Nationzoom lässt sich nicht entfernen...

hatschi80 · 10.12.2013, 16:36

Hallo ihr Retter in der Not,

sitze hier am PC einer Freundin und bekomme NationZoom nicht entfernt. Zwar habe ich schon einige Threads diesbezüglich gefunden, allerdings wisst ihr die jeweilige Reihenfolge der Schritte/Progs ja am besten. Also langer Rede kurzer Sinn: HILFE!

(Win7 Home Premium, 64bit... braucht ihr sonst noch Infos?)

Schon mal danke im Voraus... zum Glück konntet ihr bislang noch jedes meiner (eigenen) Probleme lösen

Edit:
Ich war so frei, doch schon mal FRST runter zu laden und durchlaufen zu lassen... Hier die beiden (hoffentlich hilfreichen) Logs...

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by Riammi (administrator) on RIAMMI-PC on 10-12-2013 16:33:09
Running from C:\Users\Riammi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-21] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=120518&babsrc=HP_ss&mntrId=204c3cc0000000000000000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C8E8185F-DFD6-48BD-84D3-AB7B5FE4C556} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=204c3cc0000000000000000000000000&r=743
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def_bay2g&affID=120518
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {C8E8185F-DFD6-48BD-84D3-AB7B5FE4C556} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=204c3cc0000000000000000000000000&r=743
SearchScopes: HKCU - {DACD7062-85A9-4621-AF1A-30A0D64841CA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN40302419976533176&UM=1
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Tcpip\..\Interfaces\{F4FA57ED-579F-4544-89EA-FE07FDC9F168}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default
FF user.js: detected! => C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\user.js
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
FF DefaultSearchEngine: nationzoom
FF SelectedSearchEngine: nationzoom
FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\claro.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\dvdvideosofttb-customized-web-search.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: FoxyDeal - C:\Users\Riammi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D}
FF Extension: Delta Toolbar - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\ffxtlbr@delta.com
FF Extension: DVDVideoSoftTB  - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: Hotspot Shield  - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF Extension: addon - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\addon@defaulttab.com.xpi
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultSuggestURL: hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Picasa) - D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Google Search) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (DVDVideoSoft) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0
CHR Extension: (Google Wallet) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Riammi\AppData\Roaming\Delta\delta.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906024 2013-11-02] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-11-02] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-11-02] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-02] (AnchorFree Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 16:33 - 2013-12-10 16:33 - 00027779 _____ C:\Users\Riammi\Desktop\FRST.txt
2013-12-10 16:33 - 2013-12-10 16:33 - 00000000 ____D C:\FRST
2013-12-10 16:24 - 2013-12-10 16:25 - 01927982 _____ (Farbar) C:\Users\Riammi\Desktop\FRST64.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 01272360 _____ (iMesh Inc) C:\Users\Riammi\Downloads\iMeshSetup-r1487-w-bc.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 00000733 _____ C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2013-12-10 16:24 - 2013-12-10 16:24 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-10 15:41 - 2013-12-10 15:42 - 00002268 _____ C:\Windows\logboot_10.12.2013.tureg.log
2013-12-10 14:27 - 2013-10-30 10:45 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-12-10 14:27 - 2013-10-30 10:45 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-12-07 23:26 - 2013-12-07 23:26 - 00000000 _____ C:\Windows\SysWOW64\sho93F9.tmp
2013-12-07 19:03 - 2013-12-08 22:30 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 18:51 - 2013-12-07 18:51 - 00000000 ___HD C:\Users\Riammi\Downloads\.picasaoriginals
2013-12-02 07:04 - 2013-12-02 07:04 - 00000000 _____ C:\Windows\SysWOW64\shoC64B.tmp
2013-12-01 22:12 - 2013-12-01 22:12 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-11-25 06:04 - 2013-11-02 00:31 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-11-22 19:55 - 2013-11-25 06:05 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-11-21 18:50 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-21 18:47 - 2013-11-21 18:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-21 18:45 - 2013-11-21 18:51 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-21 07:06 - 2013-11-21 07:06 - 00000000 _____ C:\Windows\SysWOW64\sho739A.tmp
2013-11-17 21:47 - 2013-11-17 21:47 - 00000000 _____ C:\Windows\SysWOW64\shoF56B.tmp
2013-11-14 07:11 - 2013-11-14 07:11 - 00000000 _____ C:\Windows\SysWOW64\shoF2E6.tmp
2013-11-13 19:12 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:12 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:12 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 19:12 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 19:12 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:12 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 19:12 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:12 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 19:12 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:12 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:12 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:12 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 19:12 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 19:12 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 19:12 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 19:12 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 19:12 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:12 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 19:12 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 19:12 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 19:12 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:12 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 19:12 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 19:12 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 19:12 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 19:11 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 19:11 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:11 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 19:11 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 19:11 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 06:32 - 2013-11-13 06:32 - 00000000 _____ C:\Windows\SysWOW64\sho379.tmp

==================== One Month Modified Files and Folders =======

2013-12-10 16:33 - 2013-12-10 16:33 - 00027779 _____ C:\Users\Riammi\Desktop\FRST.txt
2013-12-10 16:33 - 2013-12-10 16:33 - 00000000 ____D C:\FRST
2013-12-10 16:33 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 16:33 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 16:25 - 2013-12-10 16:24 - 01927982 _____ (Farbar) C:\Users\Riammi\Desktop\FRST64.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 01272360 _____ (iMesh Inc) C:\Users\Riammi\Downloads\iMeshSetup-r1487-w-bc.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 00000733 _____ C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2013-12-10 16:24 - 2013-12-10 16:24 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-10 16:19 - 2012-03-21 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-10 16:10 - 2012-08-06 14:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 16:02 - 2012-02-21 12:59 - 02062644 _____ C:\Windows\WindowsUpdate.log
2013-12-10 15:59 - 2012-02-21 13:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 15:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-12-10 15:48 - 2011-05-16 15:04 - 00654602 _____ C:\Windows\system32\perfh007.dat
2013-12-10 15:48 - 2011-05-16 15:04 - 00130216 _____ C:\Windows\system32\perfc007.dat
2013-12-10 15:48 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 15:44 - 2012-02-21 13:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 15:43 - 2012-04-12 14:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-10 15:43 - 2012-02-21 13:05 - 00000000 ____D C:\Users\Riammi
2013-12-10 15:42 - 2013-12-10 15:41 - 00002268 _____ C:\Windows\logboot_10.12.2013.tureg.log
2013-12-10 15:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 15:42 - 2009-07-14 05:51 - 00170263 _____ C:\Windows\setupact.log
2013-12-10 15:42 - 2009-07-14 03:34 - 74711040 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-10 15:42 - 2009-07-14 03:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-10 15:42 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-10 15:40 - 2009-07-14 03:34 - 01048576 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-10 15:40 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-10 15:27 - 2012-12-10 19:01 - 00000000 ____D C:\Users\Riammi\AppData\Roaming\Spotify
2013-12-10 14:37 - 2012-09-28 15:05 - 00000000 ____D C:\Users\Riammi\AppData\Local\Downloaded Installations
2013-12-10 14:27 - 2013-10-18 19:16 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-12-09 06:27 - 2010-11-21 04:47 - 00031242 _____ C:\Windows\PFRO.log
2013-12-08 22:39 - 2012-02-21 13:29 - 00000000 ____D C:\Users\Riammi\AppData\Roaming\SoftGrid Client
2013-12-08 22:30 - 2013-12-07 19:03 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 23:26 - 2013-12-07 23:26 - 00000000 _____ C:\Windows\SysWOW64\sho93F9.tmp
2013-12-07 19:04 - 2013-05-09 13:06 - 00000000 ____D C:\Program Files (x86)\Hotspot_Shield
2013-12-07 19:04 - 2012-04-10 07:23 - 00000000 ____D C:\Users\Riammi\AppData\Local\Conduit
2013-12-07 19:04 - 2012-04-10 07:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoftTB
2013-12-07 19:03 - 2012-02-21 13:08 - 00000000 ____D C:\Users\Riammi\AppData\Local\Google
2013-12-07 19:03 - 2012-02-21 13:06 - 00001643 _____ C:\Users\Riammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 19:03 - 2012-02-21 13:03 - 00002347 _____ C:\Users\Public\Desktop\MEDIONplay.lnk
2013-12-07 19:03 - 2012-02-21 13:03 - 00002239 _____ C:\Users\Public\Desktop\MEDION Serviceportal.lnk
2013-12-07 19:03 - 2012-02-21 13:01 - 00002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 18:52 - 2013-05-06 16:58 - 00000454 ____H C:\Users\Riammi\Downloads\.picasa.ini
2013-12-07 18:51 - 2013-12-07 18:51 - 00000000 ___HD C:\Users\Riammi\Downloads\.picasaoriginals
2013-12-05 18:54 - 2012-02-21 13:01 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 18:54 - 2012-02-21 13:01 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 06:15 - 2012-12-10 19:01 - 00000000 ____D C:\Users\Riammi\AppData\Local\Spotify
2013-12-02 07:04 - 2013-12-02 07:04 - 00000000 _____ C:\Windows\SysWOW64\shoC64B.tmp
2013-12-01 22:12 - 2013-12-01 22:12 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-11-25 17:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-25 06:05 - 2013-11-22 19:55 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-11-25 06:05 - 2013-05-09 13:04 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-11-24 16:56 - 2012-09-28 15:08 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2013-11-22 06:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-21 18:51 - 2013-11-21 18:45 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-21 18:47 - 2013-11-21 18:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-21 07:06 - 2013-11-21 07:06 - 00000000 _____ C:\Windows\SysWOW64\sho739A.tmp
2013-11-17 21:47 - 2013-11-17 21:47 - 00000000 _____ C:\Windows\SysWOW64\shoF56B.tmp
2013-11-14 07:11 - 2013-11-14 07:11 - 00000000 _____ C:\Windows\SysWOW64\shoF2E6.tmp
2013-11-14 07:00 - 2012-08-06 14:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 07:00 - 2012-08-06 14:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-14 07:00 - 2011-11-30 20:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 06:59 - 2012-02-21 18:08 - 00000000 ____D C:\Users\Riammi\AppData\Local\Adobe
2013-11-13 19:08 - 2013-10-16 18:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-13 19:08 - 2012-02-21 15:29 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 06:32 - 2013-11-13 06:32 - 00000000 _____ C:\Windows\SysWOW64\sho379.tmp

