Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox ist infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2014, 18:05   #1
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Hallo,
ich habe mir vor ein paar Tagen während einer Installation wohl im Hintergrund unerwünschte Software für den Browser installiert...
WinPatrol hat mir während der Installation einen Hintergrundvorgang gemeldet der mit Firefox zu tun hatte (was genau weiß ich leider nicht mehr) und ich habe selbstverständlich auf reject change geklickt. Danach war aber trotzdem meine Startseite geändert und lies sich nicht mehr zurück ändern. AdwCleaner und Malwarebytes haben dann einiges gesucht, gefunden und entfernt und ich konnte meine Startseite wieder ändern. Jetzt habe ich aber, wenn ich einen neuen Tab öffne da "Quick Start" was ich da nicht haben will, ich habe als Suchmaschine, die sich nicht entfernen lässt "awesomehp" und wenn ich auf links drücke öffnet sich ein neues browser Fenster (komplett weiß) und schließt sich wieder und nach diesem öffnen und schließen kommt manchmal ein neuer Tab mit dieser adresse: "www.fastdailyfinds.com".
Ich habe seit kurzem Kaspersky (Testversion) und dachte, dass dieses neue Fenster das sich kurz öffnet eventuell daher rührt, sicher bin ich mir aber nicht...
Kann mir bitte jemand helfen meinen PC wieder clean zu machen?
Viele Grüße
hemmy

Alt 12.03.2014, 18:12   #2
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 12.03.2014, 18:42   #3
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert



hey Matthias
Habe alles gelesen und verstanden, bin ja leider nicht zum ersten mal hier auf Hilfe angewiesen
Aber schonmal ein Danke für die schnelle Bearbeitung!


