{61C6D3EB-D82F-423D-A8AA-A1E23C7910F6} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {EB265778-8AED-4C65-80E4-CF63880F14DB} - System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {ECFA4AA8-AB31-4D9D-AC60-5AF7A44ECE1D} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2013-11-19] (Ashampoo Development GmbH & Co. KG)
Task: {F03BCAE4-B30D-40B2-A6FE-609D972EC20C} - System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {F7BF52E4-2A39-4AA7-8CC7-BC29A8EF610D} - System32\Tasks\{2F5112BB-3685-49A2-BAB6-1BAB4B641E39} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-11-05 20:51 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-18 14:40 - 2013-02-18 14:40 - 00114176 _____ () C:\Windows\system32\ipstrmgr.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00023896 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00103256 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2011-03-16 12:11 - 2006-10-10 06:03 - 00208896 _____ () C:\oracle10g\BIN\TNSLSNR.exe
2014-08-08 21:47 - 2014-08-08 21:47 - 00435696 _____ () C:\Program Files (x86)\Search\WebSearch.exe
2014-01-26 15:19 - 2013-11-19 10:11 - 00885096 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00312664 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 06249816 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00389464 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () C:\Program Files\Ocster Backup\bin\ox.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () C:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () C:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00147288 _____ () C:\Program Files\Ocster Backup\bin\featback.dll
2011-01-06 15:27 - 2011-01-06 15:27 - 03666944 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2010-05-23 19:24 - 2010-05-23 19:24 - 01282048 _____ () C:\Program Files\Rainlendar2\LIBEAY32.dll
2010-05-23 19:24 - 2010-05-23 19:24 - 00243712 _____ () C:\Program Files\Rainlendar2\SSLEAY32.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll
2011-01-06 15:27 - 2011-01-06 15:27 - 00306688 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-10-04 20:27 - 2014-10-04 20:27 - 03541448 ____N () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-03-16 12:09 - 2006-10-10 07:47 - 00061440 _____ () C:\oracle10g\BIN\onsclient.dll
2011-03-16 12:11 - 2011-03-16 12:14 - 04743168 _____ () c:\oracle10g\bin\orajox10.dll
2014-03-04 20:50 - 2014-09-25 20:38 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Ashampoo Core Tuner 2 => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe -TRAY
MSCONFIG\startupreg: Ashampoo WinOptimizer Live-Tuner => "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe" -TRAY
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: NPSStartup => 
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PCSuiteTrayApplication => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3834002493-4226875369-3535069347-500 - Administrator - Disabled)
Gabi (S-1-5-21-3834002493-4226875369-3535069347-1000 - Administrator - Enabled) => C:\Users\Gabi
Gast (S-1-5-21-3834002493-4226875369-3535069347-501 - Limited - Enabled)
_ocster_backup_ (S-1-5-21-3834002493-4226875369-3535069347-1011 - Administrator - Enabled) => C:\Users\_ocster_backup_

==================== Faulty Device Manager Devices =============

Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 24.6.0.5274 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1430

Startzeit: 01cfdf2d845b6af3

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID:


System errors:
=============
Error: (10/07/2014 04:28:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/07/2014 03:48:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
ttnfd

Error: (10/06/2014 11:59:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
ttnfd

Error: (10/06/2014 11:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/06/2014 11:56:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.

Error: (10/06/2014 11:56:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OracleORACLE_Home10gTNSListener" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/06/2014 11:56:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OracleORACLE_Home10gTNSListener erreicht.

Error: (10/06/2014 11:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/06/2014 11:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/06/2014 11:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Gabi\Documents\SoftonicDownloader_fuer_internet-explorer-9.exe

Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe24.6.0.5274143001cfdf2d845b6af30C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


CodeIntegrity Errors:
===================================
  Date: 2014-09-16 20:34:24.086
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 20:34:24.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 20:34:23.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 20:34:23.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 19:36:27.946
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 19:36:27.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.936
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.936
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.920
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 51%
Total physical RAM: 4091.49 MB
Available physical RAM: 1980.7 MB
Total Pagefile: 8181.16 MB
Available Pagefile: 4372.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.76 GB) (Free:235.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (30 Sep 2014) (CDROM) (Total:4.38 GB) (Free:4.38 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B279F71)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 08.10.2014, 20:49   #5
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Teil 3 (es kommt noch Teil 4)