Some content of TEMP:
====================
C:\Users\Riammi\AppData\Local\Temp\_TinDel.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-07 14:37

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2013
Ran by Riammi at 2013-12-10 16:33:59
Running from C:\Users\Riammi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.4)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Amazon MP3-Downloader 1.0.15 (x32 Version: 1.0.15)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Power2Go (x32 Version: 7.0.0.1327)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerRecover (x32 Version: 5.5.4125)
CyberLink WaveEditor (x32 Version: 1.0.1.2821)
D3DX10 (x32 Version: 15.4.2368.0902)
DefaultTab (x32 Version: 2.1.8.0)
Delta Chrome Toolbar (x32 Version: 1.0.0.0) <==== ATTENTION
Delta toolbar   (x32 Version: 1.8.10.0) <==== ATTENTION
Digital Photo Navigator 1.5 (x32)
DVDVideoSoftTB Toolbar (x32 Version: 6.8.5.1)
Everio MediaBrowser HD Edition (x32 Version: 1.01.026)
Fishdom 2 Deluxe (x32)
Flinky Zeugnis (x32 Version: 13.1.3.0)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Foto-Mosaik-Edda Standard V6.8.13055.1 (x32)
Free YouTube to MP3 Converter version 3.12.13.925 (x32 Version: 3.12.13.925)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
Hotspot Shield 3.19 (x32 Version: 3.19)
Hotspot Shield Toolbar (x32 Version: 6.12.0.11)
HP Photosmart B010 All-In-One Driver 14.0 Rel. 7 (Version: 14.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2509)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002)
iTunes (Version: 10.6.1.7)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 29 (64-bit) (Version: 6.0.290)
Java(TM) 6 Update 34 (x32 Version: 6.0.340)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374)
McAfee Security Scan Plus (Version: 3.8.130.10)
Medion Home Cinema (x32 Version: 8.0.3216)
Memeo Instant Backup (x32 Version: 4.60.0.7943)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0)
Mozilla Maintenance Service (x32 Version: 12.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Optimizer Pro v3.0 (x32 Version: 3.0) <==== ATTENTION
Picasa 3 (x32 Version: 3.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.12)
PS_AIO_07_B010_SW_Min (x32 Version: 140.0.224.000)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Roads Of Rome (x32)
Scan (x32 Version: 140.0.80.000)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Spotify (HKCU Version: 0.9.6.81.gd359a796)
swMSM (x32 Version: 12.0.0.1)
TeraCopy 2.27
TomTom HOME (x32 Version: 2.9.7)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Toolbox (x32 Version: 140.0.428.000)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.169)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.169)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Versandhelfer (x32 Version: 0.9.511)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

01-12-2013 18:00:52 Windows-Sicherung
07-12-2013 18:03:14 Uniblue SpeedUpMyPC installation
07-12-2013 18:16:58 Simon the Sorcerer - Wer will schon Kontakt? wird entfernt
08-12-2013 18:00:49 Windows-Sicherung
08-12-2013 21:32:34 COMPUTERBILD Vorteil-Center wird entfernt
10-12-2013 14:02:26 Windows Live Essentials
10-12-2013 14:02:50 WLSetup
10-12-2013 14:14:16 Removed Bonjour
10-12-2013 14:16:31 Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych wird entfernt
10-12-2013 14:17:08 Quitado Control ActiveX de Windows Live Mesh para conexiones remotas
10-12-2013 14:18:05 Removido Controlo ActiveX do Windows Live Mesh para Ligações Remotas
10-12-2013 14:18:55 Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave wird entfernt
10-12-2013 14:19:25 Contrôle ActiveX Windows Live Mesh pour connexions à distance wird entfernt
10-12-2013 14:22:04 Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi wird entfernt
10-12-2013 14:22:39 Windows Live Mesh ActiveX-objekt til fjernforbindelser wird entfernt
10-12-2013 14:23:52 Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz wird entfernt
10-12-2013 14:25:43 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen wird entfernt
10-12-2013 14:26:09 Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις wird entfernt
10-12-2013 14:30:48 Removed watchmi.
10-12-2013 14:32:07 Removed watchmi.

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {28F19DDF-6F25-48CB-8717-19ED5A06B524} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {3A500C47-05AC-4758-80BE-D8391F712CBF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {4483EF7B-E266-4C90-8414-554154AD1C0D} - System32\Tasks\{62F8AE2C-5220-489F-AE98-1571B883DDD0} => C:\Users\Riammi\Desktop\CradleOfRome.exe
Task: {5CBEFEAD-C59A-4551-AD0C-6143133DCDA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21] (Google Inc.)
Task: {8D04507E-105D-4A09-A5D1-45BE6413D4B4} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {9016930C-5D6D-4A4C-A31F-E90CC7B4D0C7} - System32\Tasks\{3D0CC465-27A7-417A-A19B-9593014508AD} => C:\Users\Riammi\Desktop\CradleOfRome.exe
Task: {996E163D-3B0C-4E92-8A5E-831B26D0941A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEF19D70-B13F-490C-8B54-DC71A59EB616} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-30] (TuneUp Software)
Task: {C3B3A20B-FBC0-4CE7-A1F8-4191EA170F29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21] (Google Inc.)
Task: {CED0F24B-BCE8-4A4D-BC18-1B63516346C2} - System32\Tasks\EPUpdater => C:\Users\Riammi\AppData\Roaming\BabMaint.exe [2013-02-09] ()
Task: {E4B65C6E-DD95-46A3-A466-9DDF486B0286} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-29 20:46 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-02-29 20:46 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2011-08-31 21:13 - 2011-08-31 21:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-02 00:48 - 2013-11-02 00:48 - 00903464 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2012-05-20 14:54 - 2004-09-09 16:13 - 00364544 ____N () C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2013-08-15 14:03 - 2013-08-15 14:03 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1beb84c27c2edeb38839916524b9df4d\IsdiInterop.ni.dll
2011-11-30 20:31 - 2011-05-20 19:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-07 11:02 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-07 11:02 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-07 11:02 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 11:02 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 11:02 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 03:53:09 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (12/10/2013 03:43:00 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/10/2013 03:04:20 PM) (Source: MsiInstaller) (User: Riammi-PC)
Description: Produkt: Windows Live Messenger -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2203. Argumente: C:\Windows\Installer\3811d3.ipi, -2147287035,

Error: (12/10/2013 02:02:37 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/09/2013 03:11:46 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/09/2013 06:27:32 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/08/2013 08:48:10 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/07/2013 07:07:20 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/07/2013 10:56:37 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (12/07/2013 10:46:22 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


System errors:
=============
Error: (12/10/2013 03:42:43 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (12/10/2013 03:42:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎10.‎12.‎2013 um 15:40:26 unerwartet heruntergefahren.

Error: (12/10/2013 02:27:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (12/10/2013 02:02:30 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎12.‎2013 um 22:45:34 unerwartet heruntergefahren.

Error: (12/09/2013 06:27:25 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎08.‎12.‎2013 um 22:39:55 unerwartet heruntergefahren.

Error: (12/07/2013 07:07:13 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎12.‎2013 um 19:06:10 unerwartet heruntergefahren.

Error: (12/07/2013 07:03:22 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "ImagePath" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (12/07/2013 10:46:16 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎12.‎2013 um 21:50:09 unerwartet heruntergefahren.

Error: (12/05/2013 06:23:12 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎12.‎2013 um 06:44:19 unerwartet heruntergefahren.

Error: (12/05/2013 05:50:22 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎04.‎12.‎2013 um 21:14:37 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (12/10/2013 03:53:09 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (12/10/2013 03:43:00 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/10/2013 03:04:20 PM) (Source: MsiInstaller)(User: Riammi-PC)
Description: Produkt: Windows Live Messenger -- Bei der Installation dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das Paket betreffendes Problem vor. Der Fehlercode ist 2203. Argumente: C:\Windows\Installer\3811d3.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/10/2013 02:02:37 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/09/2013 03:11:46 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/09/2013 06:27:32 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/08/2013 08:48:10 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/07/2013 07:07:20 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/07/2013 10:56:37 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (12/07/2013 10:46:22 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3975.63 MB
Available physical RAM: 1932.2 MB
Total Pagefile: 7949.44 MB
Available Pagefile: 5615.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1682.67 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:31.44 GB) NTFS
Drive g: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:40.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-253492199424) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 00C29D88)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 10.12.2013, 16:49

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

hatschi80 · 10.12.2013, 17:19

Hey, danke erst mal für die flotte Antwort!