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by User (administrator) on USER-PC on 12-03-2014 18:37:59
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) I:\Programme\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - I:\Programme\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3295961374-3500667211-776711534-1001\...\Run: [Google Update] - "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3295961374-3500667211-776711534-1001\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-07] (BillP Studios)
HKU\S-1-5-21-3295961374-3500667211-776711534-1001\...\Run: [NetLimiter] - C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - I:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\quick_start@gmail.com [2014-03-09]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-07]
FF Extension: Leo Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2013-11-06]
FF Extension: Adblock Edge - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-07]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\extensions\quick_start@gmail.com [2014-03-09]
FF HKCU\...\Firefox\Extensions: [{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\157.xpi [2014-03-09]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-06]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-06]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4629256 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-03-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-09] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-12-31 19:57 - 2099-12-31 19:57 - 00000000 ____D () C:\ProgramData\eSellerate
2099-12-31 19:56 - 2099-05-28 19:10 - 00000000 ____D () C:\Program Files\NewBlue
2099-12-31 19:56 - 2099-05-28 19:10 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2014-03-12 18:37 - 2014-03-12 18:38 - 00018895 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\FRST
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-11 21:03 - 2014-03-11 21:03 - 00000023 _____ () C:\Users\User\Desktop\kaspersky activation code.txt
2014-03-09 19:49 - 2014-03-12 17:45 - 00000262 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-09 19:49 - 2014-03-09 19:50 - 00002892 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-09 19:39 - 2014-03-09 19:38 - 00755712 _____ () C:\Users\User\Desktop\Präsentationsvorlage_Erläuterung_Datensicherheit_BasisPCschutz_FelixVonderbank.ppt
2014-03-09 19:22 - 2014-03-09 19:22 - 01244192 _____ () C:\Users\User\Downloads\adwcleaner_3.0.2.0.exe
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\cache
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Users\User\.android
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Download Expert
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 _____ () C:\Users\User\daemonprocess.txt
2014-03-09 19:15 - 2014-03-09 19:15 - 00000061 _____ () C:\Windows\wininit.ini
2014-03-09 19:14 - 2014-03-09 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\13333
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-03-09 19:12 - 2014-03-09 19:12 - 00002334 _____ () C:\Users\User\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-09 19:11 - 2014-03-12 18:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-09 19:11 - 2014-03-09 19:46 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-09 19:11 - 2014-03-09 19:46 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-09 19:11 - 2014-03-09 19:11 - 00001128 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-09 19:11 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-03-09 18:13 - 2014-03-09 18:19 - 256314176 _____ () C:\Users\User\Downloads\kis14.0.0.4651abDE_5155.exe
2014-03-01 21:04 - 2014-03-01 21:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-25 20:20 - 2014-02-25 10:45 - 00042496 _____ () C:\Users\User\Desktop\Abiturrechner 2014.xls
2014-02-24 18:39 - 2014-02-26 13:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\TIPP10
2014-02-24 18:39 - 2014-02-24 18:39 - 00000000 ____D () C:\Program Files (x86)\Tipp10
2014-02-24 18:38 - 2014-02-24 18:39 - 04441861 _____ ((c) 2006-2011, Tom Thielicke IT Solutions ) C:\Users\User\Downloads\tipp10_win_v2-1-0.exe
2014-02-21 14:18 - 2014-02-21 14:18 - 713413019 _____ () C:\Windows\MEMORY.DMP
2014-02-21 14:18 - 2014-02-21 14:18 - 00292944 _____ () C:\Windows\Minidump\022114-26286-01.dmp
2014-02-21 14:18 - 2014-02-21 14:18 - 00000000 ____D () C:\Windows\Minidump
2014-02-19 14:42 - 2014-02-08 17:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-19 14:38 - 2014-02-19 14:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-19 14:35 - 2014-02-08 19:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-19 14:35 - 2014-02-08 19:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-19 14:35 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-02-19 14:35 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-02-19 14:11 - 2014-02-19 14:12 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-02-19 14:10 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-19 14:10 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-02-16 18:51 - 2014-03-11 18:33 - 00000000 _____ () C:\dfu.log
2014-02-14 13:57 - 2014-02-14 13:57 - 00710848 _____ ( ) C:\Users\User\Downloads\COMPUTER_BILD-Download-Manager_fuer_ssksw.exe
2014-02-14 12:26 - 2014-02-14 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:53 - 2014-02-13 21:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Sony Creative Software Inc
2014-02-12 21:50 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 21:50 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 21:49 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 21:49 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 21:49 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 21:49 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 21:49 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 21:49 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 21:49 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 21:49 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 21:49 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 21:49 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 21:49 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 21:49 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 21:49 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 21:49 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 21:49 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 21:49 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 21:49 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 21:49 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 21:49 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 21:49 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 21:49 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 21:49 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 21:49 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 21:49 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 21:49 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 21:49 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 21:49 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 21:49 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 21:49 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 21:49 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 21:49 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 21:49 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 21:49 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 21:49 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 21:49 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 21:49 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 21:49 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 21:49 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 21:49 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:11 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:11 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:11 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:11 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:11 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:11 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:11 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:11 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:11 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:11 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:11 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:11 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:11 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:11 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:11 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:11 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:11 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:11 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:11 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:11 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:11 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:11 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:11 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:11 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 17:32 - 2014-02-10 17:34 - 30981301 _____ () C:\Users\User\Desktop\exen.mp4