Addition-1.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Gabi at 2014-10-07 22:11:47
Running from C:\Users\Gabi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.115 - ACD Systems International)
ACDSee Image Decoder Update (HKLM-x32\...\{047A167B-0C6B-41F3-B5E6-E968F92468C1}) (Version: 2.0.5 - ACD Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Movie Studio Pro v.1.0.7 (HKLM-x32\...\{91B33C97-EC92-2CD7-E21F-4FEF6AA572AA}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Browser Guard (HKLM-x32\...\Browser Guard) (Version:  - )
BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
BurnAware Free Download Packages (HKCU\...\BurnAware Free Download Packages) (Version:  - ) <==== ATTENTION
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Document Express DjVu Plug-in (HKLM-x32\...\{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}) (Version: 6.1.27549 - Caminova, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Freemake Video Converter Free Download Packages (HKCU\...\Freemake Video Converter Free Download Packages) (Version:  - ) <==== ATTENTION
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Inpaint 5.2 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IrfanView Download Packages (HKCU\...\IrfanView Download Packages) (Version:  - ) <==== ATTENTION
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version:  - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Media Center SDK 6.0 (HKLM-x32\...\{E363B2CF-627B-492D-8881-702D0AE4F50C}) (Version: 7.0.0.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 8.15 - Ocster GmbH & Co. KG)
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Free Download Packages (HKCU\...\Skype Free Download Packages) (Version:  - ) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.00.004 - PIXELA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.25 - NCH Software)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software)
Windows Internet Explorer 10 (x32 Version: 10.0 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-10-2014 15:56:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02BAD771-29AE-4F87-86E2-66724A4AE0AD} - System32\Tasks\{EFE0F532-2A73-4D21-8AED-C0836875B018} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {053A5F36-8158-460E-92F5-5269606A2376} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {05792E62-12F2-44BE-89D2-47E5850BF6D2} - System32\Tasks\{A60B9513-5CA7-461C-B77C-9F1E2250410E} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe
Task: {068D666E-6AA6-44B3-8018-F9E7469CC7F1} - System32\Tasks\{DFB0BA80-18E0-4EEC-86C3-EAF7F33D5BB8} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {06EB6EA9-685B-48A5-A88B-B17BA213A01C} - System32\Tasks\{2DAB612D-4CCC-4DAB-9F94-FB2B9EF0B9E3} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {0B54D784-BADC-45E9-B85A-947E461A000C} - System32\Tasks\{D5D0C80E-CFBD-4E8E-A106-1038B1435F23} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {0E601114-0C97-4CF7-8592-1FEBBD63B008} - System32\Tasks\{16930FA3-9E2F-41EF-A083-5F1D19AFE9D3} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-05-15] (Microsoft Corporation)
Task: {0EB211BD-53FC-46B3-99D3-FFAF4B6E62DF} - System32\Tasks\{80E296E5-37D4-409E-9D44-F5E897EA8744} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {106D5C8B-0887-4182-A073-558F6CC015AA} - System32\Tasks\{975DF8E9-A2F1-4163-9C55-8C0AA4FF8A3F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {1170F6B0-C61C-43A9-9453-514F9DEFC700} - System32\Tasks\{0E365111-C9A7-43CD-9015-AD0B4EDEC820} => Firefox.exe 
Task: {12177FBD-A7F7-454E-91C2-0FD4F20678E2} - System32\Tasks\{FE3E02D9-54EB-4A9C-A76D-D0F3CE15C9CC} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {18A906B9-5326-4355-875E-83445512BAA2} - System32\Tasks\{748362AD-96C7-493C-8A0B-0EB4C75B3241} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {1A299CF4-EE5C-4645-8873-65819DBCBA09} - System32\Tasks\{8EB85395-6DF1-42D1-BCC9-6A2C39D0A06D} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {1C99D807-C487-4F14-9A8D-1B92041FB628} - System32\Tasks\{C6B60480-C4B3-4B93-BF85-919436F9DCF1} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {22A1E30A-D0A8-4E63-BAB6-6658ECB5570F} - System32\Tasks\{AEE9FDE0-A111-4974-999F-B408490B8D8C} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {2413C613-3EEA-42A9-A9EE-4050623C5F7E} - System32\Tasks\{D7BE9AF5-D625-4F96-8078-C3E51416D6DD} => C:\Program Files (x86)\Wetterbox\Wetterbox.exe [2010-02-05] (t-online.de                         )
Task: {256667D3-6382-4C66-BC05-FE38C9A93824} - System32\Tasks\{B7573703-CF10-4CAD-9D0F-458B6E29B54A} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
Task: {284BB469-B242-4F40-AF2E-543E705B46D3} - System32\Tasks\{644C7C4C-8210-40F1-BEE8-A8BB25545919} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {2856A28F-8AE5-481E-A0C2-069AA946DBF8} - System32\Tasks\{21DBD499-C613-48BA-A0F0-186C4F747769} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {33876F9F-A8EB-491D-8DBC-F14DD846CFE1} - System32\Tasks\{28DBB7A7-6CD0-4781-B081-10048E698970} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {35A4AD38-C6FE-4CB1-956C-492E4FD00101} - System32\Tasks\{54516D7D-DE58-4952-BDB5-73924135CD01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {3CC6A791-14B7-4970-B342-9A3D349C78EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {3EF4827F-2181-45DB-99AF-C07C2DD54E7A} - System32\Tasks\{AB114C1D-7266-4AF7-A30E-11B26BE1615F} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {4F4374BC-3B7E-4A54-A1AA-8FD6ECA70275} - System32\Tasks\{105CE8C3-2ADC-430B-9358-49BB8319D8D3} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {53ACADDE-C9AF-4C03-86E9-CF2585090F4E} - System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {558ECEFA-C5F8-4FC0-9B26-0615C0130AAC} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {5598CCE9-982E-4477-A692-83B791D7C25D} - System32\Tasks\{BF9D57C8-4EB3-4197-B121-7DF9281C6E83} => C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
Task: {5FF0F40F-9D9C-4DDC-BF28-00EC30AF6836} - System32\Tasks\{F9E1DD75-D3E2-4306-A4E9-77AD1E3E440F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {661A0E7E-68C6-495E-A657-0315DE890E51} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc)
Task: {670F6793-B7C9-46E0-88CC-001E8D22E252} - System32\Tasks\Ashampoo UnInstaller 5 => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {6BAB4395-D4C6-477B-9F19-2F6F6A337259} - System32\Tasks\{9E7A4809-517D-41C6-A7FA-F9E5DF7A8CDF} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe
Task: {6DDAE403-6E11-4128-8F90-A2832FEA1DAB} - System32\Tasks\{338410F2-A2FB-4A54-BE0A-4F0DA5D119FE} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {74A7EC1B-857B-4488-82AF-03DED0AB0BE0} - System32\Tasks\{9E010073-9998-45F1-A581-5125A55A7A68} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {796B0B0F-B897-4953-B1B2-7E9EEBE90FE4} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {7B336E60-CD95-4216-9BCE-1C335774A8E7} - System32\Tasks\{BF75E81F-4726-488E-9F11-553D186A9250} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {7DF9475A-4849-4086-B12E-83014A46C879} - System32\Tasks\{CDB43B5A-D121-4DF5-A8DC-EF60D4BBE90A} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe
Task: {7EEA12D3-BBBA-4E8F-A91B-469BB8627671} - System32\Tasks\{465C18D9-E052-47EA-8392-BA413D7901C4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {847A94C0-07D3-41E5-A581-33085976608B} - System32\Tasks\{43DAF3C9-689E-4D7D-85B9-95CFDB2B56C2} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {85652B33-BBBA-4797-803B-01BD530137DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {894AD76D-CC3B-46B3-924E-F0276E7B039D} - System32\Tasks\{D754773D-5842-4673-856C-06A2F649C881} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {8A4BF58B-94B6-48DA-BC69-967673A37364} - System32\Tasks\{2A6D5D12-AC3F-4F56-9629-72EA3F526508} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe
Task: {8F33458C-9E20-4AEF-A183-9F68E06DA86A} - System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe
Task: {8F8DB379-D692-4E24-9CEF-F2819BE786E2} - System32\Tasks\{3EB5B1CC-807D-4893-992D-30D23BD96179} => C:\Program Files\Netzmanager\netzmanager.exe
Task: {90329D18-9C6D-455A-B027-4985FF013982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)
Task: {96987873-4F4F-4757-9B5C-58BAFCC841BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {971D492A-A3A0-4618-87C9-017E8472A04D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {9B79E0AD-BB8B-483E-93F3-0D0CEF74C9DF} - System32\Tasks\Fifth => C:\Users\Gabi\AppData\Roaming\Fifth\Fifth.exe [2014-03-04] () <==== ATTENTION
Task: {9E1DD50F-FC41-4E4F-9BFD-1EAD4F270FF7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3834002493-4226875369-3535069347-1000
Task: {A05925C6-2CDE-40BF-A026-1BFCE77C1527} - System32\Tasks\{C048A249-E48A-4BC2-B15F-0656BF27CD91} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-10] (Mozilla Corporation)
Task: {A411E66A-04F8-4DC8-A593-7BEEE4FC8332} - System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {A7AFD7CB-818A-4F4A-B457-2E056AA4F30C} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {A7E6E67A-5808-49DF-9000-0677CD3FD176} - System32\Tasks\{082DAF34-EDA8-4AA9-A383-820499D2C4BE} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {A94B14D7-E7B5-43CA-B0F4-1ECD9D8A6C51} - System32\Tasks\{263E2A6B-FA6C-49FB-9759-B42DDE9A1DE6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.104.259/de/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {AE0ECA0A-9100-4606-B346-9533B0740B85} - System32\Tasks\OMESupervisor => C:\Users\Gabi\AppData\Local\omesuperv.exe [2014-03-04] () <==== ATTENTION
Task: {AEE815BD-928E-4B21-BF78-46CF8A65685C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B0DC6A06-C9EB-439A-9E53-A44B57FE51B8} - System32\Tasks\{A34CF5D2-DAC1-432A-81AF-6425F048C6FA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {B8987F0B-334B-44D1-A148-B40D5D8609CE} - System32\Tasks\{97F0DC32-C1D9-4A2B-9146-8537D344C587} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {BA763B54-1804-4A7F-A217-A4B373ECDE60} - System32\Tasks\{A20E6AF9-41D6-405A-9C39-FF7DAC239F01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {BB3AFC41-279A-44CB-96B2-D6311FF68DE2} - System32\Tasks\{5CADFEFE-2B94-4C93-87C6-636B34D6999E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {BF4D038D-7799-4F95-B5EB-83FCCD4B1AC6} - System32\Tasks\{8A366ACA-B741-43B8-A420-7E8198D17C16} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {C47F34BA-36CE-414F-8177-CA148D440196} - System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe
Task: {CFEA226E-049F-42F2-ABCA-D61A7452E32C} - System32\Tasks\{4F3981A5-7150-42B7-92C3-DAF194629515} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {D2169E60-748D-4B7A-8DC5-CEDB3C66EB10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)
Task: {D4272719-3868-4884-A970-831A6CA33768} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7182F84-461D-45E4-8FDC-129C38C5E621} - System32\Tasks\{105A440F-9E8E-42C5-A748-DD8EADA8806B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {DE954CDE-798E-4E69-B460-3A2F3127FF10} - System32\Tasks\{5DB777F1-762D-4651-BCA7-35B55C2265C6} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {DEA23593-53A0-467E-AA02-6B5B42C82F1A} - System32\Tasks\{25E094D2-9767-42EC-90A0-892447BFE019} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {DF628A14-5E6C-4E41-9B9A-0B0B788C22C9} - System32\Tasks\{FBAC92AE-D39B-4816-94CF-D8F2C22C0BAD} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {E3ADE583-B6C3-4C4C-9E8C-0E748AECCC6D} - System32\Tasks\{A96C6382-D8C3-40AE-9E0A-FC4DB6A55BB5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E49BEDBC-E14E-4857-B001-BBD40F81C7A9} - System32\Tasks\{BCBCB7CF-C380-4F68-8B5F-1C6B713DC81D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E50AB573-B841-4E33-8140-A8D5FE95E0BA} - System32\Tasks\{317A7A4E-2D2E-4FE7-A2B8-E7CE255820D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E7E2BD4B-CAB0-4C67-8422-AA82F3B97B47} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-04] (Trusted Software ApS) <==== ATTENTION
Task: {EAE9BD8C-2D63-4F21-81DB-49ABF3E93CEB} - System32\Tasks\{61C6D3EB-D82F-423D-A8AA-A1E23C7910F6} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {EB265778-8AED-4C65-80E4-CF63880F14DB} - System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {ECFA4AA8-AB31-4D9D-AC60-5AF7A44ECE1D} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2013-11-19] (Ashampoo Development GmbH & Co. KG)
Task: {F03BCAE4-B30D-40B2-A6FE-609D972EC20C} - System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {F7BF52E4-2A39-4AA7-8CC7-BC29A8EF610D} - System32\Tasks\{2F5112BB-3685-49A2-BAB6-1BAB4B641E39} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-11-05 20:51 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-18 14:40 - 2013-02-18 14:40 - 00114176 _____ () C:\Windows\system32\ipstrmgr.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00023896 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00103256 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00312664 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 06249816 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00389464 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () C:\Program Files\Ocster Backup\bin\ox.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () C:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () C:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00147288 _____ () C:\Program Files\Ocster Backup\bin\featback.dll
2011-01-06 15:27 - 2011-01-06 15:27 - 03666944 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2010-05-23 19:24 - 2010-05-23 19:24 - 01282048 _____ () C:\Program Files\Rainlendar2\LIBEAY32.dll
2010-05-23 19:24 - 2010-05-23 19:24 - 00243712 _____ () C:\Program Files\Rainlendar2\SSLEAY32.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll
2011-01-06 15:27 - 2011-01-06 15:27 - 00306688 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-01-26 15:19 - 2013-11-19 10:11 - 00885096 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-03-16 12:11 - 2011-03-16 12:14 - 04743168 _____ () c:\oracle10g\bin\orajox10.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 70e6ca8c => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Ashampoo Core Tuner 2 => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe -TRAY
MSCONFIG\startupreg: Ashampoo WinOptimizer Live-Tuner => "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe" -TRAY
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: NPSStartup => 
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PCSuiteTrayApplication => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3834002493-4226875369-3535069347-500 - Administrator - Disabled)
Gabi (S-1-5-21-3834002493-4226875369-3535069347-1000 - Administrator - Enabled) => C:\Users\Gabi
Gast (S-1-5-21-3834002493-4226875369-3535069347-501 - Limited - Enabled)
_ocster_backup_ (S-1-5-21-3834002493-4226875369-3535069347-1011 - Administrator - Enabled) => C:\Users\_ocster_backup_

==================== Faulty Device Manager Devices =============

Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 24.6.0.5274 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1430

Startzeit: 01cfdf2d845b6af3

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID:


System errors:
=============
Error: (10/07/2014 10:00:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
ttnfd

Error: (10/07/2014 09:58:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/07/2014 09:58:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.

Error: (10/07/2014 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OracleORACLE_Home10gTNSListener" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/07/2014 09:57:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OracleORACLE_Home10gTNSListener erreicht.

Error: (10/07/2014 09:36:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
ttnfd

Error: (10/07/2014 09:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/07/2014 09:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.

Error: (10/07/2014 04:28:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/07/2014 03:48:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
ttnfd


Microsoft Office Sessions:
=========================
Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Gabi\Documents\SoftonicDownloader_fuer_internet-explorer-9.exe

Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::

Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe24.6.0.5274143001cfdf2d845b6af30C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


CodeIntegrity Errors:
===================================
  Date: 2014-09-16 20:34:24.086
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 20:34:24.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 20:34:23.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 20:34:23.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 19:36:27.946
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 19:36:27.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.936
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.936
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.920
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 12:44:13.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 49%
Total physical RAM: 4091.49 MB
Available physical RAM: 2083.32 MB
Total Pagefile: 8181.16 MB
Available Pagefile: 4794.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.76 GB) (Free:235.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (30 Sep 2014) (CDROM) (Total:4.38 GB) (Free:4.38 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B279F71)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Teil 4

Gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-07 21:11:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 STM3500418AS rev.CC38 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtyaaod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                          fffff800037b0000 45 bytes [00, 02, 04, 00, 00, 00, B6, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                          fffff800037b002f 16 bytes [00, 00, 00, 54, 0F, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey         00000000775ffaa8 5 bytes JMP 0000000172b618dd
.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  0000000077600038 5 bytes JMP 0000000172b61ed6
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                 0000000072db13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                 0000000072db146b 8 bytes {JMP 0xffffffffffffffb0}
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                              0000000072db16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                0000000072db16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                           0000000072db19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                           0000000072db19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                     0000000072db1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                       0000000072db1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                     0000000072db1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                          0000000072db1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                  00000000774011f5 8 bytes {JMP 0xd}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                0000000077401390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                       000000007740143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                       000000007740158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                               000000007740191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                               0000000077401b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                              0000000077401bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                 0000000077401d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                 0000000077401eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                     0000000077401edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                    0000000077401f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                   0000000077401fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                           0000000077401fd7 8 bytes {JMP 0xb}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                       0000000077402272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                       0000000077402301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                            0000000077402792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                   00000000774027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                 00000000774027d2 8 bytes {JMP 0x10}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                  000000007740282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                 0000000077402890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...                                                                                                                                         * 2
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                         0000000077402d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                         0000000077402d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...                                                                                                                                         * 3
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                 0000000077403023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                     000000007740323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                     00000000774033c0 16 bytes {JMP 0x4e}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                    0000000077403a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                    0000000077403ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                        0000000077403b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                        0000000077403d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                 0000000077404190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                           0000000077451380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                         0000000077451500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                               0000000077451530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                             0000000077451650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                 0000000077451700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                 0000000077451d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                               0000000077451f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                               00000000774527e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                             0000000072db13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                             0000000072db146b 8 bytes {JMP 0xffffffffffffffb0}
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                          0000000072db16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                            0000000072db16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                       0000000072db19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                       0000000072db19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                 0000000072db1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                   0000000072db1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                 0000000072db1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                      0000000072db1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT       C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                             [fffff88002146fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- User IAT/EAT - GMER 2.1 ----