Hier sind die aktuellen Logs (nach zwei Chrome-Crashs... #grrr)

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by Riammi (administrator) on RIAMMI-PC on 10-12-2013 17:00:21
Running from C:\Users\Riammi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-21] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=120518&babsrc=HP_ss&mntrId=204c3cc0000000000000000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C8E8185F-DFD6-48BD-84D3-AB7B5FE4C556} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=204c3cc0000000000000000000000000&r=743
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def_bay2g&affID=120518
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {C8E8185F-DFD6-48BD-84D3-AB7B5FE4C556} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=204c3cc0000000000000000000000000&r=743
SearchScopes: HKCU - {DACD7062-85A9-4621-AF1A-30A0D64841CA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN40302419976533176&UM=1
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Tcpip\..\Interfaces\{F4FA57ED-579F-4544-89EA-FE07FDC9F168}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default
FF user.js: detected! => C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\user.js
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
FF DefaultSearchEngine: nationzoom
FF SelectedSearchEngine: nationzoom
FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\claro.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\dvdvideosofttb-customized-web-search.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: FoxyDeal - C:\Users\Riammi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D}
FF Extension: Delta Toolbar - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\ffxtlbr@delta.com
FF Extension: DVDVideoSoftTB  - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: Hotspot Shield  - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF Extension: addon - C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\addon@defaulttab.com.xpi
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultSuggestURL: hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Picasa) - D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Google Search) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (DVDVideoSoft) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0
CHR Extension: (Google Wallet) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Riammi\AppData\Roaming\Delta\delta.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906024 2013-11-02] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-11-02] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-11-02] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-02] (AnchorFree Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 16:59 - 2013-12-10 17:00 - 00028604 _____ C:\Users\Riammi\Desktop\FRST.txt
2013-12-10 16:54 - 2013-12-10 16:54 - 01110034 _____ C:\Users\Riammi\Desktop\adwcleaner.exe
2013-12-10 16:52 - 2013-12-10 16:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Users\Riammi\AppData\Roaming\Malwarebytes
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-10 16:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-10 16:51 - 2013-12-10 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Riammi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-10 16:33 - 2013-12-10 16:33 - 00000000 ____D C:\FRST
2013-12-10 16:24 - 2013-12-10 16:25 - 01927982 _____ (Farbar) C:\Users\Riammi\Desktop\FRST64.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 01272360 _____ (iMesh Inc) C:\Users\Riammi\Downloads\iMeshSetup-r1487-w-bc.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 00000733 _____ C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2013-12-10 16:24 - 2013-12-10 16:24 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-10 15:41 - 2013-12-10 15:42 - 00002268 _____ C:\Windows\logboot_10.12.2013.tureg.log
2013-12-10 14:27 - 2013-10-30 10:45 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-12-10 14:27 - 2013-10-30 10:45 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-12-07 23:26 - 2013-12-07 23:26 - 00000000 _____ C:\Windows\SysWOW64\sho93F9.tmp
2013-12-07 19:03 - 2013-12-08 22:30 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 18:51 - 2013-12-07 18:51 - 00000000 ___HD C:\Users\Riammi\Downloads\.picasaoriginals
2013-12-02 07:04 - 2013-12-02 07:04 - 00000000 _____ C:\Windows\SysWOW64\shoC64B.tmp
2013-12-01 22:12 - 2013-12-01 22:12 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-11-25 06:04 - 2013-11-02 00:31 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-11-22 19:55 - 2013-11-25 06:05 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-11-21 18:50 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-21 18:47 - 2013-11-21 18:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-21 18:45 - 2013-11-21 18:51 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-21 07:06 - 2013-11-21 07:06 - 00000000 _____ C:\Windows\SysWOW64\sho739A.tmp
2013-11-17 21:47 - 2013-11-17 21:47 - 00000000 _____ C:\Windows\SysWOW64\shoF56B.tmp
2013-11-14 07:11 - 2013-11-14 07:11 - 00000000 _____ C:\Windows\SysWOW64\shoF2E6.tmp
2013-11-13 19:12 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:12 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:12 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 19:12 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 19:12 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:12 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 19:12 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:12 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 19:12 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:12 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:12 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:12 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 19:12 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 19:12 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 19:12 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 19:12 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 19:12 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:12 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 19:12 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 19:12 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 19:12 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:12 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 19:12 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 19:12 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 19:12 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 19:11 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 19:11 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:11 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 19:11 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 19:11 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 06:32 - 2013-11-13 06:32 - 00000000 _____ C:\Windows\SysWOW64\sho379.tmp

==================== One Month Modified Files and Folders =======

2013-12-10 17:00 - 2013-12-10 16:59 - 00028604 _____ C:\Users\Riammi\Desktop\FRST.txt
2013-12-10 16:59 - 2012-02-21 13:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 16:54 - 2013-12-10 16:54 - 01110034 _____ C:\Users\Riammi\Desktop\adwcleaner.exe
2013-12-10 16:52 - 2013-12-10 16:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Users\Riammi\AppData\Roaming\Malwarebytes
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-10 16:51 - 2013-12-10 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Riammi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-10 16:33 - 2013-12-10 16:33 - 00000000 ____D C:\FRST
2013-12-10 16:33 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 16:33 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 16:25 - 2013-12-10 16:24 - 01927982 _____ (Farbar) C:\Users\Riammi\Desktop\FRST64.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 01272360 _____ (iMesh Inc) C:\Users\Riammi\Downloads\iMeshSetup-r1487-w-bc.exe
2013-12-10 16:24 - 2013-12-10 16:24 - 00000733 _____ C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2013-12-10 16:24 - 2013-12-10 16:24 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-10 16:19 - 2012-03-21 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-10 16:10 - 2012-08-06 14:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 16:02 - 2012-02-21 12:59 - 02062644 _____ C:\Windows\WindowsUpdate.log
2013-12-10 15:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-12-10 15:48 - 2011-05-16 15:04 - 00654602 _____ C:\Windows\system32\perfh007.dat
2013-12-10 15:48 - 2011-05-16 15:04 - 00130216 _____ C:\Windows\system32\perfc007.dat
2013-12-10 15:48 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 15:44 - 2012-02-21 13:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 15:43 - 2012-04-12 14:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-10 15:43 - 2012-02-21 13:05 - 00000000 ____D C:\Users\Riammi
2013-12-10 15:42 - 2013-12-10 15:41 - 00002268 _____ C:\Windows\logboot_10.12.2013.tureg.log
2013-12-10 15:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 15:42 - 2009-07-14 05:51 - 00170263 _____ C:\Windows\setupact.log
2013-12-10 15:42 - 2009-07-14 03:34 - 74711040 _____ C:\Windows\system32\config\SOFTWARE_tureg_old
2013-12-10 15:42 - 2009-07-14 03:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM_tureg_old
2013-12-10 15:42 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY_tureg_old
2013-12-10 15:40 - 2009-07-14 03:34 - 01048576 _____ C:\Windows\system32\config\DEFAULT_tureg_old
2013-12-10 15:40 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM_tureg_old
2013-12-10 15:27 - 2012-12-10 19:01 - 00000000 ____D C:\Users\Riammi\AppData\Roaming\Spotify
2013-12-10 14:37 - 2012-09-28 15:05 - 00000000 ____D C:\Users\Riammi\AppData\Local\Downloaded Installations
2013-12-10 14:27 - 2013-10-18 19:16 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-12-09 06:27 - 2010-11-21 04:47 - 00031242 _____ C:\Windows\PFRO.log
2013-12-08 22:39 - 2012-02-21 13:29 - 00000000 ____D C:\Users\Riammi\AppData\Roaming\SoftGrid Client
2013-12-08 22:30 - 2013-12-07 19:03 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 23:26 - 2013-12-07 23:26 - 00000000 _____ C:\Windows\SysWOW64\sho93F9.tmp
2013-12-07 19:04 - 2013-05-09 13:06 - 00000000 ____D C:\Program Files (x86)\Hotspot_Shield
2013-12-07 19:04 - 2012-04-10 07:23 - 00000000 ____D C:\Users\Riammi\AppData\Local\Conduit
2013-12-07 19:04 - 2012-04-10 07:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoftTB
2013-12-07 19:03 - 2012-02-21 13:08 - 00000000 ____D C:\Users\Riammi\AppData\Local\Google
2013-12-07 19:03 - 2012-02-21 13:06 - 00001643 _____ C:\Users\Riammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 19:03 - 2012-02-21 13:03 - 00002347 _____ C:\Users\Public\Desktop\MEDIONplay.lnk
2013-12-07 19:03 - 2012-02-21 13:03 - 00002239 _____ C:\Users\Public\Desktop\MEDION Serviceportal.lnk
2013-12-07 19:03 - 2012-02-21 13:01 - 00002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 18:52 - 2013-05-06 16:58 - 00000454 ____H C:\Users\Riammi\Downloads\.picasa.ini
2013-12-07 18:51 - 2013-12-07 18:51 - 00000000 ___HD C:\Users\Riammi\Downloads\.picasaoriginals
2013-12-05 18:54 - 2012-02-21 13:01 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 18:54 - 2012-02-21 13:01 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 06:15 - 2012-12-10 19:01 - 00000000 ____D C:\Users\Riammi\AppData\Local\Spotify
2013-12-02 07:04 - 2013-12-02 07:04 - 00000000 _____ C:\Windows\SysWOW64\shoC64B.tmp
2013-12-01 22:12 - 2013-12-01 22:12 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-11-25 17:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-25 06:05 - 2013-11-22 19:55 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-11-25 06:05 - 2013-05-09 13:04 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-11-24 16:56 - 2012-09-28 15:08 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2013-11-22 06:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-21 18:51 - 2013-11-21 18:45 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-21 18:47 - 2013-11-21 18:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-21 18:47 - 2013-11-21 18:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-21 18:47 - 2013-11-21 18:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-21 18:47 - 2013-11-21 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-21 18:47 - 2013-11-21 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-21 18:47 - 2013-11-21 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-21 18:47 - 2013-11-21 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-21 18:47 - 2013-11-21 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-21 07:06 - 2013-11-21 07:06 - 00000000 _____ C:\Windows\SysWOW64\sho739A.tmp
2013-11-17 21:47 - 2013-11-17 21:47 - 00000000 _____ C:\Windows\SysWOW64\shoF56B.tmp
2013-11-14 07:11 - 2013-11-14 07:11 - 00000000 _____ C:\Windows\SysWOW64\shoF2E6.tmp
2013-11-14 07:00 - 2012-08-06 14:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 07:00 - 2012-08-06 14:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-14 07:00 - 2011-11-30 20:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 06:59 - 2012-02-21 18:08 - 00000000 ____D C:\Users\Riammi\AppData\Local\Adobe
2013-11-13 19:08 - 2013-10-16 18:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-13 19:08 - 2012-02-21 15:29 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 06:32 - 2013-11-13 06:32 - 00000000 _____ C:\Windows\SysWOW64\sho379.tmp

Some content of TEMP:
====================
C:\Users\Riammi\AppData\Local\Temp\_TinDel.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-07 14:37

==================== End Of Log ============================

--- --- ---

Hier kam diesmal keine zweite *.txt-Datei (Addition), soll das so?

Mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Riammi :: RIAMMI-PC [Administrator]

Schutz: Aktiviert

10.12.2013 16:53:41
MBAM-log-2013-12-10 (16-57-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213451
Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 47
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DELTA\DELTA\IESTRG (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\d (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 9
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Daten: 2.1.8.0 -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.delta-search.com/?affID=120518&babsrc=HP_ss&mntrId=204c3cc0000000000000000000000000 -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt.
HKCU\Software\Delta\delta\iestrg|tlbrsrchurl (PUP.Optional.Delta.A) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Daten: hxxp://domore.pcutilitiespro.revenuewire.net/driverpro/xsell -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Daten: 2.1.8.0 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: (C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C) Gut: (firefox.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C) Gut: (iexplore.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.NationZoom) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386439378&from=tugs&uid=ST2000DL003-9VT166_5YD5WQ4CXXXX5YD5WQ4C&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 30
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\311BC8AB689540819FA53785F616B162 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\433E838B20DF43A6BA6C29C3A1E557C2 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\7D5397503D7140FA8A53EFAC5980FF53 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\95DABB62733C4593B2B94DC153F42C9A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\F1561FA30DED42EB9F8C03DFDE06A7D5 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\OpenCandy_F1561FA30DED42EB9F8C03DFDE06A7D5 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\ct1561552 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\ct1561552\xpi (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\ct1561552\xpi\defaults (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\ct1561552\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\ct2269050 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\ct2269050\xpi (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 47
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\DM\windows-movie-maker_027\software\tugs_nationzoom.exe.exe (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Temp\fullpackage_temp1386439370\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\Downloads\FibelSdMitlautevonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Riammi\Downloads\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.
C:\Users\Riammi\Downloads\iMeshSetup-r1487-w-bc.exe (PUP.Optional.Bandoo.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Conduit\CT1561552\Hotspot_ShieldAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\German.ini (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\Delta\delta.crx (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\311BC8AB689540819FA53785F616B162\TuneUpUtilities2013_2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\433E838B20DF43A6BA6C29C3A1E557C2\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\7D5397503D7140FA8A53EFAC5980FF53\2787.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\7D5397503D7140FA8A53EFAC5980FF53\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\7D5397503D7140FA8A53EFAC5980FF53\Linkury_ALL_p1v24.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\95DABB62733C4593B2B94DC153F42C9A\Softonic_chr_p1v3.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\OpenCandy\F1561FA30DED42EB9F8C03DFDE06A7D5\TuneUpUtilities2012_de-DE_1002174.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Riammi\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.

(Ende)

hatschi80 · 10.12.2013, 17:20

ADW

Code:

ATTFilter

# AdwCleaner v3.014 - Bericht erstellt am 10/12/2013 um 17:04:38
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Riammi - RIAMMI-PC
# Gestartet von : C:\Users\Riammi\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : hshld
Dienst Gefunden : hsstrayservice
Dienst Gefunden : hsswd

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gefunden : C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gefunden : C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gefunden : C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\BabMaint.exe
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\bprotector_prefs.js
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\addon@defaulttab.com.xpi
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\invalidprefs.js
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\Babylon.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\BrowserProtect.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\claro.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\delta.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\dvdvideosofttb-customized-web-search.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\search-here.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\searchplugins\softonic.xml
Datei Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\user.js
Datei Gefunden : C:\Windows\System32\roboot64.exe
Datei Gefunden : C:\Windows\System32\Tasks\BrowserProtect
Datei Gefunden : C:\Windows\System32\Tasks\EPUpdater
Ordner Gefunden : C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
Ordner Gefunden : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Extensions\ffxtlbr@delta.com
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden C:\Program Files (x86)\Conduit
Ordner Gefunden C:\Program Files (x86)\Delta
Ordner Gefunden C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gefunden C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gefunden C:\Program Files (x86)\Hotspot Shield
Ordner Gefunden C:\Program Files (x86)\hotspot shield
Ordner Gefunden C:\Program Files (x86)\Hotspot_Shield
Ordner Gefunden C:\Program Files (x86)\Hotspot_Shield
Ordner Gefunden C:\Program Files (x86)\iMesh Applications
Ordner Gefunden C:\Program Files (x86)\optimizer pro
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\BrowserProtect
Ordner Gefunden C:\ProgramData\hotspot shield
Ordner Gefunden C:\ProgramData\Hotspot Shield
Ordner Gefunden C:\ProgramData\IBUpdaterService
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\ProgramData\Tarma Installer
Ordner Gefunden C:\Users\Riammi\AppData\Local\Conduit
Ordner Gefunden C:\Users\Riammi\AppData\Local\Temp\CT1561552
Ordner Gefunden C:\Users\Riammi\AppData\Local\Temp\CT2269050
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\Delta
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\Hotspot_Shield
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\Hotspot_Shield
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\PriceGong
Ordner Gefunden C:\Users\Riammi\AppData\LocalLow\Softonic
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\BabSolution
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Babylon
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\DefaultTab
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Delta
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Hotspot Shield
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\hotspot shield
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\ConduitCommon
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\CT1561552
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\CT2269050
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\Smartbar
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\OpenCandy
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\optimizer pro
Ordner Gefunden C:\Users\Riammi\AppData\Roaming\PerformerSoft
Ordner Gefunden C:\Windows\SysWOW64\Hotspot Shield
Ordner Gefunden C:\Windows\SysWOW64\hotspot shield

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\596da8ab76fbf41
Schlüssel Gefunden : HKCU\Software\anchorfree
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Default Tab
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\delta LTD
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\anchorfree
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\BabylonToolbar
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DataMngr
Schlüssel Gefunden : [x64] HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : [x64] HKCU\Software\Default Tab
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\delta LTD
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKLM\SOFTWARE\596da8ab76fbf41
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\d
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Default Tab
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\Software\Hotspot_Shield
Schlüssel Gefunden : HKLM\Software\Hotspot_Shield
Schlüssel Gefunden : HKLM\Software\hotspotshield
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EFD2231-5776-4466-8F48-F85FF6B3EA1A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18E18577-258F-40BA-BE1A-F187C19291BF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F30F0ABC-F50B-432C-8EE9-3152160239FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7E25A9D-7E44-45A3-B2C7-B2485CE84948}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_foto-mosaik_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_foto-mosaik_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v12.0 (de)

[ Datei : C:\Users\Riammi\AppData\Roaming\Mozilla\Firefox\Profiles\oqmr9oxf.default\prefs.js ]