==================== One Month Modified Files and Folders =======

2099-12-31 19:57 - 2099-12-31 19:57 - 00000000 ____D () C:\ProgramData\eSellerate
2099-05-28 19:10 - 2099-12-31 19:56 - 00000000 ____D () C:\Program Files\NewBlue
2099-05-28 19:10 - 2099-12-31 19:56 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2014-03-12 18:38 - 2014-03-12 18:37 - 00018895 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\FRST
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-12 18:36 - 2013-09-01 21:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-03-12 18:27 - 2012-01-24 17:36 - 00086808 _____ () C:\Windows\setupact.log
2014-03-12 18:13 - 2013-04-12 11:52 - 01367762 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 18:08 - 2013-05-28 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 18:02 - 2014-03-09 19:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-12 17:52 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 17:52 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 17:45 - 2014-03-09 19:49 - 00000262 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-12 17:45 - 2012-01-24 00:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-12 17:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 21:42 - 2013-09-10 15:52 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien
2014-03-11 21:08 - 2014-02-05 18:08 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 21:08 - 2013-05-28 18:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:08 - 2013-05-28 18:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 21:08 - 2011-12-01 22:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:03 - 2014-03-11 21:03 - 00000023 _____ () C:\Users\User\Desktop\kaspersky activation code.txt
2014-03-11 20:41 - 2010-11-21 04:47 - 00251148 _____ () C:\Windows\PFRO.log
2014-03-11 18:33 - 2014-02-16 18:51 - 00000000 _____ () C:\dfu.log
2014-03-11 18:32 - 2013-11-01 23:48 - 00000000 ____D () C:\Users\User\Downloads\Gameforge Live
2014-03-09 20:31 - 2013-10-27 12:29 - 00000000 ____D () C:\AdwCleaner
2014-03-09 20:28 - 2013-09-08 18:05 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-09 19:50 - 2014-03-09 19:49 - 00002892 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-09 19:46 - 2014-03-09 19:11 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-09 19:46 - 2014-03-09 19:11 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-09 19:46 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-03-09 19:46 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-03-09 19:46 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-03-09 19:40 - 2013-11-07 14:12 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-09 19:38 - 2014-03-09 19:39 - 00755712 _____ () C:\Users\User\Desktop\Präsentationsvorlage_Erläuterung_Datensicherheit_BasisPCschutz_FelixVonderbank.ppt
2014-03-09 19:37 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-09 19:37 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-09 19:37 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 19:23 - 2013-12-14 17:26 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-09 19:23 - 2013-04-12 11:58 - 00000997 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-09 19:22 - 2014-03-09 19:22 - 01244192 _____ () C:\Users\User\Downloads\adwcleaner_3.0.2.0.exe
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\cache
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Users\User\.android
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Download Expert
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 _____ () C:\Users\User\daemonprocess.txt
2014-03-09 19:15 - 2014-03-09 19:15 - 00000061 _____ () C:\Windows\wininit.ini
2014-03-09 19:14 - 2014-03-09 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\13333
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-03-09 19:14 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-09 19:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-09 19:12 - 2014-03-09 19:12 - 00002334 _____ () C:\Users\User\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-09 19:11 - 2014-03-09 19:11 - 00001128 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-09 18:19 - 2014-03-09 18:13 - 256314176 _____ () C:\Users\User\Downloads\kis14.0.0.4651abDE_5155.exe
2014-03-01 21:04 - 2014-03-01 21:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 13:39 - 2014-02-24 18:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\TIPP10
2014-02-25 10:45 - 2014-02-25 20:20 - 00042496 _____ () C:\Users\User\Desktop\Abiturrechner 2014.xls
2014-02-24 18:39 - 2014-02-24 18:39 - 00000000 ____D () C:\Program Files (x86)\Tipp10
2014-02-24 18:39 - 2014-02-24 18:38 - 04441861 _____ ((c) 2006-2011, Tom Thielicke IT Solutions ) C:\Users\User\Downloads\tipp10_win_v2-1-0.exe
2014-02-21 14:18 - 2014-02-21 14:18 - 713413019 _____ () C:\Windows\MEMORY.DMP
2014-02-21 14:18 - 2014-02-21 14:18 - 00292944 _____ () C:\Windows\Minidump\022114-26286-01.dmp
2014-02-21 14:18 - 2014-02-21 14:18 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 18:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 14:42 - 2012-01-24 00:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-19 14:38 - 2014-02-19 14:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-19 14:12 - 2014-02-19 14:11 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-02-19 14:12 - 2013-10-23 11:55 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA
2014-02-19 14:12 - 2012-01-24 00:22 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-19 14:10 - 2012-01-24 00:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-16 15:57 - 2013-08-24 10:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 15:56 - 2011-07-18 21:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 14:49 - 2013-11-06 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 13:57 - 2014-02-14 13:57 - 00710848 _____ ( ) C:\Users\User\Downloads\COMPUTER_BILD-Download-Manager_fuer_ssksw.exe
2014-02-14 12:26 - 2014-02-14 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:53 - 2014-02-13 21:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Sony Creative Software Inc
2014-02-12 21:54 - 2013-09-08 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 21:52 - 2013-06-13 17:53 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 21:50 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 19:16 - 2013-07-26 12:45 - 00000819 _____ () C:\Users\User\Desktop\mv accs.txt
2014-02-10 17:34 - 2014-02-10 17:32 - 30981301 _____ () C:\Users\User\Desktop\exen.mp4