IAT       C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose]                                  [6b03500] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT       C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile]                             [6b03960] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT       C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile]                    [6b032f0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT       C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDuplicateObject]                        [6b033d0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll

---- EOF - GMER 2.1 ----
         
File Gmer-1.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-08 18:21:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 STM3500418AS rev.CC38 465,76GB
Running: Gmer-19357(2).exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtyaaod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                          fffff800037b2000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                          fffff800037b202f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey         0000000077e6faa8 5 bytes JMP 00000001732718dd
.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  0000000077e70038 5 bytes JMP 0000000173271ed6
.text     C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                         * 2
.text     C:\Windows\SysWOW64\svchost.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000075be1465 2 bytes [BE, 75]
.text     C:\Windows\SysWOW64\svchost.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000075be1465 2 bytes [BE, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000075be14bb 2 bytes [BE, 75]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                      0000000077c711f5 8 bytes {JMP 0xd}
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                    0000000077c71390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                           0000000077c7143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                           0000000077c7158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                   0000000077c7191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                   0000000077c71b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                  0000000077c71bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                     0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                     0000000077c71eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                         0000000077c71edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                        0000000077c71f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                       0000000077c71fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                               0000000077c71fd7 8 bytes {JMP 0xb}
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                           0000000077c72272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                           0000000077c72301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                0000000077c72792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                       0000000077c727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                     0000000077c727d2 8 bytes {JMP 0x10}
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79      0000000077c7282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176     0000000077c72890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299             0000000077c72d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367             0000000077c72d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...                                                                                                                                         * 3
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                     0000000077c73023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                         0000000077c7323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                         0000000077c733c0 16 bytes {JMP 0x4e}
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                        0000000077c73a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                        0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197            0000000077c73b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611            0000000077c73d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                     0000000077c74190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                               0000000077cc1380 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                             0000000077cc1500 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                   0000000077cc1530 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                 0000000077cc1650 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                     0000000077cc1700 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                     0000000077cc1d30 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                   0000000077cc1f80 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                   0000000077cc27e0 8 bytes JMP 3f3f3f3f
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                 00000000731413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                 000000007314146b 8 bytes {JMP 0xffffffffffffffb0}
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                              00000000731416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                00000000731416e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                           00000000731419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                           00000000731419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                     0000000073141a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                       0000000073141a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                     0000000073141a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                          0000000073141a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                               0000000077c711f5 8 bytes {JMP 0xd}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                             0000000077c71390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                    0000000077c7143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                    0000000077c7158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                            0000000077c7191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                            0000000077c71b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                           0000000077c71bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                              0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                              0000000077c71eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                  0000000077c71edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                 0000000077c71f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                0000000077c71fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                        0000000077c71fd7 8 bytes {JMP 0xb}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                    0000000077c72272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                    0000000077c72301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                         0000000077c72792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                0000000077c727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                              0000000077c727d2 8 bytes {JMP 0x10}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79               0000000077c7282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176              0000000077c72890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...                                                                                                                                         * 2
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                      0000000077c72d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                      0000000077c72d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...                                                                                                                                         * 3
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                              0000000077c73023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                  0000000077c7323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                  0000000077c733c0 16 bytes {JMP 0x4e}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                 0000000077c73a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                     0000000077c73b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                     0000000077c73d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                              0000000077c74190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                        0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                      0000000077cc1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                            0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                              0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                            0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                          00000000731413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                          000000007314146b 8 bytes {JMP 0xffffffffffffffb0}
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                       00000000731416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                         00000000731416e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                    00000000731419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                    00000000731419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                              0000000073141a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                0000000073141a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                              0000000073141a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                   0000000073141a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- EOF - GMER 2.1 ----
         


Alt 09.10.2014, 19:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BurnAware Free Download Packages (HKCU\...\BurnAware Free Download Packages) (Version: - ) <==== ATTENTION

    File Type Assistant

    Free File Viewer 2014

    Freemake Video Converter Free Download Packages (HKCU\...\Freemake Video Converter Free Download Packages) (Version: - ) <==== ATTENTION

    IrfanView Download Packages

    Skype Free Download Packages


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Optimizer Pro v3.2 incl. Crash Monitor enfernen

Alt 09.10.2014, 22:04   #7
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo Schrauber,
anbei die Combofix.txt. Habe alles so gemacht, wie du geschrieben hast.
mfg Thomas_5Combofix Logfile:
Code:
ATTFilter
ComboFix 14-10-04.01 - Gabi 09.10.2014  22:33:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.1754 [GMT 2:00]
ausgeführt von:: c:\users\Gabi\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
c:\users\Gabi\AppData\Local\omesuperv.exe
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk
c:\users\Gabi\AppData\Roaming\SaveSense
c:\users\Gabi\AppData\Roaming\SaveSense\UpdateProc\config.dat
c:\users\Gabi\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT
c:\users\Gabi\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-09 bis 2014-10-09  ))))))))))))))))))))))))))))))
.
.
2014-10-09 20:44 . 2014-10-09 20:50	--------	d-----w-	c:\users\Gabi\AppData\Local\temp
2014-10-08 19:16 . 2014-09-09 02:05	11578928	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3631A51-EC28-4AB8-9FE6-1C7211324054}\mpengine.dll
2014-10-07 18:56 . 2014-10-07 20:12	--------	d-----w-	C:\FRST
2014-10-07 15:28 . 2014-10-07 16:01	--------	d-----w-	c:\program files (x86)\ReQuick
2014-10-06 08:44 . 2014-10-06 08:44	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-10-04 19:08 . 2014-10-04 19:08	--------	d-----w-	c:\users\Gabi\AppData\Roaming\Astromenda
2014-10-04 18:26 . 2014-10-06 08:58	--------	d-----w-	c:\users\Gabi\AppData\Roaming\WSE_Astromenda
2014-10-03 17:37 . 2014-10-09 20:25	--------	d-----w-	c:\users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N
2014-10-03 17:36 . 2014-10-04 17:52	--------	d-----w-	c:\program files (x86)\PC Speed Maximizer
2014-09-30 18:39 . 2014-09-25 02:08	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-23 18:42 . 2014-09-09 22:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-19 19:28 . 2014-09-17 02:12	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-09-19 19:28 . 2014-09-04 19:14	38048	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-09-13 21:47 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-13 21:27 . 2014-09-13 21:27	3231696	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-13 12:27 . 2014-08-01 11:53	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-13 12:27 . 2014-06-24 03:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-13 12:27 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-09-13 12:26 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-13 12:26 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-13 12:25 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-09-13 12:25 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-09-13 12:25 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-09-13 12:25 . 2014-09-05 02:10	578048	----a-w-	c:\windows\system32\aepdu.dll
2014-09-13 12:25 . 2014-09-05 02:05	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-09-12 09:43 . 2014-09-12 09:43	227728	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-09 14:22 . 2013-02-02 14:00	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-10-09 14:22 . 2013-02-02 14:00	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-10-09 14:22 . 2013-02-09 10:38	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-10-04 07:19 . 2013-01-31 20:28	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-09-26 09:05 . 2013-01-31 20:28	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-09-26 09:04 . 2013-01-31 20:28	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-09-25 01:40 . 2014-09-30 18:39	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-24 18:59 . 2012-04-02 17:52	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 18:59 . 2011-09-11 18:39	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-17 02:13 . 2014-09-19 19:28	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-09-17 02:13 . 2014-01-30 18:31	2193560	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-09-17 02:12 . 2014-01-30 18:31	2799784	----a-w-	c:\windows\system32\nvspcap64.dll
2014-09-15 07:06 . 2010-01-16 09:19	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-09-13 21:48 . 2010-01-18 13:23	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-09-09 21:47 . 2014-09-23 18:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 19:14 . 2014-09-19 19:28	32416	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-09-04 19:14 . 2014-01-30 18:26	34976	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-08-18 21:57 . 2014-09-13 22:01	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:46 . 2014-09-13 22:01	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-08-18 21:44 . 2014-09-13 22:01	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:07 . 2014-09-13 22:01	1068032	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46 . 2014-09-13 22:01	1812992	----a-w-	c:\windows\SysWow64\wininet.dll
2014-08-01 11:35 . 2014-09-13 12:27	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-07-31 19:59 . 2014-07-31 19:59	352256	----a-w-	c:\windows\SysWow64\update1.dll
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-15 18:50	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-15 18:50	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 3666944]
"Intermediate"="c:\users\Gabi\AppData\Roaming\Intermediate\Intermediate.exe" [2013-12-09 37376]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys;c:\windows\SYSNATIVE\drivers\ttnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GrabsterSeries.C64;GRABSTER SERIES, Service C64;c:\windows\system32\DRIVERS\GrabsterSeries.C64.SYS;c:\windows\SYSNATIVE\DRIVERS\GrabsterSeries.C64.SYS [x]
R3 HWHandSet;HWUSBSERSP;c:\windows\system32\DRIVERS\hw_quusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\hw_quusbmdm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 OracleDBConsoleSatdb10g;OracleDBConsoleSatdb10g;c:\oracle10g\bin\nmesrvc.exe;c:\oracle10g\bin\nmesrvc.exe [x]
R4 OracleJobSchedulerSATDB10G;OracleJobSchedulerSATDB10G;c:\oracle10g\Bin\extjob.exe SATDB10G;c:\oracle10g\Bin\extjob.exe SATDB10G [x]
R4 OracleORACLE_Home10giSQL*Plus;OracleORACLE_Home10giSQL*Plus;c:\oracle10g\bin\isqlplussvc.exe;c:\oracle10g\bin\isqlplussvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 credwizd;Miniporttreiber Lightweight Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\ipstrmgr.exe;c:\windows\SYSNATIVE\ipstrmgr.exe [x]
S2 DailytoolsUpdateService;DailytoolsUpdateService;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe;c:\program files\Ocster Backup\bin\backupService-ox.exe [x]
S2 OracleORACLE_Home10gTNSListener;OracleORACLE_Home10gTNSListener;c:\oracle10g\BIN\TNSLSNR ;c:\oracle10g\BIN\TNSLSNR  [x]
S2 OracleServiceSATDB10G;OracleServiceSATDB10G;c:\oracle10g\bin\ORACLE.EXE SATDB10G;c:\oracle10g\bin\ORACLE.EXE SATDB10G [x]
S2 Search;Search;c:\program files (x86)\Search\WebSearch.exe;c:\program files (x86)\Search\WebSearch.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
DailytoolsInstallerService	REG_MULTI_SZ   	DailytoolsInstallerService
DailytoolsUpdateService	REG_MULTI_SZ   	DailytoolsUpdateService
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:59]
.
2014-10-08 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2014-02-08 14:02]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 22:24]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 22:24]
.
2014-09-26 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2014-01-26 08:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"Ocster Backup"="c:\program files\Ocster Backup\bin\backupClient-ox.exe" [2014-02-04 312664]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://astromenda.com/?f=1&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir=
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8897;https=127.0.0.1:8897
uInternet Settings,ProxyOverride = <-loopback>;Download free software for Windows, Mac & Linux on Joosoft!
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: NameServer = 217.0.43.81 217.0.43.65
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
WebBrowser-{04A8DD1A-4754-48FE-A703-99846646EF04} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\OracleORACLE_Home10gTNSListener]
"ImagePath"="c:\oracle10g\BIN\TNSLSNR "
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ace\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ace"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arj\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arj"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b64\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.b64"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bz2"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cab"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbr\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cbr"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbz\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cbz"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.16.4"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lha\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lha"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lzh\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lzh"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mim\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mim"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mme\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mme"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nrw"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rw2"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rwl"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sef\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sef"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.taz\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.taz"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tbz"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tgz"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uue\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.uue"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\FreeFileViewer.exe"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.z\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.z"
.
[HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
@Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000)
@Denied: (2) (LocalSystem)
"Progid"="CompressedFolder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\oracle10g\BIN\TNSLSNR.exe
c:\oracle10g\bin\ORACLE.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-09  22:58:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-10-09 20:58
.
Vor Suchlauf: 23 Verzeichnis(se), 262.720.892.928 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 274.769.489.920 Bytes frei
.
- - End Of File - - 12F7CF03D86A54B0190C32D6FAB056C3
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Alt 10.10.2014, 19:04   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.10.2014, 17:18   #9
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo Schrauber,
gemäß deiner Anleitung habe ich mir Malwarebytes Anti-Malware gedownloadet. Im weiteren verfahren wie beschrieben .Es hat auch alles funktioniert. Nun will ich das Suchlauf-Protoll exportieren und da kommt vom Programm der Hinweis:
"Malwarebytes Anti-MMalware funktioniert nicht mehr. Das Programm wird auf Grund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist."