Zeile gefunden : user_pref("CT1561552.1000082.isPlayDisplay", "true");
Zeile gefunden : user_pref("CT1561552.1000082.state", "{\"state\":\"stopped\",\"text\":\"Danceradio\",\"description\":\"Danceradio\",\"url\":\"hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx\"}");
Zeile gefunden : user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT1561552.FF19Solved", "true");
Zeile gefunden : user_pref("CT1561552.FirstTime", "true");
Zeile gefunden : user_pref("CT1561552.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT1561552.GK_HotspotShield_NOTIF_26_02_SENT.enc", "MQ==");
Zeile gefunden : user_pref("CT1561552.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MjcwMDg1Mw==");
Zeile gefunden : user_pref("CT1561552.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3MjcwMDg2Ng==");
Zeile gefunden : user_pref("CT1561552.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Ng==");
Zeile gefunden : user_pref("CT1561552.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3MjcwMTE0Ng==");
Zeile gefunden : user_pref("CT1561552.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Zeile gefunden : user_pref("CT1561552.SF_STATUS.enc", "RU5BQkxFRA==");
Zeile gefunden : user_pref("CT1561552.SF_USER_ID.enc", "Y2lkXzk1MjAxMzE0MTEzMTQyODA5NjA=");
Zeile gefunden : user_pref("CT1561552.UserID", "UN20115834152265535");
Zeile gefunden : user_pref("CT1561552.acp_personal.appstate.enc", "ZW5hYmxl");
Zeile gefunden : user_pref("CT1561552.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT1561552.cb_experience_000.enc", "MQ==");
Zeile gefunden : user_pref("CT1561552.cb_firstuse0100.enc", "MQ==");
Zeile gefunden : user_pref("CT1561552.cb_user_id_000.enc", "Q0I5MzM5OTkxMTQ1MzdfMTM3NDU5NDA0MzQ2M19GaXJlZm94");
Zeile gefunden : user_pref("CT1561552.cbfirsttime.enc", "U3VuIE1heSAyNiAyMDEzIDA4OjUzOjIyIEdNVCswMjAw");
Zeile gefunden : user_pref("CT1561552.countryCode", "DE");
Zeile gefunden : user_pref("CT1561552.defaultSearch", "false");
Zeile gefunden : user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gefunden : user_pref("CT1561552.enableAlerts", "true");
Zeile gefunden : user_pref("CT1561552.enableFix404ByUser", "TRUE");
Zeile gefunden : user_pref("CT1561552.enableSearchFromAddressBar", "true");
Zeile gefunden : user_pref("CT1561552.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT1561552.fixPageNotFoundError", "true");
Zeile gefunden : user_pref("CT1561552.fixPageNotFoundErrorByUser", "true");
Zeile gefunden : user_pref("CT1561552.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT1561552.fixUrls", true);
Zeile gefunden : user_pref("CT1561552.fullUserID", "UN20115834152265535.UP.20130808213729");
Zeile gefunden : user_pref("CT1561552.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Zeile gefunden : user_pref("CT1561552.installDate", "9/5/2013 14:06:19");
Zeile gefunden : user_pref("CT1561552.installId", "conduitinstaller.exe");
Zeile gefunden : user_pref("CT1561552.installSessionId", "-1");
Zeile gefunden : user_pref("CT1561552.installSp", "FALSE");
Zeile gefunden : user_pref("CT1561552.installType", "conduitnsisintegration");
Zeile gefunden : user_pref("CT1561552.installUsage", "2013-05-09T15:10:45.3084377+03:00");
Zeile gefunden : user_pref("CT1561552.installUsageEarly", "2013-05-09T15:10:43.757517+03:00");
Zeile gefunden : user_pref("CT1561552.installerVersion", "1.4.2.3");
Zeile gefunden : user_pref("CT1561552.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT1561552.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT1561552.keyword", "true");
Zeile gefunden : user_pref("CT1561552.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=15&CUI=UN20115834152265535&SSPV=&Lay=1&UM=1\"}");
Zeile gefunden : user_pref("CT1561552.lastVersion", "10.16.70.505");
Zeile gefunden : user_pref("CT1561552.mam_gk_appStateReportTime.enc", "MTM3NDU5Mzk0MjA3Mw==");
Zeile gefunden : user_pref("CT1561552.mam_gk_appState_CouponBuddy.enc", "b24=");
Zeile gefunden : user_pref("CT1561552.mam_gk_appState_DealPly.enc", "b24=");
Zeile gefunden : user_pref("CT1561552.mam_gk_appState_Easytobook.enc", "b24=");
Zeile gefunden : user_pref("CT1561552.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Zeile gefunden : user_pref("CT1561552.mam_gk_appState_WindowShopper.enc", "b24=");
Zeile gefunden : user_pref("CT1561552.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Zeile gefunden : user_pref("CT1561552.mam_gk_calledSetupService.enc", "MQ==");
Zeile gefunden : user_pref("CT1561552.mam_gk_currentBadgeValue.enc", "MA==");
Zeile gefunden : user_pref("CT1561552.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");
Zeile gefunden : user_pref("CT1561552.mam_gk_eventsCache.enc", "eyJjMDE3ODBlNi1lOGY3LTQzNjgtYTI4Yi01ZjE4OGMxOTg0NjMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Zeile gefunden : user_pref("CT1561552.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Zeile gefunden : user_pref("CT1561552.mam_gk_first_time.enc", "MQ==");
Zeile gefunden : user_pref("CT1561552.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Zeile gefunden : user_pref("CT1561552.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT1561552.mam_gk_lastLoginTime.enc", "MTM3NDU5Mzk0MDE3Nw==");
Zeile gefunden : user_pref("CT1561552.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
Zeile gefunden : user_pref("CT1561552.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT1561552.mam_gk_newApps.enc", "W10=");
Zeile gefunden : user_pref("CT1561552.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT1561552.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYxXy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Zeile gefunden : user_pref("CT1561552.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYxXy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Zeile gefunden : user_pref("CT1561552.mam_gk_settings1.8.0.999.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDlfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHB[...]
Zeile gefunden : user_pref("CT1561552.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDlfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gefunden : user_pref("CT1561552.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT1561552.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT1561552.mam_gk_userId.enc", "ZGU3MDE2MjEtM2ZjZS00ZGQ5LWE5OTUtNGJiYTNmZjlhMDc4");
Zeile gefunden : user_pref("CT1561552.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://HotspotShield.OurToolbar.[...]
Zeile gefunden : user_pref("CT1561552.openThankYouPage", "false");
Zeile gefunden : user_pref("CT1561552.openUninstallPage", "true");
Zeile gefunden : user_pref("CT1561552.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=&q=");
Zeile gefunden : user_pref("CT1561552.revertSettingsEnabled", "false");
Zeile gefunden : user_pref("CT1561552.search.searchAppId", "128491907208256770");
Zeile gefunden : user_pref("CT1561552.search.searchCount", "0");
Zeile gefunden : user_pref("CT1561552.searchInNewTabEnabledByUser", "false");
Zeile gefunden : user_pref("CT1561552.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT1561552.searchRevert", "false");
Zeile gefunden : user_pref("CT1561552.searchSuggestEnabledByUser", "true");
Zeile gefunden : user_pref("CT1561552.searchUserMode", "1");
Zeile gefunden : user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://HotspotShield.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_Configuration_lastUpdate", "1376399220211");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374594048849");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_appsMetadata_lastUpdate", "1374594048570");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374594048580");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368101449725");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368101451426");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_location_lastUpdate", "1374594048186");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_login_10.16.1.21_lastUpdate", "1368101450951");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_login_10.16.1.521_lastUpdate", "1369551287256");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374594048624");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374594048729");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_searchAPI_lastUpdate", "1374594048272");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_serviceMap_lastUpdate", "1374594048146");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374594048702");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_toolbarSettings_lastUpdate", "1374594048682");
Zeile gefunden : user_pref("CT1561552.serviceLayer_services_translation_lastUpdate", "1374594048853");
Zeile gefunden : user_pref("CT1561552.settingsINI", true);
Zeile gefunden : user_pref("CT1561552.shouldFirstTimeDialog", "false");
Zeile gefunden : user_pref("CT1561552.showToolbarPermission", "false");
Zeile gefunden : user_pref("CT1561552.smartbar.CTID", "CT1561552");
Zeile gefunden : user_pref("CT1561552.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT1561552.smartbar.toolbarName", "Hotspot Shield ");
Zeile gefunden : user_pref("CT1561552.startPage", "false");
Zeile gefunden : user_pref("CT1561552.toolbarBornServerTime", "9-5-2013");
Zeile gefunden : user_pref("CT1561552.toolbarCurrentServerTime", "23-7-2013");
Zeile gefunden : user_pref("CT1561552.toolbarLoginClientTime", "Thu May 09 2013 14:10:50 GMT+0200");
Zeile gefunden : user_pref("CT1561552.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT1561552.url_history0001.enc", "aHR0cDovL3d3dy5waXhlbGEuY28uanAvb2VtL2p2Yy9tZWRpYWJyb3dzZXIvZS9tZWRpYWJyb3dzZXJfc2UvZG93bmxvYWQuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzNzI3MDA5NjA5ODQsLCxodHRwOi8v[...]
Zeile gefunden : user_pref("CT1561552.versionFromInstaller", "10.16.1.21");
Zeile gefunden : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382120278418,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Zeile gefunden : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Zeile gefunden : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
Zeile gefunden : user_pref("CT2269050.1000234.TWC_locId", "RSXX0063");
Zeile gefunden : user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"17°C\",\"temperatureClear\":\"17°C\",\"highTemperature\":\"17°C\",\"lowTemperature\":\"10°C\",\"feelsLike\":\"17°C\",[...]
Zeile gefunden : user_pref("CT2269050.CBOpenMAMSettings.enc", "MA==");
Zeile gefunden : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.FirstTime", "true");
Zeile gefunden : user_pref("CT2269050.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT2269050.LoginRevertSettingsEnabled", true);
Zeile gefunden : user_pref("CT2269050.PG_ENABLE", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT2269050.PG_ENABLE.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT2269050.RevertSettingsEnabled", true);
Zeile gefunden : user_pref("CT2269050.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Zeile gefunden : user_pref("CT2269050.SF_STATUS.enc", "RU5BQkxFRA==");
Zeile gefunden : user_pref("CT2269050.SF_USER_ID.enc", "Y2lkXzIyNDIwMTMxNDQwNTU2NDg0NDk5");
Zeile gefunden : user_pref("CT2269050.SearchAppState.enc", "Mw==");
Zeile gefunden : user_pref("CT2269050.SearchAppTracking.enc", "c2VudA==");
Zeile gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=UM_ID&q=");
Zeile gefunden : user_pref("CT2269050.UserID", "UN76158222226477436");
Zeile gefunden : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Zeile gefunden : user_pref("CT2269050.cb_experience_000.enc", "MTM=");
Zeile gefunden : user_pref("CT2269050.cb_firstuse0100.enc", "MQ==");
Zeile gefunden : user_pref("CT2269050.cb_user_id_000.enc", "Q0I5MTM4MDM5NzI2MjVfMTM2MDg3MDE1NjA5MV9GaXJlZm94");
Zeile gefunden : user_pref("CT2269050.cbcountry_001.enc", "REU=");
Zeile gefunden : user_pref("CT2269050.cbfirsttime.enc", "V2VkIEphbiAzMCAyMDEzIDA1OjI3OjM0IEdNVCswMTAw");