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\36dc5ba470445643ecc5dce5db03c6cc.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-20 18:20

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by User at 2014-03-12 18:38:44
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.1.540 - Online Media Technologies Ltd.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Extended Update (HKCU\...\AffiliatedUpdate) (Version:  - )
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.2.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.2.430 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{37D0157F-45C6-4DB2-9AE5-489DD98CE169}) (Version: 11.1.2.31 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: 1.4 - NewBlue)
NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: 1.4 - NewBlue)
NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 1.4 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Sampler Pack for Windows (HKLM-x32\...\NewBlue Sampler Pack for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 1.4 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version:  - Markement GmbH)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\1680e22a-d63e-4f34-ba28-3b7cc3f1bbc1) (Version:  - Re-markit Software) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Secunia PSI (3.0.0.8013) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM-x32\...\{DC6B4110-394D-45B9-A677-BA495D84CA63}) (Version: 3.1 - Sinvise Systems)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{59446CD0-D49A-4154-BDD5-59CB3B6F89AC}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{BA61259D-63F0-4177-A0E1-E4064EC2B470}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Vegas Pro 11.0 (64-bit) (HKLM\...\{7E3B2D0F-029B-11E2-BD68-F04DA23A5C58}) (Version: 11.0.701 - Sony)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.1.2013.1 - BillP Studios)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

17-01-2014 23:43:00 Windows Update
04-02-2014 18:35:01 Windows Update
12-02-2014 20:48:48 Windows Update
14-02-2014 16:02:37 Removed NetLimiter 3
16-02-2014 14:56:08 Windows Update
19-02-2014 13:11:34 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-26 21:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {190C3BC6-8BF4-4407-A881-B15552D3B517} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3F8CC579-36C1-4B0B-81AE-C477224B8695} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {CC53C16E-6A44-4D9F-9458-8088D41C87B8} - \Re-markit Update No Task File
Task: {E7E948B7-3446-477D-8B1A-7D541ED501D3} - \AmiUpdXp No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2012-01-24 00:22 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-11-07 14:07 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-02-14 12:26 - 2014-02-14 12:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-11 21:08 - 2014-03-11 21:08 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-02-13 23:05 - 2014-02-13 23:05 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2012-01-23 23:47 - 2011-05-20 19:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk => C:\Windows\pss\Microsoft SharePoint Workspace.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2014 05:45:43 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/11/2014 08:42:05 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/11/2014 06:10:10 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/10/2014 08:31:49 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/10/2014 06:41:42 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/10/2014 05:14:57 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 08:32:21 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 08:30:01 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 07:24:23 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 07:23:26 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (03/09/2014 07:47:24 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/09/2014 07:40:14 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/09/2014 07:16:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/09/2014 01:05:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (03/09/2014 01:05:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (03/09/2014 01:05:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (02/21/2014 02:18:55 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000006, 0xfffffa80082fea20, 0xfffffa80082fde10, 0xfffff80003992780)C:\Windows\MEMORY.DMP022114-26286-01

Error: (02/21/2014 02:18:54 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎21.‎02.‎2014 um 14:17:48 unerwartet heruntergefahren.