Im xml-Format funkioniert der Export. Kannst du damit etwas anfangen? Wenn Ja schickte ich diesen dir .

mfg Thomas_5

Hallo Schrauber,
ich schicke dir jetzt die 4 Files. Bezüglich des xml-Formates habe ich noch einmal genauer "hin geschaut" auch damit gibt es kein Problem.

1. mbam
2014/10/11 15:28:04 +0200 mbam-log-2014-10-11 (15-27-59).xml yes 2.00.2.1012 v2014.10.11.04 v2014.10.08.01 free disabled disabled disabled Windows 7 Service Pack 1 x64 Gabi NTFS threat completed 396492 1174 1 0 44 10 2 61 274 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\Windows\System32\ipstrmgr.exeAdware.Agentdelete-on-reboot1712de924dc67a02f04665990213e818f20e HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\credwizdAdware.Agentsuccessde924dc67a02f04665990213e818f20e HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}PUP.Optional.SearchProtect.Asuccess2b4528ebc5b70b2b1a162377699907f9 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}PUP.Optional.Babylon.Asuccess462a28eb2c50ef471de436648e74c040 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess9fd10d061d5f2214ecc9333c0afa9868 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess7cf4e72c87f55fd74471f877d43060a0 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess0868a96a2f4d76c02f869fd0040003fd HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess1c5414fffa82e254af061857e222cb35 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccessf080e92aa6d639fd2c89442bf70d926e HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccesscda325ee017b1c1a13a22d4249bb20e0 HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess94dcca495527eb4b2a8a8ae52ed6a35d HKLM\SOFTWARE\WOW6432NODE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccessc7a9b85b285475c147a3452a28dc5aa6 HKLM\SOFTWARE\WOW6432NODE\SaveSenseLivePUP.Optional.SaveSense.Asuccessb2be24ef304c3df9caf07af57e865ba5 HKLM\SOFTWARE\WOW6432NODE\supWPMPUP.Optional.SupTab.Asuccess472917fc8bf1bb7b41cb8e8dc93a0bf5 HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftwarePUP.Optional.SweetPage.Asuccesse28e888ba2da37ffd0a582f3a4602dd3 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess0a66878c84f893a308adc2adad5719e7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess016fed26a6d6d85ebafbd897cd370af6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess1759de357ffde353f5c02649f1139d63 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess224e6da64b3150e6952027481be9d62a HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccess016fe1323d3f53e3f0c5b9b6bc48f808 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccess313fb95ad3a99b9b9a1b0b648e76e917 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess561a0b08502c02344371551aa06447b9 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefpPUP.Optional.SpeedTest.Asuccess97d92de6e5976ec8d18ab695a65de719 HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3PUP.Optional.SaveSense.Asuccess135df3201a625bdba513d897ba4af60a HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9PUP.Optional.SaveSense.Asuccess97d9749fa3d91a1cd2e699d6f41018e8 HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECTPUP.Optional.SearchProtect.Asuccessee8232e1215b6ccaef83cf58cc37b54b HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFDPUP.Optional.TermTutor.Asuccessd39d9e759fdd4fe74c3582966c971ee2 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.0PUP.Optional.PlusHD.Asuccess234d18fb116b9e98f22bf44ae81be41c HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_ProtectPUP.Optional.SearchProtect.Asuccessda9645ce7efeb680c501176813f154ac HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccess79f728eb5f1d54e27279244bcf35b54b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSensePUP.Optional.SaveSense.Asuccess610ff61d49332b0b13a391dea65e659b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLivePUP.Optional.SaveSense.Asuccess2749cb48daa2eb4be3d49ed15ba9966a HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccessb5bb6aa9017ba492634d01492cd716ea HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess551ba370710bec4ae41864fcef1550b0 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Asuccessc8a8799a0676c67034bab287798aa35d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser GuardPUP.Optional.BrowserGuard.Asuccessf37dba59205c999d57ffd0352dd6c53b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess214f977c80fc80b66ac78e0a2dd544bc HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess

2. AdwCleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.311 - Bericht erstellt am 11/10/2014 um 17:46:21
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gabi - GABI-DIETER
# Gestartet von : C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c
Dienst Gelöscht : DailytoolsUpdateService
[#] Dienst Gelöscht : Search

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WinMaximizer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\Search
Ordner Gelöscht : C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}
Ordner Gelöscht : C:\Users\Gabi\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\Gabi\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Fifth
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Gabi\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Gabi\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Datei Gelöscht : C:\Windows\SysWOW64\update1.dll
Datei Gelöscht : C:\Users\Gabi\daemonprocess.txt
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\invalidprefs.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\user.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\user.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\user.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Fifth
Task Gelöscht : OMESupervisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [Update-Service-Installer-Service]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WinMaximizer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\WinMaximizer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Joosoft.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.buenosearch.admin", false);
Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "10");
Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE");
Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "24F2CA3B407F9F1E6246F7303079CE00");
Zeile gelöscht : user_pref("extensions.buenosearch.id", "da13e098000000000000000000000000");
Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16139");
Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.712:04:41");
Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb");
Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:04:41");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0101");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1251611358");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");

-\\ Google Chrome v

[ Datei : C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [68123 octets] - [05/02/2014 17:01:59]
AdwCleaner[R1].txt - [1327 octets] - [05/02/2014 17:24:20]
AdwCleaner[R2].txt - [1387 octets] - [05/02/2014 17:39:24]
AdwCleaner[R3].txt - [17677 octets] - [25/05/2014 10:47:08]
AdwCleaner[R4].txt - [20687 octets] - [17/06/2014 12:09:33]
AdwCleaner[R5].txt - [19524 octets] - [29/06/2014 09:19:25]
AdwCleaner[R6].txt - [19585 octets] - [29/06/2014 10:01:31]
AdwCleaner[R7].txt - [12819 octets] - [11/10/2014 17:45:26]
AdwCleaner[S0].txt - [64697 octets] - [05/02/2014 17:07:32]
AdwCleaner[S1].txt - [11986 octets] - [11/10/2014 17:46:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12047 octets] ##########
         
--- --- ---
3. JRTJRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gabi on 11.10.2014 at 18:00:51,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update resultsalpha
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util resultsalpha
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0213547C-6002-469C-BA82-6863B3C1D7B8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7234E9B8-551C-4612-AF57-BA7AC109CD0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C43BBC1B-D6AA-459A-9D03-5284B44E912E}



~~~ Files

Successfully deleted: [File] "C:\Users\Gabi\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gabi\music\qtrax media library"



~~~ FireFox

Emptied folder: C:\Users\Gabi\AppData\Roaming\mozilla\firefox\profiles\ugcbk2y8.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.10.2014 at 18:04:01,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---
4 FRST vom 11.10.
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Gabi (administrator) on GABI-DIETER on 11-10-2014 18:05:53
Running from C:\Users\Gabi\Downloads
Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\oracle10g\bin\oracle.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = News - Service - Shopping bei t-online.de
URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV=
SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true
SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26]

Chrome: 
=======
CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] ()
S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed]
S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed]
R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed]
R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] ()
S2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S1 StarOpen; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 18:04 - 2014-10-11 18:04 - 00002734 _____ () C:\Users\Gabi\Desktop\JRT.txt
2014-10-11 17:58 - 2014-10-11 17:58 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 17:57 - 2014-10-11 17:57 - 01705755 _____ (Thisisu) C:\Users\Gabi\Downloads\JRT.exe
2014-10-11 17:51 - 2014-10-11 17:51 - 00012164 _____ () C:\Users\Gabi\Desktop\AdwCleaner[S1].txt
2014-10-11 17:44 - 2014-10-11 17:44 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe
2014-10-11 17:40 - 2014-10-11 17:40 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311.exe
2014-10-11 17:33 - 2014-10-11 17:33 - 00099000 _____ () C:\Users\Gabi\Desktop\mbam.xml
2014-10-11 15:56 - 2014-10-11 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-11 15:25 - 2014-10-11 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-11 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 15:24 - 2014-10-11 15:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gabi\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-09 22:59 - 2014-10-09 22:59 - 00045453 _____ () C:\Users\Gabi\Desktop\Combofix.txt
2014-10-09 22:58 - 2014-10-09 22:58 - 00045453 _____ () C:\ComboFix.txt
2014-10-09 22:31 - 2014-10-09 22:58 - 00000000 ____D () C:\ComboFix
2014-10-09 22:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-09 22:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-09 22:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-09 22:29 - 2014-10-09 22:58 - 00000000 ____D () C:\Qoobox
2014-10-09 22:29 - 2014-10-09 22:54 - 00000000 ____D () C:\Windows\erdnt
2014-10-09 22:27 - 2014-10-09 22:28 - 05582481 ____R (Swearware) C:\Users\Gabi\Downloads\ComboFix.exe
2014-10-08 18:21 - 2014-10-08 18:21 - 00023688 _____ () C:\Users\Gabi\Desktop\GMER-1.txt
2014-10-08 18:11 - 2014-10-08 18:11 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(2).exe
2014-10-08 18:09 - 2014-10-08 18:09 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(1).exe
2014-10-07 22:13 - 2014-10-07 22:13 - 00050468 _____ () C:\Users\Gabi\Desktop\FRST-2.txt
2014-10-07 22:12 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Desktop\Addition-1.txt
2014-10-07 22:08 - 2014-10-07 22:08 - 00050320 _____ () C:\Users\Gabi\Desktop\FRST-1.txt
2014-10-07 21:32 - 2014-10-11 17:50 - 00002408 _____ () C:\Windows\setupact.log
2014-10-07 21:32 - 2014-10-11 17:49 - 00107454 _____ () C:\Windows\PFRO.log
2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-07 21:18 - 2014-10-11 17:53 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt
2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe
2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt
2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt
2014-10-07 20:57 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Downloads\Addition.txt
2014-10-07 20:56 - 2014-10-11 18:05 - 00024354 _____ () C:\Users\Gabi\Downloads\FRST.txt
2014-10-07 20:56 - 2014-10-11 18:05 - 00000000 ____D () C:\FRST
2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log
2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe
2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable
2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick
2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe
2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71}
2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk
2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe
2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe
2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg
2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe
2014-10-03 19:37 - 2014-10-09 22:25 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N
2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe
2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 18:06 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 17:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-11 17:51 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2
2014-10-11 17:50 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-11 17:49 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-11 17:49 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 17:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 17:48 - 2010-01-15 19:07 - 01521137 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 17:46 - 2014-02-05 17:01 - 00000000 ____D () C:\AdwCleaner
2014-10-11 17:46 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi
2014-10-11 17:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 15:57 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981}
2014-10-09 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-09 22:49 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-10-09 22:47 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_
2014-10-09 22:45 - 2009-07-14 04:34 - 85983232 _____ () C:\Windows\system32\config\software.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2014-10-09 22:23 - 2014-01-20 22:49 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-10-08 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job
2014-10-08 16:52 - 2014-02-06 20:35 - 00000000 ____D () C:\Windows\pss
2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600
2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2}
2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E}
2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704}
2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196}
2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282}
2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A}
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk
2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup
2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing
2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat
2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk
2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk
2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter
2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe
2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype
2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Gabi\SSBCUninstall.exe
C:\Users\Gabi\SSSDUninstall.exe
C:\Users\Gabi\SS_Uninstall.exe
C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat


Some content of TEMP:
====================
C:\Users\Gabi\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-21 19:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---
mfg Thomas_5

Alt 11.10.2014, 17:25   #10
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo Schrauber,
jetzt wo die Antwort weg ist, merke ich, dass ich die Files nicht in den Code gersetzt habe. Deshalb das Ganze noch einmal. Sorry!!

Code:
ATTFilter
2014/10/11 15:28:04 +0200 mbam-log-2014-10-11 (15-27-59).xml yes  2.00.2.1012 v2014.10.11.04 v2014.10.08.01 free disabled disabled disabled  Windows 7 Service Pack 1 x64 Gabi NTFS  threat completed 396492 1174 1 0 44 10 2 61 274 0  enabled enabled enabled enabled disabled disabled enabled enabled enabled  C:\Windows\System32\ipstrmgr.exeAdware.Agentdelete-on-reboot1712de924dc67a02f04665990213e818f20e HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\credwizdAdware.Agentsuccessde924dc67a02f04665990213e818f20e HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}PUP.Optional.SearchProtect.Asuccess2b4528ebc5b70b2b1a162377699907f9 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}PUP.Optional.Babylon.Asuccess462a28eb2c50ef471de436648e74c040 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess9fd10d061d5f2214ecc9333c0afa9868 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess7cf4e72c87f55fd74471f877d43060a0 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess0868a96a2f4d76c02f869fd0040003fd HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess1c5414fffa82e254af061857e222cb35 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccessf080e92aa6d639fd2c89442bf70d926e HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccesscda325ee017b1c1a13a22d4249bb20e0 HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess94dcca495527eb4b2a8a8ae52ed6a35d HKLM\SOFTWARE\WOW6432NODE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccessc7a9b85b285475c147a3452a28dc5aa6 HKLM\SOFTWARE\WOW6432NODE\SaveSenseLivePUP.Optional.SaveSense.Asuccessb2be24ef304c3df9caf07af57e865ba5 HKLM\SOFTWARE\WOW6432NODE\supWPMPUP.Optional.SupTab.Asuccess472917fc8bf1bb7b41cb8e8dc93a0bf5 HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftwarePUP.Optional.SweetPage.Asuccesse28e888ba2da37ffd0a582f3a4602dd3 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess0a66878c84f893a308adc2adad5719e7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess016fed26a6d6d85ebafbd897cd370af6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess1759de357ffde353f5c02649f1139d63 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess224e6da64b3150e6952027481be9d62a HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccess016fe1323d3f53e3f0c5b9b6bc48f808 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccess313fb95ad3a99b9b9a1b0b648e76e917 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess561a0b08502c02344371551aa06447b9 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefpPUP.Optional.SpeedTest.Asuccess97d92de6e5976ec8d18ab695a65de719 HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3PUP.Optional.SaveSense.Asuccess135df3201a625bdba513d897ba4af60a HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9PUP.Optional.SaveSense.Asuccess97d9749fa3d91a1cd2e699d6f41018e8 HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECTPUP.Optional.SearchProtect.Asuccessee8232e1215b6ccaef83cf58cc37b54b HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFDPUP.Optional.TermTutor.Asuccessd39d9e759fdd4fe74c3582966c971ee2 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.0PUP.Optional.PlusHD.Asuccess234d18fb116b9e98f22bf44ae81be41c HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_ProtectPUP.Optional.SearchProtect.Asuccessda9645ce7efeb680c501176813f154ac HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccess79f728eb5f1d54e27279244bcf35b54b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSensePUP.Optional.SaveSense.Asuccess610ff61d49332b0b13a391dea65e659b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLivePUP.Optional.SaveSense.Asuccess2749cb48daa2eb4be3d49ed15ba9966a HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccessb5bb6aa9017ba492634d01492cd716ea HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess551ba370710bec4ae41864fcef1550b0 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Asuccessc8a8799a0676c67034bab287798aa35d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser GuardPUP.Optional.BrowserGuard.Asuccessf37dba59205c999d57ffd0352dd6c53b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess214f977c80fc80b66ac78e0a2dd544bc HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess
         
Code:
ATTFilter
# AdwCleaner v3.311 - Bericht erstellt am 11/10/2014 um 17:46:21
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gabi - GABI-DIETER
# Gestartet von : C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c
Dienst Gelöscht : DailytoolsUpdateService
[#] Dienst Gelöscht : Search

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WinMaximizer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\Search
Ordner Gelöscht : C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}
Ordner Gelöscht : C:\Users\Gabi\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\Gabi\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Fifth
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Gabi\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Gabi\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Datei Gelöscht : C:\Windows\SysWOW64\update1.dll
Datei Gelöscht : C:\Users\Gabi\daemonprocess.txt
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\invalidprefs.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\user.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\user.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\user.js
Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Fifth
Task Gelöscht : OMESupervisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [Update-Service-Installer-Service]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WinMaximizer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\WinMaximizer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Joosoft.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.buenosearch.admin", false);
Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "10");
Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE");
Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "24F2CA3B407F9F1E6246F7303079CE00");
Zeile gelöscht : user_pref("extensions.buenosearch.id", "da13e098000000000000000000000000");
Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16139");
Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.712:04:41");
Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb");
Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:04:41");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0101");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1251611358");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");

-\\ Google Chrome v

[ Datei : C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [68123 octets] - [05/02/2014 17:01:59]
AdwCleaner[R1].txt - [1327 octets] - [05/02/2014 17:24:20]
AdwCleaner[R2].txt - [1387 octets] - [05/02/2014 17:39:24]
AdwCleaner[R3].txt - [17677 octets] - [25/05/2014 10:47:08]
AdwCleaner[R4].txt - [20687 octets] - [17/06/2014 12:09:33]
AdwCleaner[R5].txt - [19524 octets] - [29/06/2014 09:19:25]
AdwCleaner[R6].txt - [19585 octets] - [29/06/2014 10:01:31]
AdwCleaner[R7].txt - [12819 octets] - [11/10/2014 17:45:26]
AdwCleaner[S0].txt - [64697 octets] - [05/02/2014 17:07:32]
AdwCleaner[S1].txt - [11986 octets] - [11/10/2014 17:46:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12047 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gabi on 11.10.2014 at 18:00:51,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update resultsalpha
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util resultsalpha
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0213547C-6002-469C-BA82-6863B3C1D7B8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7234E9B8-551C-4612-AF57-BA7AC109CD0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C43BBC1B-D6AA-459A-9D03-5284B44E912E}



~~~ Files

Successfully deleted: [File] "C:\Users\Gabi\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gabi\music\qtrax media library"



~~~ FireFox

Emptied folder: C:\Users\Gabi\AppData\Roaming\mozilla\firefox\profiles\ugcbk2y8.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.10.2014 at 18:04:01,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Gabi (administrator) on GABI-DIETER on 11-10-2014 18:05:53
Running from C:\Users\Gabi\Downloads
Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\oracle10g\bin\oracle.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/
URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV=
SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true
SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26]

Chrome: 
=======
CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] ()
S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed]
S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed]
R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed]
R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] ()
S2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S1 StarOpen; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 18:04 - 2014-10-11 18:04 - 00002734 _____ () C:\Users\Gabi\Desktop\JRT.txt
2014-10-11 17:58 - 2014-10-11 17:58 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 17:57 - 2014-10-11 17:57 - 01705755 _____ (Thisisu) C:\Users\Gabi\Downloads\JRT.exe
2014-10-11 17:51 - 2014-10-11 17:51 - 00012164 _____ () C:\Users\Gabi\Desktop\AdwCleaner[S1].txt
2014-10-11 17:44 - 2014-10-11 17:44 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe
2014-10-11 17:40 - 2014-10-11 17:40 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311.exe
2014-10-11 17:33 - 2014-10-11 17:33 - 00099000 _____ () C:\Users\Gabi\Desktop\mbam.xml
2014-10-11 15:56 - 2014-10-11 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-11 15:25 - 2014-10-11 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-11 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 15:24 - 2014-10-11 15:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gabi\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-09 22:59 - 2014-10-09 22:59 - 00045453 _____ () C:\Users\Gabi\Desktop\Combofix.txt
2014-10-09 22:58 - 2014-10-09 22:58 - 00045453 _____ () C:\ComboFix.txt
2014-10-09 22:31 - 2014-10-09 22:58 - 00000000 ____D () C:\ComboFix
2014-10-09 22:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-09 22:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-09 22:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-09 22:29 - 2014-10-09 22:58 - 00000000 ____D () C:\Qoobox
2014-10-09 22:29 - 2014-10-09 22:54 - 00000000 ____D () C:\Windows\erdnt
2014-10-09 22:27 - 2014-10-09 22:28 - 05582481 ____R (Swearware) C:\Users\Gabi\Downloads\ComboFix.exe
2014-10-08 18:21 - 2014-10-08 18:21 - 00023688 _____ () C:\Users\Gabi\Desktop\GMER-1.txt
2014-10-08 18:11 - 2014-10-08 18:11 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(2).exe
2014-10-08 18:09 - 2014-10-08 18:09 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(1).exe
2014-10-07 22:13 - 2014-10-07 22:13 - 00050468 _____ () C:\Users\Gabi\Desktop\FRST-2.txt
2014-10-07 22:12 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Desktop\Addition-1.txt
2014-10-07 22:08 - 2014-10-07 22:08 - 00050320 _____ () C:\Users\Gabi\Desktop\FRST-1.txt
2014-10-07 21:32 - 2014-10-11 17:50 - 00002408 _____ () C:\Windows\setupact.log
2014-10-07 21:32 - 2014-10-11 17:49 - 00107454 _____ () C:\Windows\PFRO.log
2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-07 21:18 - 2014-10-11 17:53 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt
2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe
2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt
2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt
2014-10-07 20:57 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Downloads\Addition.txt
2014-10-07 20:56 - 2014-10-11 18:05 - 00024354 _____ () C:\Users\Gabi\Downloads\FRST.txt
2014-10-07 20:56 - 2014-10-11 18:05 - 00000000 ____D () C:\FRST
2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log
2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe
2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable
2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick
2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe
2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71}
2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk
2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe
2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe
2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg
2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe
2014-10-03 19:37 - 2014-10-09 22:25 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N
2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe
2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 18:06 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 17:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-11 17:51 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2
2014-10-11 17:50 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-11 17:49 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-11 17:49 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 17:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 17:48 - 2010-01-15 19:07 - 01521137 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 17:46 - 2014-02-05 17:01 - 00000000 ____D () C:\AdwCleaner
2014-10-11 17:46 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi
2014-10-11 17:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 15:57 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981}
2014-10-09 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-09 22:49 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-10-09 22:47 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_
2014-10-09 22:45 - 2009-07-14 04:34 - 85983232 _____ () C:\Windows\system32\config\software.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2014-10-09 22:23 - 2014-01-20 22:49 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-10-08 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job
2014-10-08 16:52 - 2014-02-06 20:35 - 00000000 ____D () C:\Windows\pss
2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600
2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2}
2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E}
2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704}
2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196}
2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282}
2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A}
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk
2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup
2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing
2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat
2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk
2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk
2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter
2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe
2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype
2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Gabi\SSBCUninstall.exe
C:\Users\Gabi\SSSDUninstall.exe
C:\Users\Gabi\SS_Uninstall.exe
C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat


Some content of TEMP:
====================
C:\Users\Gabi\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-21 19:39

==================== End Of Log ============================
         
--- --- ---


Gruß Thomas_5

Alt 12.10.2014, 13:50   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.10.2014, 11:44   #12
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo Schrauber,
nun brauche ich deine Hilfe beim Starten des Programms "Eset Online Scanner". Das Herunterladen funkioniert. Ich setze den Haken bei "Ja, ich bin ... ", klicke auf Starten und nun kommt der Hinweis:" Update funktioniert nicht. Ist ein Proxy eingerichtet? Alle bisherigen Programme konnte ich problemlos starten und nun "meckert" dieses. Was ist zu tun?? Ich arbeite seit Jahr und Tag ohne Proxy.
Gruß Thomas_5

Hallo Schrauber,
den Download von ESET habe ich "hinbekommen". Ursache für Problem mir unbekannt. Hier die gewünschten 3 Files.
Gruß Thomas_5

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ca2c659edce862408b5bac9dd66197fd
# engine=20562
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-10-12 09:18:55
# local_time=2014-10-12 11:18:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 1532 44623157 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3143 164778585 0 0
# scanned=28079
# found=8
# cleaned=0
# scan_time=537
sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChatZum Toolbar\Chrome_softonic.zip.vir"
sh=94741394B9205CB7641E85A94FBF186CE1D6341D ft=1 fh=b19299ec75509629 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir"
sh=B2FD7C8BFF05AF139FBB175A889B19441CE3A42A ft=1 fh=c71c00119e74ec86 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\4A543930705E42B892061F39BD54555D\Installer.exe.vir"
sh=6FA2A2D98EF6B2CAA336F01CCCCF025D4F2E7CB9 ft=1 fh=16ae7ef5a70a6d29 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\A3E58D174B36487CA12E4F465AF97ACD\Setupsft_chr_p1v5.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\D3530CF196934EECAA8CD959EBBFBCB8\sp-downloader.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ca2c659edce862408b5bac9dd66197fd
# engine=20562
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-10-13 09:43:30
# local_time=2014-10-13 11:43:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 46207 44667832 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 47818 164823260 0 0
# scanned=702858
# found=228
# cleaned=0
# scan_time=44467
sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChatZum Toolbar\Chrome_softonic.zip.vir"
sh=7CE7298D509A1065506D526BBDDFE4D1340CF9D2 ft=1 fh=a1a858753285fc75 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.71.exe.vir"
sh=94741394B9205CB7641E85A94FBF186CE1D6341D ft=1 fh=b19299ec75509629 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir"
sh=B2FD7C8BFF05AF139FBB175A889B19441CE3A42A ft=1 fh=c71c00119e74ec86 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\4A543930705E42B892061F39BD54555D\Installer.exe.vir"
sh=818EB70506F0C2CE0936CE66E6E5E5286317E70A ft=1 fh=23b2c0ba60867e14 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\4A543930705E42B892061F39BD54555D\OCBrowserHelper_1.0.5.112.dll.vir"
sh=6FA2A2D98EF6B2CAA336F01CCCCF025D4F2E7CB9 ft=1 fh=16ae7ef5a70a6d29 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\A3E58D174B36487CA12E4F465AF97ACD\Setupsft_chr_p1v5.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\D3530CF196934EECAA8CD959EBBFBCB8\sp-downloader.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Documents and Settings\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf\2.1_0\g.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Documents and Settings\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao\2.1_0\g.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Documents and Settings\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj\2.1_0\g.js"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Documents\ccsetup400.exe"
sh=D0CE83917D9F3670BF8CCE801D4AFFB9B90ED2E8 ft=1 fh=3868d62c138980e6 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wpsetup\wpsetup.exe"
sh=A0A0FFAF1199DF0D6D012403936E102804C09915 ft=1 fh=e0392d3244478bd1 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\AdbeRdr1010_de_DE.exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo(1).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo(2).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo(3).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo.exe"
sh=523AC0C97F0CA0AABCEA49E382FA5875ECA22532 ft=1 fh=77b67014f90e4fbe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\AutoStitch Installer.exe"
sh=33C156DAFA1DBE4B18D63F939808E66AA739DD4E ft=1 fh=f8e9d5f1e23b398c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\AVSCoverEditor-Downloader.exe"
sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free(1).exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free(2).exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free(3).exe"
sh=EB48A11299E0F34EEDB37FC39D42AFBA99975719 ft=1 fh=2cfff8032124ba83 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup324.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup328(1).exe"
sh=99664055220D4F09E225DCCF4F182BD0B06B195F ft=1 fh=ecb8dbce1ac05612 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup328.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup409.exe"
sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup410pro.exe"
sh=0D2AEDE3737ACD0D4701BA4F0CE0BEBF80124F8E ft=1 fh=c3a7601a9745b7e9 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\Downloader_fuer_Adobe_Flash_Player_11.exe"
sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FFSetup3.3.1.0.exe"
sh=09E3EE81144BB6A313F1C30C7023FF769D58E6D5 ft=1 fh=8f036bf2e82b8625 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FinalMediaPlayerSetup [1].exe"
sh=4D0C46103536F5093C6C1899A94B334167B6E908 ft=1 fh=c71c00112c3d0546 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FinalMediaPlayerSetup.exe"
sh=13C544B7DA0456DED2BFC12B0DBD1161DA40EC8F ft=1 fh=bc0c0ed0924d8ab6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeAudioConverter.exe"
sh=28AD0E23DA209D15383FC55410949A8042DCA20E ft=1 fh=8b366d204d2ca43c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeAudioConverter5.0.32.1230.exe"
sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeFileViewerSetup [1].exe"
sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeFileViewerSetup.exe"
sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreemakeVideoConverterSetup.exe"
sh=1766C79CA8A20B82C34BA1BA5BAAEB3A698526BA ft=1 fh=e63a415f32acf189 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeStudio.exe"
sh=8B60106E155E5D494E19F4EBBE1235A3192A45BD ft=1 fh=f1be99378e868e35 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeVideoToFlashConverter.exe"
sh=07EE3E60EC1B67CAF607C8F3A7D06A25BC3B9188 ft=1 fh=1b408f34e6ce86b7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeVideoToMP3Converter5.0.32.1230.exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(1).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(2).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(3).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(4).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(5).exe"
sh=8C153BD9AA9D3EE8DAF7C4223291526762706350 ft=1 fh=b4892d09c9365a50 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(6).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload.exe"
sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeToMP3Converter.exe"
sh=F1FF4C66F2A78F9A8924ACA586194FE5ADAB95F1 ft=1 fh=eef64f293070a205 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\MozillaFirefox-Setup-Yahoo!Edition.exe"
sh=BBE22BFCCFA4F1925C27F15059218F8A4B317D79 ft=1 fh=1a5b77bbc2cc4044 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\mp3Boy_Setup-Downloader.exe"
sh=0F54393B810C70696781CFD0276C2F03458E7925 ft=1 fh=bdc70ffc8bcd907c vn="Variante von Win32/Adware.RegistryQuick Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\RegistryQuick_setup.exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\Shockwave_Installer_Slim(1).exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\Shockwave_Installer_Slim(2).exe"
sh=4867331E1509834282B9A6AEA88DA00ADE1BEAF9 ft=1 fh=fde805e1ec63c8e6 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\switchsetup.exe"
sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\WinMaximizer.exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\WinThruster_2013.exe"
sh=331A922692EDD90B9E1368260F4F25B4CB25DDA3 ft=1 fh=df93e0f9bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe"
sh=01139627DD8462E0CAEDF3531323925CAEA0CD16 ft=1 fh=1f6a5914bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE.exe"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wpsetup(1).exe"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wpsetup(2).exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wzmp_8.exe"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf\2.1_0\g.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao\2.1_0\g.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj\2.1_0\g.js"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Documents\ccsetup400.exe"
sh=D0CE83917D9F3670BF8CCE801D4AFFB9B90ED2E8 ft=1 fh=3868d62c138980e6 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wpsetup\wpsetup.exe"
sh=A0A0FFAF1199DF0D6D012403936E102804C09915 ft=1 fh=e0392d3244478bd1 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\AdbeRdr1010_de_DE.exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo(1).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo(2).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo(3).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo.exe"
sh=523AC0C97F0CA0AABCEA49E382FA5875ECA22532 ft=1 fh=77b67014f90e4fbe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\AutoStitch Installer.exe"
sh=33C156DAFA1DBE4B18D63F939808E66AA739DD4E ft=1 fh=f8e9d5f1e23b398c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\AVSCoverEditor-Downloader.exe"
sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free(1).exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free(2).exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free(3).exe"
sh=EB48A11299E0F34EEDB37FC39D42AFBA99975719 ft=1 fh=2cfff8032124ba83 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup324.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup328(1).exe"
sh=99664055220D4F09E225DCCF4F182BD0B06B195F ft=1 fh=ecb8dbce1ac05612 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup328.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup409.exe"
sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup410pro.exe"
sh=0D2AEDE3737ACD0D4701BA4F0CE0BEBF80124F8E ft=1 fh=c3a7601a9745b7e9 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\Downloader_fuer_Adobe_Flash_Player_11.exe"
sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FFSetup3.3.1.0.exe"
sh=09E3EE81144BB6A313F1C30C7023FF769D58E6D5 ft=1 fh=8f036bf2e82b8625 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FinalMediaPlayerSetup [1].exe"
sh=4D0C46103536F5093C6C1899A94B334167B6E908 ft=1 fh=c71c00112c3d0546 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FinalMediaPlayerSetup.exe"
sh=13C544B7DA0456DED2BFC12B0DBD1161DA40EC8F ft=1 fh=bc0c0ed0924d8ab6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeAudioConverter.exe"
sh=28AD0E23DA209D15383FC55410949A8042DCA20E ft=1 fh=8b366d204d2ca43c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeAudioConverter5.0.32.1230.exe"
sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeFileViewerSetup [1].exe"
sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeFileViewerSetup.exe"
sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreemakeVideoConverterSetup.exe"
sh=1766C79CA8A20B82C34BA1BA5BAAEB3A698526BA ft=1 fh=e63a415f32acf189 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeStudio.exe"
sh=8B60106E155E5D494E19F4EBBE1235A3192A45BD ft=1 fh=f1be99378e868e35 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeVideoToFlashConverter.exe"