Zeile gefunden : user_pref("CT2269050.countryCode", "DE");
Zeile gefunden : user_pref("CT2269050.enableAlerts", "never");
Zeile gefunden : user_pref("CT2269050.enableFix404ByUser", "TRUE");
Zeile gefunden : user_pref("CT2269050.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
Zeile gefunden : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT2269050.fixUrls", true);
Zeile gefunden : user_pref("CT2269050.fullUserID", "UN76158222226477436.UP.20130808213730");
Zeile gefunden : user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "NTcxMTFFOTQtQ0YwMS00OUIwLTlFRjYtQzU4NkYxQTUzRjAy");
Zeile gefunden : user_pref("CT2269050.installType", "Unknown");
Zeile gefunden : user_pref("CT2269050.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT2269050.isNewTabEnabled", true);
Zeile gefunden : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Zeile gefunden : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT2269050.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.keyword", true);
Zeile gefunden : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN76158222226477436&SSPV=&Lay=1&UM=\"}");
Zeile gefunden : user_pref("CT2269050.lastVersion", "10.16.70.505");
Zeile gefunden : user_pref("CT2269050.mam_gk_appStateReportTime.enc", "MTM3NDU5Mzk0MjE5MQ==");
Zeile gefunden : user_pref("CT2269050.mam_gk_appState_CouponBuddy.enc", "b24=");
Zeile gefunden : user_pref("CT2269050.mam_gk_appState_Easytobook.enc", "b24=");
Zeile gefunden : user_pref("CT2269050.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Zeile gefunden : user_pref("CT2269050.mam_gk_appState_PriceGong.enc", "b24=");
Zeile gefunden : user_pref("CT2269050.mam_gk_appState_WindowShopper.enc", "b24=");
Zeile gefunden : user_pref("CT2269050.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Zeile gefunden : user_pref("CT2269050.mam_gk_calledSetupService.enc", "MQ==");
Zeile gefunden : user_pref("CT2269050.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIxZjA2ZTU0NC00NzcyLTRiZDctOTM4Yi0xMTk2NTNkN2Q2YjkiLCJ[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Zeile gefunden : user_pref("CT2269050.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Zeile gefunden : user_pref("CT2269050.mam_gk_first_time.enc", "MQ==");
Zeile gefunden : user_pref("CT2269050.mam_gk_lastLoginTime.enc", "MTM3NDU5MzkzODgwMw==");
Zeile gefunden : user_pref("CT2269050.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT2269050.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT2269050.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gefunden : user_pref("CT2269050.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT2269050.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT2269050.mam_gk_userId.enc", "MWZiYmE4YTQtY2Y5Ni00NjM3LWI2NjktYWI3YjRiNjAxMjUx");
Zeile gefunden : user_pref("CT2269050.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVDVideoSoftTB.OurToolbar[...]
Zeile gefunden : user_pref("CT2269050.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=&q=");
Zeile gefunden : user_pref("CT2269050.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Zeile gefunden : user_pref("CT2269050.price-gong.isManagedApp", "true");
Zeile gefunden : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Zeile gefunden : user_pref("CT2269050.search.searchCount", "0");
Zeile gefunden : user_pref("CT2269050.searchFromAddressBarEnabledByUser", "true");
Zeile gefunden : user_pref("CT2269050.searchInNewTabEnabledByUser", "true");
Zeile gefunden : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2269050.searchSuggestEnabledByUser", "True");
Zeile gefunden : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1376399221888");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374594049399");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1374594049340");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374594049216");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_location_lastUpdate", "1374594049169");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360042868588");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360870257713");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_login_10.14.65.43_lastUpdate", "1366531204211");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368101382526");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_login_10.16.1.521_lastUpdate", "1369551287711");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374594049263");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374594049404");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1374594049182");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1374594048863");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_setupAPI_lastUpdate", "1366531223517");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374594049322");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1374594049349");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1374594049375");
Zeile gefunden : user_pref("CT2269050.serviceLayer_services_userApps_lastUpdate", "1366531074060");
Zeile gefunden : user_pref("CT2269050.settingsINI", true);
Zeile gefunden : user_pref("CT2269050.showToolbarPermission", "false");
Zeile gefunden : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Zeile gefunden : user_pref("CT2269050.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT2269050.smartbar.homepage", true);
Zeile gefunden : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Zeile gefunden : user_pref("CT2269050.toolbarBornServerTime", "17-1-2013");
Zeile gefunden : user_pref("CT2269050.toolbarCurrentServerTime", "23-7-2013");
Zeile gefunden : user_pref("CT2269050.toolbarLoginClientTime", "Mon Apr 22 2013 14:35:23 GMT+0200");
Zeile gefunden : user_pref("CT2269050.url_history0001.enc", "aHR0cDovL3d3dy5waXhlbGEuY28uanAvb2VtL2p2Yy9tZWRpYWJyb3dzZXIvZS9tZWRpYWJyb3dzZXJfc2UvZG93bmxvYWQuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzNzI3MDA5NjA5ODcsLCxodHRwOi8v[...]
Zeile gefunden : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382120277884,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13&CUI=UN76158222226477436");
Zeile gefunden : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
Zeile gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=UM_ID&q=");
Zeile gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=&q=");
Zeile gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=120518&babsrc=NT_ss&mntrId=204c3cc0000000000000000000000000");
Zeile gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gefunden : user_pref("extensions.Softonic.dnsErr", true);
Zeile gefunden : user_pref("extensions.Softonic.hmpg", true);
Zeile gefunden : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=204c3cc0000000000000000000000000");
Zeile gefunden : user_pref("extensions.Softonic.newTab", true);
Zeile gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=204c3cc0000000000000000000000000");
Zeile gefunden : user_pref("extensions.Softonic.rvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gefunden : user_pref("extensions.claro.admin", false);
Zeile gefunden : user_pref("extensions.claro.aflt", "babsst");
Zeile gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Zeile gefunden : user_pref("extensions.claro.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.claro.dfltLng", "en");
Zeile gefunden : user_pref("extensions.claro.excTlbr", false);
Zeile gefunden : user_pref("extensions.claro.id", "204c3cc0000000000000000000000000");
Zeile gefunden : user_pref("extensions.claro.instlDay", "15722");
Zeile gefunden : user_pref("extensions.claro.instlRef", "sst");
Zeile gefunden : user_pref("extensions.claro.prdct", "claro");
Zeile gefunden : user_pref("extensions.claro.prtnrId", "claro");
Zeile gefunden : user_pref("extensions.claro.rvrt", "false");
Zeile gefunden : user_pref("extensions.claro.tlbrId", "claro");
Zeile gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.claro.vrsn", "1.8.8.5");
Zeile gefunden : user_pref("extensions.claro.vrsni", "1.8.8.5");
Zeile gefunden : user_pref("extensions.claro_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.claro_i.newTab", false);
Zeile gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.8.519:05:20");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.bbDpng", "18");
Zeile gefunden : user_pref("extensions.delta.cntry", "DE");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "en");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.hdrMd5", "1261EBCE807AE8D7D3FB95C8091DA1D1");
Zeile gefunden : user_pref("extensions.delta.id", "204c3cc0000000000000000000000000");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15744");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.lastVrsnTs", "1.8.10.016:03:37");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.sg", "azb");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "azb");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.016:03:37");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");
Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr@delta.com:1.5.0,plugin@yontoo.com:1.20.02,addon@defaulttab.com:2.0,afurladvisor@anchorfree.com:1.0,{872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.16.70.505,{c[...]
Zeile gefunden : user_pref("smartBar.searchInNewTabOwner", "CT2269050");
Zeile gefunden : user_pref("smartbar.addressBarOwnerCTID", "CT1561552");
Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13&CUI=UN76158222226477436");
Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Zeile gefunden : user_pref("smartbar.machineId", "M/H16V3ZMGRVX3WKLZYOZLAZRAPUWMGU1MCLNLVYB0OVGLVDFJ4ME9VVRXAISE881N+UPJMIUOS4/NLDJXGKJA");
Zeile gefunden : user_pref("smartbar.originalHomepage", "hxxp://www.delta-search.com/?affID=120518&babsrc=HP_ss&mntrId=204c3cc0000000000000000000000000");
Zeile gefunden : user_pref("smartbar.originalSearchAddressUrl", "chrome://defaulttab/content/keywordURL.xul?");
Zeile gefunden : user_pref("smartbar.originalSearchEngine", "");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Riammi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [55524 octets] - [10/12/2013 17:02:53]
AdwCleaner[R1].txt - [55315 octets] - [10/12/2013 17:04:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [55376 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Riammi on 10.12.2013 at 17:05:50,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hshld 
Successfully deleted: [Service] hshld 
Successfully stopped: [Service] hsstrayservice 
Successfully deleted: [Service] hsstrayservice 
Failed to stop: [Service] hsswd 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\delta.deltadskbnd
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\delta.deltadskbnd.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-646289424-4056227850-3009967775-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\foxydeal_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\foxydeal_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_foto-mosaik_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_foto-mosaik_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_foto-mosaik_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_foto-mosaik_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8E8185F-DFD6-48BD-84D3-AB7B5FE4C556}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DACD7062-85A9-4621-AF1A-30A0D64841CA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}



~~~ Files