Error: (02/19/2014 02:24:51 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (02/19/2014 02:24:51 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.


Microsoft Office Sessions:
=========================
Error: (03/12/2014 05:45:43 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/11/2014 08:42:05 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/11/2014 06:10:10 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/10/2014 08:31:49 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/10/2014 06:41:42 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/10/2014 05:14:57 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 08:32:21 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 08:30:01 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 07:24:23 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/09/2014 07:23:26 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


CodeIntegrity Errors:
===================================
  Date: 2014-03-09 19:57:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:57:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:57:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:54:07.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP14.0.0\Data\updater\Temporary Files\temporaryFolder\updates\bin\kav14\14.0.0.4651\drv64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:54:07.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP14.0.0\Data\updater\Temporary Files\temporaryFolder\updates\bin\kav14\14.0.0.4651\drv64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:54:07.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP14.0.0\Data\updater\Temporary Files\temporaryFolder\updates\bin\kav14\14.0.0.4651\drv64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:52:01.741
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:52:01.741
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:52:01.726
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-26 22:16:50.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 4077.64 MB
Available physical RAM: 1946.65 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5665.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:818.93 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:27.05 GB) NTFS
Drive i: (ExterneFestplatte) (Fixed) (Total:931.51 GB) (Free:632.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: FD3BE0E2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CE7A9C1E)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 12.03.2014, 19:09   #4
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Servus,



Office ist nicht legal erworben, wie das?



wir beginnen erst mal so:





Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 2
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von JRT,
  • die Logdatei von Zoek.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 12.03.2014, 19:52   #5
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Ich benutze den PC mit meinen zwei Brüdern zusammen und bin erst seit nem knappen Monat auch hier am PC weil mein Notebook kaputt gegangen ist. Alle Programme die hier drauf sind, bis auf Tipp10, waren vor meinem Einstieg schon hier drauf..

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 12.03.2014 at 19:27:12,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\3k5dhc3m.default\minidumps [96 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2014 at 19:32:05,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
zoek log:
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by User on 12.03.2014 at 19:37:25,23.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

12.03.2014 19:38:03 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");

Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default

user.js not found
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.autoDisableScopes", -1);
user_pref("valueApps.storage.mam_gk_userId", "34363063613735382D336632352D343330642D386636642D306639646164316338643837");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ---- 

prefs__1944_.backup

==== Deleting Files \ Folders ======================

C:\Users\User\daemonprocess.txt deleted
C:\Users\User\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\User\AppData\Local\avgchrome deleted
C:\Users\User\AppData\Local\cache deleted
C:\Users\User\Downloads\FreeYouTubeToMP3Converter.exe deleted
C:\Windows\wininit.ini deleted
C:\Windows\Syswow64\SETBCCE.tmp deleted
C:\Users\User\Downloads\wpsetup.exe deleted
"C:\Windows\Syswow64\SET9C46.tmp" deleted
"C:\Windows\Syswow64\SETB2D8.tmp" deleted
"C:\Users\User\AppData\Roaming\HPP\wupdte.exe" deleted
"C:\Users\User\AppData\Roaming\HPP" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quick_start@gmail.com"="C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\extensions\quick_start@gmail.com" [09.03.2014 19:15]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}"="C:\Program Files (x86)\Re-markit-soft\157.xpi" [09.03.2014 19:14]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default
- Quick Start - %ProfilePath%\extensions\quick_start@gmail.com
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Undetermined - %ProfilePath%\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default
95812430959AE88CDD0301AB3A71913B	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -	Shockwave Flash
5174E3BE46B2CCCDAF9CEB5B622CEA9B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll -	Shockwave for Director / Shockwave for Director
9D4A0B314CB9CF134CA27E1E0217E51E	- I:\Programme\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
87132527E2256CF6683A18C4EB34DD3B	- C:\Windows\system32\Wat\npWatWeb.dll -	Windows Activation Technologies