sh=07EE3E60EC1B67CAF607C8F3A7D06A25BC3B9188 ft=1 fh=1b408f34e6ce86b7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeVideoToMP3Converter5.0.32.1230.exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(1).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(2).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(3).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(4).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(5).exe"
sh=8C153BD9AA9D3EE8DAF7C4223291526762706350 ft=1 fh=b4892d09c9365a50 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(6).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload.exe"
sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeToMP3Converter.exe"
sh=F1FF4C66F2A78F9A8924ACA586194FE5ADAB95F1 ft=1 fh=eef64f293070a205 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\MozillaFirefox-Setup-Yahoo!Edition.exe"
sh=BBE22BFCCFA4F1925C27F15059218F8A4B317D79 ft=1 fh=1a5b77bbc2cc4044 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\mp3Boy_Setup-Downloader.exe"
sh=0F54393B810C70696781CFD0276C2F03458E7925 ft=1 fh=bdc70ffc8bcd907c vn="Variante von Win32/Adware.RegistryQuick Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\RegistryQuick_setup.exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\Shockwave_Installer_Slim(1).exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\Shockwave_Installer_Slim(2).exe"
sh=4867331E1509834282B9A6AEA88DA00ADE1BEAF9 ft=1 fh=fde805e1ec63c8e6 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\switchsetup.exe"
sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\WinMaximizer.exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\WinThruster_2013.exe"
sh=331A922692EDD90B9E1368260F4F25B4CB25DDA3 ft=1 fh=df93e0f9bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe"
sh=01139627DD8462E0CAEDF3531323925CAEA0CD16 ft=1 fh=1f6a5914bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE.exe"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wpsetup(1).exe"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wpsetup(2).exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wzmp_8.exe"
sh=0B668FB944E12DF552E44B9081DCB9946DBCAEE4 ft=1 fh=66a967231e0799d1 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Advanced Driver Updater\adu.exe"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf\2.1_0\g.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao\2.1_0\g.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj\2.1_0\g.js"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Documents\ccsetup400.exe"
sh=D0CE83917D9F3670BF8CCE801D4AFFB9B90ED2E8 ft=1 fh=3868d62c138980e6 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wpsetup\wpsetup.exe"
sh=A0A0FFAF1199DF0D6D012403936E102804C09915 ft=1 fh=e0392d3244478bd1 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\AdbeRdr1010_de_DE.exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo(1).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo(2).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo(3).exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo.exe"
sh=523AC0C97F0CA0AABCEA49E382FA5875ECA22532 ft=1 fh=77b67014f90e4fbe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\AutoStitch Installer.exe"
sh=33C156DAFA1DBE4B18D63F939808E66AA739DD4E ft=1 fh=f8e9d5f1e23b398c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\AVSCoverEditor-Downloader.exe"
sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free(1).exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free(2).exe"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free(3).exe"
sh=EB48A11299E0F34EEDB37FC39D42AFBA99975719 ft=1 fh=2cfff8032124ba83 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup324.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup328(1).exe"
sh=99664055220D4F09E225DCCF4F182BD0B06B195F ft=1 fh=ecb8dbce1ac05612 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup328.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup409.exe"
sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup410pro.exe"
sh=0D2AEDE3737ACD0D4701BA4F0CE0BEBF80124F8E ft=1 fh=c3a7601a9745b7e9 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\Downloader_fuer_Adobe_Flash_Player_11.exe"
sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FFSetup3.3.1.0.exe"
sh=09E3EE81144BB6A313F1C30C7023FF769D58E6D5 ft=1 fh=8f036bf2e82b8625 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FinalMediaPlayerSetup [1].exe"
sh=4D0C46103536F5093C6C1899A94B334167B6E908 ft=1 fh=c71c00112c3d0546 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FinalMediaPlayerSetup.exe"
sh=13C544B7DA0456DED2BFC12B0DBD1161DA40EC8F ft=1 fh=bc0c0ed0924d8ab6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeAudioConverter.exe"
sh=28AD0E23DA209D15383FC55410949A8042DCA20E ft=1 fh=8b366d204d2ca43c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeAudioConverter5.0.32.1230.exe"
sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeFileViewerSetup [1].exe"
sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeFileViewerSetup.exe"
sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreemakeVideoConverterSetup.exe"
sh=1766C79CA8A20B82C34BA1BA5BAAEB3A698526BA ft=1 fh=e63a415f32acf189 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeStudio.exe"
sh=8B60106E155E5D494E19F4EBBE1235A3192A45BD ft=1 fh=f1be99378e868e35 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeVideoToFlashConverter.exe"
sh=07EE3E60EC1B67CAF607C8F3A7D06A25BC3B9188 ft=1 fh=1b408f34e6ce86b7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeVideoToMP3Converter5.0.32.1230.exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(1).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(2).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(3).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(4).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(5).exe"
sh=8C153BD9AA9D3EE8DAF7C4223291526762706350 ft=1 fh=b4892d09c9365a50 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(6).exe"
sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload.exe"
sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeToMP3Converter.exe"
sh=F1FF4C66F2A78F9A8924ACA586194FE5ADAB95F1 ft=1 fh=eef64f293070a205 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\MozillaFirefox-Setup-Yahoo!Edition.exe"
sh=BBE22BFCCFA4F1925C27F15059218F8A4B317D79 ft=1 fh=1a5b77bbc2cc4044 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\mp3Boy_Setup-Downloader.exe"
sh=0F54393B810C70696781CFD0276C2F03458E7925 ft=1 fh=bdc70ffc8bcd907c vn="Variante von Win32/Adware.RegistryQuick Anwendung" ac=I fn="C:\Users\Gabi\Downloads\RegistryQuick_setup.exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\Shockwave_Installer_Slim(1).exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\Shockwave_Installer_Slim(2).exe"
sh=4867331E1509834282B9A6AEA88DA00ADE1BEAF9 ft=1 fh=fde805e1ec63c8e6 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\switchsetup.exe"
sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\WinMaximizer.exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\WinThruster_2013.exe"
sh=331A922692EDD90B9E1368260F4F25B4CB25DDA3 ft=1 fh=df93e0f9bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe"
sh=01139627DD8462E0CAEDF3531323925CAEA0CD16 ft=1 fh=1f6a5914bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE.exe"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wpsetup(1).exe"
sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wpsetup(2).exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wzmp_8.exe"
sh=129C160A9EFDC0DFA369F49A43B062CCAF0F2162 ft=1 fh=c0a8075e318a7835 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=02382D0B4814A1E9F1F1C56896DFC4864677B1F8 ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{26CBEE4A-5677-43D3-8396-967C3586A67E}\cbfcceanddjkajopbmadknohiibmckebhrx"
sh=E8E4A46C02AE392DDA05CDCB368EDA5E3901557A ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 10.zip"
sh=4B4312F113A8D2C5F3451ECABEEDC019FCAA987F ft=0 fh=0000000000000000 vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 14.zip"
sh=8434F230B42DA117A468D4B9CED2621B099C7EF1 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 15.zip"
sh=7DA1380BB695DD41C9C1200FFA4D200A1F0E0A28 ft=0 fh=0000000000000000 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 16.zip"
sh=8B8FDA785BD185FC2BFC5C3595B5F79F2CD0E58A ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 1.zip"
sh=A8578ADCAA795EA8C274B667976468918FF75BFC ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 10.zip"
sh=ADEE02BECFF5457EEDA256ECDC57C8C830471D21 ft=0 fh=0000000000000000 vn="Variante von Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 11.zip"
sh=4E725EC2EF80C2E5137E3F27E068EF321A3FF551 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 128.zip"
sh=2A18B1A295A97B12FAAE245AF62B33EB0781B144 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 15.zip"
sh=C2C9733A1A62E5ED9FFC43B9BFF74EF5B8933B04 ft=0 fh=0000000000000000 vn="MSIL/Solimba evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 16.zip"
sh=7F40D1BE460F4CD9947BA30C6C435313EF0BE3B3 ft=0 fh=0000000000000000 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 19.zip"
sh=FE24856E741E26F835EC7400C23D6011F8DBEA1F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 20.zip"
sh=43F5C9687CFCE09F6701C397B3BA57842369951C ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 21.zip"
sh=F44BA06939F819FE9E0D1C67131523C0ADEA2C86 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 22.zip"
sh=A0D3BF697DB3939D3D1D03ACFEF95D8189660336 ft=0 fh=0000000000000000 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 23.zip"
sh=5F55016AE1CDE9334FA7518C3F4A28C9F47F452B ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 24.zip"
sh=F67A7C497C50E6A993FEFC1EE75EEF06A60FEAEB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 25.zip"
sh=9623652A01E51EF39BF52ED6E3346FD884070367 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 26.zip"
sh=E16F92540D10B89256FD83D9500195C7A80073F9 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 28.zip"
sh=57A9CD094B47F3775CB450F93258A7AF8CF7EF9F ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 30.zip"
sh=71AA1AA9C6D1401DA87C2F82828349B93E6DABEC ft=0 fh=0000000000000000 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 31.zip"
sh=246490FD9813A65B9D7381CD815378CF7942DF34 ft=0 fh=0000000000000000 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 34.zip"
sh=7FBD54C8FD252944B35C0DD3BFF0DBD1F739F9BF ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 5.zip"
sh=D2BDDF00A4EEA7EA11394AF690C3A7D30359CA4D ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 6.zip"
sh=4B649464C71575FE53F2F1D33999E72CA1231B55 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 86.zip"
sh=9CD72C778DAC6487A422B2DD73E74B72175879ED ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 1.zip"
sh=C87DB8C7B7A3394DEF404414A12F9F82FE8B3154 ft=0 fh=0000000000000000 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 12.zip"
sh=60B59526F9ED83F54D59F84F6C3922E9CE8686BE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 18.zip"
sh=C3B531821AE6B08A31D12F1009E6222A078FE15C ft=0 fh=0000000000000000 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 20.zip"
sh=0106C8E3000B58AA966129A4BC5FFEBDCCE191BA ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 5.zip"
sh=73A4C1AF826D9217DCAB34B91AB2FF48A4E25FB2 ft=0 fh=0000000000000000 vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 9.zip"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Gabi (administrator) on GABI-DIETER on 13-10-2014 12:36:04
Running from C:\Users\Gabi\Downloads
Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\oracle10g\bin\TNSLSNR.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\oracle10g\bin\oracle.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] ()
HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/
URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV=
SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true
SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "autoconfig_url", "hxxp://filepony.de/"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8897
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26]