Successfully deleted: [File] "C:\Users\Riammi\appdata\local\google\chrome\user data\default\bprotectorpreferences"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\Windows\syswow64\sho1A8A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1AF0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1DCF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1F05.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho232C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho291.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2E12.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3275.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho379.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3B2D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3BB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3C9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3FFC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4A1B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4BC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4CAA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5A2F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5FBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6142.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6B12.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6CCB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7062.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho714.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho71D9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho739A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho73D9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7937.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho79E1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7FAB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho823A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8575.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho890E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho898.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8A8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8AA1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8D22.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho924.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho93F9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9AE8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA1AB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA1FA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA4D8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA61F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA85F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAB7D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoACF2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD21.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC4F5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC54D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC648.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC64B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC69C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCC15.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCDD.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD5A6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDD0B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDEEC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE71.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEB11.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEC03.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEDD9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEDE7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEDE8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF068.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF076.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF2E6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF56B.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Riammi\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Riammi\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Riammi\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Riammi\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Riammi\appdata\locallow\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Users\Riammi\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Riammi\appdata\locallow\softonic"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Riammi\appdata\local\{6DA111CE-357F-4603-965B-309A738511B7}
Successfully deleted: [Empty Folder] C:\Users\Riammi\appdata\local\{A61C659C-61DD-472C-948F-ADD56C6C6138}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\user.js
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\searchplugins\search-here.xml
Successfully deleted: [File] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\searchplugins\softonic.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.com"
Successfully deleted: [Folder] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\smartbar
Successfully deleted: [Folder] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\extensions\ffxtlbr@delta.com
Failed to delete: [Folder] C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\prefs.js

user_pref("CT1561552.1000082.isPlayDisplay", "true");
user_pref("CT1561552.1000082.state", "{\"state\":\"stopped\",\"text\":\"Danceradio\",\"description\":\"Danceradio\",\"url\":\"hxxp://101danceradio.com/wmx/classicrockjukebox64
user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.FF19Solved", "true");
user_pref("CT1561552.FirstTime", "true");
user_pref("CT1561552.FirstTimeFF3", "true");
user_pref("CT1561552.GK_HotspotShield_NOTIF_26_02_SENT.enc", "MQ==");
user_pref("CT1561552.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MjcwMDg1Mw==");
user_pref("CT1561552.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3MjcwMDg2Ng==");
user_pref("CT1561552.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Ng==");
user_pref("CT1561552.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3MjcwMTE0Ng==");
user_pref("CT1561552.SF_JUST_INSTALLED.enc", "RkFMU0U=");
user_pref("CT1561552.SF_STATUS.enc", "RU5BQkxFRA==");
user_pref("CT1561552.SF_USER_ID.enc", "Y2lkXzk1MjAxMzE0MTEzMTQyODA5NjA=");
user_pref("CT1561552.UserID", "UN20115834152265535");
user_pref("CT1561552.acp_personal.appstate.enc", "ZW5hYmxl");
user_pref("CT1561552.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT1561552.cb_experience_000.enc", "MQ==");
user_pref("CT1561552.cb_firstuse0100.enc", "MQ==");
user_pref("CT1561552.cb_user_id_000.enc", "Q0I5MzM5OTkxMTQ1MzdfMTM3NDU5NDA0MzQ2M19GaXJlZm94");
user_pref("CT1561552.cbfirsttime.enc", "U3VuIE1heSAyNiAyMDEzIDA4OjUzOjIyIEdNVCswMjAw");
user_pref("CT1561552.countryCode", "DE");
user_pref("CT1561552.defaultSearch", "false");
user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT1561552.enableAlerts", "true");
user_pref("CT1561552.enableFix404ByUser", "TRUE");
user_pref("CT1561552.enableSearchFromAddressBar", "true");
user_pref("CT1561552.firstTimeDialogOpened", "true");
user_pref("CT1561552.fixPageNotFoundError", "true");
user_pref("CT1561552.fixPageNotFoundErrorByUser", "true");
user_pref("CT1561552.fixPageNotFoundErrorInHidden", "true");
user_pref("CT1561552.fixUrls", true);
user_pref("CT1561552.fullUserID", "UN20115834152265535.UP.20130808213729");
user_pref("CT1561552.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
user_pref("CT1561552.installDate", "9/5/2013 14:06:19");
user_pref("CT1561552.installId", "conduitinstaller.exe");
user_pref("CT1561552.installSessionId", "-1");
user_pref("CT1561552.installSp", "FALSE");
user_pref("CT1561552.installType", "conduitnsisintegration");
user_pref("CT1561552.installUsage", "2013-05-09T15:10:45.3084377+03:00");
user_pref("CT1561552.installUsageEarly", "2013-05-09T15:10:43.757517+03:00");
user_pref("CT1561552.installerVersion", "1.4.2.3");
user_pref("CT1561552.isCheckedStartAsHidden", true);
user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.isFirstTimeToolbarLoading", "false");
user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1561552.keyword", "true");
user_pref("CT1561552.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=15&CUI=UN201158341522655
user_pref("CT1561552.lastVersion", "10.16.70.505");
user_pref("CT1561552.mam_gk_appStateReportTime.enc", "MTM3NDU5Mzk0MjA3Mw==");
user_pref("CT1561552.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT1561552.mam_gk_appState_DealPly.enc", "b24=");
user_pref("CT1561552.mam_gk_appState_Easytobook.enc", "b24=");
user_pref("CT1561552.mam_gk_appState_Easytobook_targeted.enc", "b24=");
user_pref("CT1561552.mam_gk_appState_WindowShopper.enc", "b24=");
user_pref("CT1561552.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT1561552.mam_gk_calledSetupService.enc", "MQ==");
user_pref("CT1561552.mam_gk_currentBadgeValue.enc", "MA==");
user_pref("CT1561552.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");
user_pref("CT1561552.mam_gk_eventsCache.enc", "eyJjMDE3ODBlNi1lOGY3LTQzNjgtYTI4Yi01ZjE4OGMxOTg0NjMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref("CT1561552.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
user_pref("CT1561552.mam_gk_first_time.enc", "MQ==");
user_pref("CT1561552.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
user_pref("CT1561552.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT1561552.mam_gk_lastLoginTime.enc", "MTM3NDU5Mzk0MDE3Nw==");
user_pref("CT1561552.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSB
user_pref("CT1561552.mam_gk_mamEnabled.enc", "ZmFsc2U=");
user_pref("CT1561552.mam_gk_newApps.enc", "W10=");
user_pref("CT1561552.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT1561552.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYxXy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJp
user_pref("CT1561552.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYxXy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJp
user_pref("CT1561552.mam_gk_settings1.8.0.999.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDlfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIj
user_pref("CT1561552.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDlfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref("CT1561552.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT1561552.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT1561552.mam_gk_userId.enc", "ZGU3MDE2MjEtM2ZjZS00ZGQ5LWE5OTUtNGJiYTNmZjlhMDc4");
user_pref("CT1561552.migrateAppsAndComponents", true);
user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://
user_pref("CT1561552.openThankYouPage", "false");
user_pref("CT1561552.openUninstallPage", "true");
user_pref("CT1561552.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=&q=");
user_pref("CT1561552.revertSettingsEnabled", "false");
user_pref("CT1561552.search.searchAppId", "128491907208256770");
user_pref("CT1561552.search.searchCount", "0");
user_pref("CT1561552.searchInNewTabEnabledByUser", "false");
user_pref("CT1561552.searchInNewTabEnabledInHidden", "true");
user_pref("CT1561552.searchRevert", "false");
user_pref("CT1561552.searchSuggestEnabledByUser", "true");
user_pref("CT1561552.searchUserMode", "1");
user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://HotspotShield.OurToolbar.com//xpi\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_services_Configuration_lastUpdate", "1376399220211");
user_pref("CT1561552.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374594048849");
user_pref("CT1561552.serviceLayer_services_appsMetadata_lastUpdate", "1374594048570");
user_pref("CT1561552.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374594048580");
user_pref("CT1561552.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368101449725");
user_pref("CT1561552.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368101451426");
user_pref("CT1561552.serviceLayer_services_location_lastUpdate", "1374594048186");
user_pref("CT1561552.serviceLayer_services_login_10.16.1.21_lastUpdate", "1368101450951");
user_pref("CT1561552.serviceLayer_services_login_10.16.1.521_lastUpdate", "1369551287256");
user_pref("CT1561552.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374594048624");
user_pref("CT1561552.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374594048729");