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 15:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[09.03.2014 19:41]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 15:49]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="www.google.de"
"Default"="www.google.de"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{84481A87-2316-4923-8FAB-3BA8CA29323D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1680e22a-d63e-4f34-ba28-3b7cc3f1bbc1 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\3k5dhc3m.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=267 folders=44 80733579 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\Syswow64\SET9C46.tmpsearch"  not found
"C:\Windows\Syswow64\SETB2D8.tmpsearch"  not found

==== EOF on 12.03.2014 at 19:47:28,19 ======================
         


Alt 13.03.2014, 20:32   #6
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Servus,



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    quick_start
    Re-markit
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.








Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die zwei Logdateien von FRST,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
--> Firefox ist infiziert

Alt 14.03.2014, 14:36   #7
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by User (administrator) on USER-PC on 14-03-2014 14:25:46
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) I:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - I:\Programme\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3295961374-3500667211-776711534-1001\...\Run: [Google Update] - "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3295961374-3500667211-776711534-1001\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-07] (BillP Studios)
HKU\S-1-5-21-3295961374-3500667211-776711534-1001\...\Run: [NetLimiter] - C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - I:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\quick_start@gmail.com [2014-03-09]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-07]
FF Extension: Leo Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2013-11-06]
FF Extension: Adblock Edge - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-07]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\extensions\quick_start@gmail.com [2014-03-09]
FF HKCU\...\Firefox\Extensions: [{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\157.xpi [2014-03-09]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-06]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-06]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4629256 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-03-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-09] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-12-31 19:57 - 2099-12-31 19:57 - 00000000 ____D () C:\ProgramData\eSellerate
2099-12-31 19:56 - 2099-05-28 19:10 - 00000000 ____D () C:\Program Files\NewBlue
2099-12-31 19:56 - 2099-05-28 19:10 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2014-03-12 19:46 - 2014-03-12 19:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-12 19:37 - 2014-03-12 19:47 - 00010852 _____ () C:\zoek-results.log
2014-03-12 19:37 - 2014-03-12 19:44 - 00000000 ____D () C:\zoek_backup
2014-03-12 19:36 - 2014-03-04 12:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-12 19:35 - 2014-03-12 19:35 - 01285120 _____ () C:\Users\User\Desktop\zoek.exe
2014-03-12 19:34 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-12 19:34 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-12 19:34 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-12 19:34 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-12 19:34 - 2014-03-04 15:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-12 19:34 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-12 19:34 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-12 19:33 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-12 19:33 - 2014-03-04 15:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-12 19:32 - 2014-03-12 19:32 - 00000973 _____ () C:\Users\User\Desktop\JRT.txt
2014-03-12 19:25 - 2014-03-12 19:25 - 01037734 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-03-12 19:25 - 2014-03-12 19:25 - 01037734 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-03-12 18:37 - 2014-03-14 14:26 - 00019214 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-12 18:37 - 2014-03-14 14:25 - 00000000 ____D () C:\FRST
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-11 21:03 - 2014-03-11 21:03 - 00000023 _____ () C:\Users\User\Desktop\kaspersky activation code.txt
2014-03-09 19:49 - 2014-03-14 14:23 - 00000262 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-09 19:49 - 2014-03-09 19:50 - 00002892 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-09 19:39 - 2014-03-09 19:38 - 00755712 _____ () C:\Users\User\Desktop\Präsentationsvorlage_Erläuterung_Datensicherheit_BasisPCschutz_FelixVonderbank.ppt
2014-03-09 19:22 - 2014-03-09 19:22 - 01244192 _____ () C:\Users\User\Downloads\adwcleaner_3.0.2.0.exe
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Download Expert
2014-03-09 19:14 - 2014-03-09 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\13333
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-03-09 19:12 - 2014-03-09 19:12 - 00002334 _____ () C:\Users\User\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-09 19:11 - 2014-03-14 14:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-09 19:11 - 2014-03-09 19:46 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-09 19:11 - 2014-03-09 19:46 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-09 19:11 - 2014-03-09 19:11 - 00001128 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-09 19:11 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-03-09 18:13 - 2014-03-09 18:19 - 256314176 _____ () C:\Users\User\Downloads\kis14.0.0.4651abDE_5155.exe
2014-03-01 21:04 - 2014-03-01 21:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-25 20:20 - 2014-02-25 10:45 - 00042496 _____ () C:\Users\User\Desktop\Abiturrechner 2014.xls
2014-02-24 18:39 - 2014-02-26 13:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\TIPP10
2014-02-24 18:39 - 2014-02-24 18:39 - 00000000 ____D () C:\Program Files (x86)\Tipp10
2014-02-24 18:38 - 2014-02-24 18:39 - 04441861 _____ ((c) 2006-2011, Tom Thielicke IT Solutions ) C:\Users\User\Downloads\tipp10_win_v2-1-0.exe