Chrome: 
=======
CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14]
CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] ()
S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed]
S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed]
R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed]
R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] ()
R2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S1 StarOpen; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 12:35 - 2014-10-13 12:35 - 00000000 ____D () C:\Users\Gabi\Downloads\FRST-OlderVersion
2014-10-13 12:25 - 2014-10-13 12:25 - 00000957 _____ () C:\Users\Gabi\Desktop\checkup.txt
2014-10-13 12:20 - 2014-10-13 12:20 - 00854417 _____ () C:\Users\Gabi\Downloads\SecurityCheck.exe
2014-10-12 22:47 - 2014-10-12 22:47 - 00001568 _____ () C:\Users\Gabi\Desktop\iexplore.exe.lnk
2014-10-12 22:41 - 2014-10-12 22:41 - 02347384 _____ (ESET) C:\Users\Gabi\Downloads\esetsmartinstaller_deu.exe
2014-10-12 21:07 - 2014-10-12 21:07 - 00001194 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-12 21:07 - 2014-10-12 21:07 - 00001194 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2014-10-12 20:43 - 2014-10-12 20:44 - 00001383 _____ () C:\Windows\IE10_main.log
2014-10-11 18:07 - 2014-10-11 18:07 - 00048043 _____ () C:\Users\Gabi\Desktop\FRST-11-10.txt
2014-10-11 18:04 - 2014-10-11 18:04 - 00002734 _____ () C:\Users\Gabi\Desktop\JRT.txt
2014-10-11 17:58 - 2014-10-11 17:58 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 17:57 - 2014-10-11 17:57 - 01705755 _____ (Thisisu) C:\Users\Gabi\Downloads\JRT.exe
2014-10-11 17:51 - 2014-10-11 17:51 - 00012164 _____ () C:\Users\Gabi\Desktop\AdwCleaner[S1].txt
2014-10-11 17:44 - 2014-10-11 17:44 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe
2014-10-11 17:40 - 2014-10-11 17:40 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311.exe
2014-10-11 17:33 - 2014-10-11 17:33 - 00099000 _____ () C:\Users\Gabi\Desktop\mbam.xml
2014-10-11 15:56 - 2014-10-11 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-11 15:25 - 2014-10-11 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-11 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 15:24 - 2014-10-11 15:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gabi\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-09 22:59 - 2014-10-09 22:59 - 00045453 _____ () C:\Users\Gabi\Desktop\Combofix.txt
2014-10-09 22:58 - 2014-10-09 22:58 - 00045453 _____ () C:\ComboFix.txt
2014-10-09 22:31 - 2014-10-09 22:58 - 00000000 ____D () C:\ComboFix
2014-10-09 22:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-09 22:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-09 22:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-09 22:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-09 22:29 - 2014-10-09 22:58 - 00000000 ____D () C:\Qoobox
2014-10-09 22:29 - 2014-10-09 22:54 - 00000000 ____D () C:\Windows\erdnt
2014-10-09 22:27 - 2014-10-09 22:28 - 05582481 ____R (Swearware) C:\Users\Gabi\Downloads\ComboFix.exe
2014-10-08 18:21 - 2014-10-08 18:21 - 00023688 _____ () C:\Users\Gabi\Desktop\GMER-1.txt
2014-10-08 18:11 - 2014-10-08 18:11 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(2).exe
2014-10-08 18:09 - 2014-10-08 18:09 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(1).exe
2014-10-07 22:13 - 2014-10-07 22:13 - 00050468 _____ () C:\Users\Gabi\Desktop\FRST-2.txt
2014-10-07 22:12 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Desktop\Addition-1.txt
2014-10-07 22:08 - 2014-10-07 22:08 - 00050320 _____ () C:\Users\Gabi\Desktop\FRST-1.txt
2014-10-07 21:32 - 2014-10-12 23:05 - 00004379 _____ () C:\Windows\setupact.log
2014-10-07 21:32 - 2014-10-12 22:52 - 00109262 _____ () C:\Windows\PFRO.log
2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-07 21:18 - 2014-10-11 17:53 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt
2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe
2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt
2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt
2014-10-07 20:57 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Downloads\Addition.txt
2014-10-07 20:56 - 2014-10-13 12:36 - 00025037 _____ () C:\Users\Gabi\Downloads\FRST.txt
2014-10-07 20:56 - 2014-10-13 12:36 - 00000000 ____D () C:\FRST
2014-10-07 20:54 - 2014-10-13 12:35 - 02110464 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log
2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe
2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable
2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick
2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe
2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71}
2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk
2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe
2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe
2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg
2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe
2014-10-03 19:37 - 2014-10-09 22:25 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N
2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe
2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 12:26 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-13 12:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 11:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 10:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-13 10:03 - 2010-01-15 19:07 - 01612614 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 06:55 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 06:55 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 23:08 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat
2014-10-12 23:08 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2014-10-12 23:08 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 22:54 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2
2014-10-12 22:53 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 22:53 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-12 22:52 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-12 22:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 22:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 20:47 - 2014-03-04 14:56 - 00001428 _____ () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-12 20:28 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-12 18:50 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981}
2014-10-11 17:46 - 2014-03-10 13:04 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Common
2014-10-11 17:46 - 2014-02-05 17:01 - 00000000 ____D () C:\AdwCleaner
2014-10-11 17:46 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi
2014-10-09 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-09 22:49 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-10-09 22:47 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_
2014-10-09 22:45 - 2009-07-14 04:34 - 85983232 _____ () C:\Windows\system32\config\software.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-10-09 22:45 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2014-10-09 22:23 - 2014-01-20 22:49 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-10-08 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job
2014-10-08 16:52 - 2014-02-06 20:35 - 00000000 ____D () C:\Windows\pss
2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600
2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2}
2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E}
2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704}
2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196}
2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282}
2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A}
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk
2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk
2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup
2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing
2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk
2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk
2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter
2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe
2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype
2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Gabi\SSBCUninstall.exe
C:\Users\Gabi\SSSDUninstall.exe
C:\Users\Gabi\SS_Uninstall.exe
C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat


Some content of TEMP:
====================
C:\Users\Gabi\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-21 19:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 14.10.2014, 08:06   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Java updaten. Alle Backups auf Laufwerk I löschen. Download Ordner leeren. Noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.10.2014, 19:32   #14
Thomas_5
 
Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



Hallo Schrauber,
vielen, vielen Dank für die zielstregige Unterstützung. Selten habe ich in einem Forum dergleichen erlebt. Ich werde jetzt entsprechend deines Hinweises die Backups im LW I löschen und den Downloadordner leeren. Kann ich davon ausgehen, dass damit das von mir gesetzte Thema abgeschlossen ist? Nochmals herzlichen Dank.
Grüße Thomas_5

Hallo Schrauber,
nun habe ich doch noch eine Frage. Ich habe den Downloadordner komplett gelöscht bis auf vier unten genannten Dateien. Hier kommt der Hinweis:"Das Element wurde nicht gefunden. Es befindet sich nicht mehr in C:\Benutzer\ ... \Downloads. Überprüfen Sie den Ort des Elements und wiederholen Sie den Vorgang." Ich finde diese Dateien nicht mehr auf dem PC. Was kann/muss ich tun um diese Einträge zu löschen??

2011-11-10-1201790136_04-RG.PDF
2011-10-11-1191347648_04-RG.PDF
2011-09-12-1180996156_04-RG(1).PDF
2011-09-12-1180996156_04-RG.PDF

Gruß Thomas_5

Alt 16.10.2014, 16:08   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro v3.2 incl. Crash Monitor  enfernen - Standard

Optimizer Pro v3.2 incl. Crash Monitor enfernen



UNd wo genau siehst du die Dateien dann?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Optimizer Pro v3.2 incl. Crash Monitor enfernen
fehlercode 0x0, fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode 24, js/gfilter.a, msil/downloadguide.d, osx/chatzum.a, system neu, win32/browsefox.c, win32/bundled.toolbar.ask.g, win32/bundled.toolbar.google.c, win32/bundled.toolbar.google.d, win32/downloader.joosoft.a, win32/downloadsponsor.a, win32/opencandy.a, win32/pricegong.a, win32/systweak.h, win32/toolbar.conduit.h, win32/toolbar.conduit.p, win32/toolbar.conduit.r, win32/toolbar.conduit.s, win32/toolbar.conduit.x, win32/toolbar.linkury.e, win32/toolbar.montiera.i, win64/systweak.a, win64/toolbar.conduit.b



Ähnliche Themen: Optimizer Pro v3.2 incl. Crash Monitor enfernen


  1. Optimizer Pro v3.2 incl. Crash Monitor entfernen.
    Lob, Kritik und Wünsche - 02.11.2014 (0)
  2. V9.com enfernen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2014 (13)
  3. Registry Monitor Fenster Labtec Webcam 1200-monitor.exe Virus?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (7)
  4. wie kann ich Lollipop enfernen?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (2)
  5. DuckDuckGo läßt sich nicht enfernen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (22)
  6. Bundeskriminalamt Virus eingefangen... Wie enfernen?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (1)
  7. BKA Virus incl. OTL Logfile
    Log-Analyse und Auswertung - 15.06.2011 (9)
  8. Malware My Disk ,Memory Optimizer,HDD Optimizer auf welchem Weg ins System?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (12)
  9. Diverse Schädlinge incl. wauclt.exe
    Plagegeister aller Art und deren Bekämpfung - 21.12.2008 (1)
  10. Virus enfernen aber wie?
    Mülltonne - 20.11.2008 (1)
  11. Trojaner TR/BHO.Gen enfernen?
    Mülltonne - 03.11.2008 (0)
  12. Trojaner lässt sich nicht enfernen
    Mülltonne - 05.09.2008 (2)
  13. notebook extrem langsam (HJT log incl.)
    Log-Analyse und Auswertung - 21.09.2007 (6)
  14. Rechner extrem langsam incl. Internet
    Log-Analyse und Auswertung - 01.02.2007 (2)
  15. Trojan.Killfiles enfernen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (4)
  16. Enfernen der Backdoor.Rbot.Gen und ActivityLoggern
    Plagegeister aller Art und deren Bekämpfung - 15.09.2006 (3)
  17. Trojaner? lässt sich nicht enfernen !!
    Log-Analyse und Auswertung - 13.09.2005 (5)

Zum Thema Optimizer Pro v3.2 incl. Crash Monitor enfernen - Hallo, womit ich mir dieses Preogram "eingefangen" habe ist mir unbekannt. Eine plötzliche Häufung von Werbungen auf dem PC liesen mich stutzig werden und dabei stieß ich auf dieses unerwünschte - Optimizer Pro v3.2 incl. Crash Monitor enfernen...
Archiv
Du betrachtest: Optimizer Pro v3.2 incl. Crash Monitor enfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.