user_pref("CT1561552.serviceLayer_services_searchAPI_lastUpdate", "1374594048272");
user_pref("CT1561552.serviceLayer_services_serviceMap_lastUpdate", "1374594048146");
user_pref("CT1561552.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374594048702");
user_pref("CT1561552.serviceLayer_services_toolbarSettings_lastUpdate", "1374594048682");
user_pref("CT1561552.serviceLayer_services_translation_lastUpdate", "1374594048853");
user_pref("CT1561552.settingsINI", true);
user_pref("CT1561552.shouldFirstTimeDialog", "false");
user_pref("CT1561552.showToolbarPermission", "false");
user_pref("CT1561552.smartbar.CTID", "CT1561552");
user_pref("CT1561552.smartbar.Uninstall", "0");
user_pref("CT1561552.smartbar.toolbarName", "Hotspot Shield ");
user_pref("CT1561552.startPage", "false");
user_pref("CT1561552.toolbarBornServerTime", "9-5-2013");
user_pref("CT1561552.toolbarCurrentServerTime", "23-7-2013");
user_pref("CT1561552.toolbarLoginClientTime", "Thu May 09 2013 14:10:50 GMT+0200");
user_pref("CT1561552.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
user_pref("CT1561552.url_history0001.enc", "aHR0cDovL3d3dy5waXhlbGEuY28uanAvb2VtL2p2Yy9tZWRpYWJyb3dzZXIvZS9tZWRpYWJyb3dzZXJfc2UvZG93bmxvYWQuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzNzI
user_pref("CT1561552.versionFromInstaller", "10.16.1.21");
user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382120278418,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT2269050.1000082.isDisplayHidden", "true");
user_pref("CT2269050.1000082.isPlayDisplay", "true");
user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT2269050.1000234.TWC_locId", "RSXX0063");
user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"17°C\",\"temperatureClear\":\"17°C\",\"highTemperature\":\"17°C\",\"lowTemperature\":\"10
user_pref("CT2269050.CBOpenMAMSettings.enc", "MA==");
user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.FirstTime", "true");
user_pref("CT2269050.FirstTimeFF3", "true");
user_pref("CT2269050.LoginRevertSettingsEnabled", true);
user_pref("CT2269050.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT2269050.PG_ENABLE.enc", "dHJ1ZQ==");
user_pref("CT2269050.RevertSettingsEnabled", true);
user_pref("CT2269050.SF_JUST_INSTALLED.enc", "RkFMU0U=");
user_pref("CT2269050.SF_STATUS.enc", "RU5BQkxFRA==");
user_pref("CT2269050.SF_USER_ID.enc", "Y2lkXzIyNDIwMTMxNDQwNTU2NDg0NDk5");
user_pref("CT2269050.SearchAppState.enc", "Mw==");
user_pref("CT2269050.SearchAppTracking.enc", "c2VudA==");
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=UM_ID&q=");
user_pref("CT2269050.UserID", "UN76158222226477436");
user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2269050.browser.search.defaultthis.engineName", true);
user_pref("CT2269050.cb_experience_000.enc", "MTM=");
user_pref("CT2269050.cb_firstuse0100.enc", "MQ==");
user_pref("CT2269050.cb_user_id_000.enc", "Q0I5MTM4MDM5NzI2MjVfMTM2MDg3MDE1NjA5MV9GaXJlZm94");
user_pref("CT2269050.cbcountry_001.enc", "REU=");
user_pref("CT2269050.cbfirsttime.enc", "V2VkIEphbiAzMCAyMDEzIDA1OjI3OjM0IEdNVCswMTAw");
user_pref("CT2269050.countryCode", "DE");
user_pref("CT2269050.enableAlerts", "never");
user_pref("CT2269050.enableFix404ByUser", "TRUE");
user_pref("CT2269050.firstTimeDialogOpened", "true");
user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2269050.fixUrls", true);
user_pref("CT2269050.fullUserID", "UN76158222226477436.UP.20130808213730");
user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "NTcxMTFFOTQtQ0YwMS00OUIwLTlFRjYtQzU4NkYxQTUzRjA
user_pref("CT2269050.installType", "Unknown");
user_pref("CT2269050.isCheckedStartAsHidden", true);
user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
user_pref("CT2269050.isNewTabEnabled", true);
user_pref("CT2269050.isPerformedSmartBarTransition", "true");
user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2269050.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.keyword", true);
user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN7615822222647743
user_pref("CT2269050.lastVersion", "10.16.70.505");
user_pref("CT2269050.mam_gk_appStateReportTime.enc", "MTM3NDU5Mzk0MjE5MQ==");
user_pref("CT2269050.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT2269050.mam_gk_appState_Easytobook.enc", "b24=");
user_pref("CT2269050.mam_gk_appState_Easytobook_targeted.enc", "b24=");
user_pref("CT2269050.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT2269050.mam_gk_appState_WindowShopper.enc", "b24=");
user_pref("CT2269050.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT2269050.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT2269050.mam_gk_calledSetupService.enc", "MQ==");
user_pref("CT2269050.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIxZjA2ZTU0NC00NzcyLTRiZDctOT
user_pref("CT2269050.mam_gk_currentVersion.enc", "MS45LjAuNA==");
user_pref("CT2269050.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
user_pref("CT2269050.mam_gk_first_time.enc", "MQ==");
user_pref("CT2269050.mam_gk_lastLoginTime.enc", "MTM3NDU5MzkzODgwMw==");
user_pref("CT2269050.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSB
user_pref("CT2269050.mam_gk_mamEnabled.enc", "ZmFsc2U=");
user_pref("CT2269050.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT2269050.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT2269050.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT2269050.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref("CT2269050.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref("CT2269050.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT2269050.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT2269050.mam_gk_userId.enc", "MWZiYmE4YTQtY2Y5Ni00NjM3LWI2NjktYWI3YjRiNjAxMjUx");
user_pref("CT2269050.migrateAppsAndComponents", true);
user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://
user_pref("CT2269050.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=&q=");
user_pref("CT2269050.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
user_pref("CT2269050.price-gong.isManagedApp", "true");
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", "0");
user_pref("CT2269050.searchFromAddressBarEnabledByUser", "true");
user_pref("CT2269050.searchInNewTabEnabledByUser", "true");
user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
user_pref("CT2269050.searchSuggestEnabledByUser", "True");
user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1376399221888");
user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374594049399");
user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1374594049340");
user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374594049216");
user_pref("CT2269050.serviceLayer_services_location_lastUpdate", "1374594049169");
user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360042868588");
user_pref("CT2269050.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360870257713");
user_pref("CT2269050.serviceLayer_services_login_10.14.65.43_lastUpdate", "1366531204211");
user_pref("CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368101382526");
user_pref("CT2269050.serviceLayer_services_login_10.16.1.521_lastUpdate", "1369551287711");
user_pref("CT2269050.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374594049263");
user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374594049404");
user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1374594049182");
user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1374594048863");
user_pref("CT2269050.serviceLayer_services_setupAPI_lastUpdate", "1366531223517");
user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374594049322");
user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1374594049349");
user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1374594049375");
user_pref("CT2269050.serviceLayer_services_userApps_lastUpdate", "1366531074060");
user_pref("CT2269050.settingsINI", true);
user_pref("CT2269050.showToolbarPermission", "false");
user_pref("CT2269050.smartbar.CTID", "CT2269050");
user_pref("CT2269050.smartbar.Uninstall", "0");
user_pref("CT2269050.smartbar.homepage", true);
user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
user_pref("CT2269050.toolbarBornServerTime", "17-1-2013");
user_pref("CT2269050.toolbarCurrentServerTime", "23-7-2013");
user_pref("CT2269050.toolbarLoginClientTime", "Mon Apr 22 2013 14:35:23 GMT+0200");
user_pref("CT2269050.url_history0001.enc", "aHR0cDovL3d3dy5waXhlbGEuY28uanAvb2VtL2p2Yy9tZWRpYWJyb3dzZXIvZS9tZWRpYWJyb3dzZXJfc2UvZG93bmxvYWQuaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzNzI
user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382120277884,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13&CUI=UN76158222226477436");
user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=UM_ID&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=120518&babsrc=NT_ss&mntrId=204c3cc0000000000000000000000000");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.dfltSrch", true);
user_pref("extensions.Softonic.dnsErr", true);
user_pref("extensions.Softonic.hmpg", true);
user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=204c3cc0000000000000000000000000");
user_pref("extensions.Softonic.newTab", true);
user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=204c3cc0000000000000000000000000");
user_pref("extensions.Softonic.rvrt", "false");
user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.autoRvrt", "false");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "204c3cc0000000000000000000000000");
user_pref("extensions.claro.instlDay", "15722");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.rvrt", "false");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.8.5");
user_pref("extensions.claro.vrsni", "1.8.8.5");
user_pref("extensions.claro_i.excTlbr", false);
user_pref("extensions.claro_i.newTab", false);
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.8.519:05:20");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "18");
user_pref("extensions.delta.cntry", "DE");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.hdrMd5", "1261EBCE807AE8D7D3FB95C8091DA1D1");
user_pref("extensions.delta.id", "204c3cc0000000000000000000000000");
user_pref("extensions.delta.instlDay", "15744");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.10.016:03:37");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "azb");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.016:03:37");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("smartBar.searchInNewTabOwner", "CT2269050");
user_pref("smartbar.addressBarOwnerCTID", "CT1561552");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13&CUI=UN76158222226477436");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN76158222226477436&UM=UM_ID&q=,hxxp://search.co
user_pref("smartbar.machineId", "M/H16V3ZMGRVX3WKLZYOZLAZRAPUWMGU1MCLNLVYB0OVGLVDFJ4ME9VVRXAISE881N+UPJMIUOS4/NLDJXGKJA");
user_pref("smartbar.originalHomepage", "hxxp://www.delta-search.com/?affID=120518&babsrc=HP_ss&mntrId=204c3cc0000000000000000000000000");
user_pref("smartbar.originalSearchAddressUrl", "chrome://defaulttab/content/keywordURL.xul?");
user_pref("smartbar.originalSearchEngine", "");
Emptied folder: C:\Users\Riammi\AppData\Roaming\mozilla\firefox\profiles\oqmr9oxf.default\minidumps [19 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.12.2013 at 17:15:01,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 11.12.2013, 10:04

Es wär schön wenn Du die Funde von MBAM und ADWCleaner auch löschen lassen würdest

11.12.2013, 10:04	#5
schrauber /// the machine /// TB-Ausbilder	Nationzoom lässt sich nicht entfernen... Es wär schön wenn Du die Funde von MBAM und ADWCleaner auch löschen lassen würdest __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Nationzoom lässt sich nicht entfernen...

Plagegeister aller Art und deren Bekämpfung: Nationzoom lässt sich nicht entfernen...