2014-02-21 14:18 - 2014-02-21 14:18 - 713413019 _____ () C:\Windows\MEMORY.DMP
2014-02-21 14:18 - 2014-02-21 14:18 - 00292944 _____ () C:\Windows\Minidump\022114-26286-01.dmp
2014-02-21 14:18 - 2014-02-21 14:18 - 00000000 ____D () C:\Windows\Minidump
2014-02-19 14:38 - 2014-02-19 14:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-19 14:35 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-19 14:35 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-19 14:35 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-02-19 14:35 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-02-19 14:11 - 2014-02-19 14:12 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-02-19 14:10 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-02-19 14:10 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-02-16 18:51 - 2014-03-11 18:33 - 00000000 _____ () C:\dfu.log
2014-02-14 13:57 - 2014-02-14 13:57 - 00710848 _____ ( ) C:\Users\User\Downloads\COMPUTER_BILD-Download-Manager_fuer_ssksw.exe
2014-02-14 12:26 - 2014-02-14 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:53 - 2014-02-13 21:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Sony Creative Software Inc
2014-02-12 21:50 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 21:50 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 21:49 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 21:49 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 21:49 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 21:49 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 21:49 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 21:49 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 21:49 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 21:49 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 21:49 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 21:49 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 21:49 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 21:49 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 21:49 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 21:49 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 21:49 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 21:49 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 21:49 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 21:49 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 21:49 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 21:49 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 21:49 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 21:49 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 21:49 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 21:49 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 21:49 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 21:49 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 21:49 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 21:49 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 21:49 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 21:49 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 21:49 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 21:49 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 21:49 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 21:49 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 21:49 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 21:49 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 21:49 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 21:49 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 21:49 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:11 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:11 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:11 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:11 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:11 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:11 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:11 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:11 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:11 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:11 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:11 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:11 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:11 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:11 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:11 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:11 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:11 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:11 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:11 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:11 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:11 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:11 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:11 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:11 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:11 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2099-12-31 19:57 - 2099-12-31 19:57 - 00000000 ____D () C:\ProgramData\eSellerate
2099-05-28 19:10 - 2099-12-31 19:56 - 00000000 ____D () C:\Program Files\NewBlue
2099-05-28 19:10 - 2099-12-31 19:56 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2014-03-14 14:26 - 2014-03-12 18:37 - 00019214 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-14 14:25 - 2014-03-12 18:37 - 00000000 ____D () C:\FRST
2014-03-14 14:24 - 2014-03-09 19:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-14 14:23 - 2014-03-09 19:49 - 00000262 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-14 14:23 - 2012-01-24 17:36 - 00087724 _____ () C:\Windows\setupact.log
2014-03-14 14:23 - 2012-01-24 00:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-14 14:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 18:25 - 2013-04-12 11:52 - 01426929 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 18:24 - 2013-09-01 21:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-03-13 18:08 - 2013-05-28 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 17:33 - 2013-09-10 15:52 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien
2014-03-13 17:32 - 2013-07-18 22:33 - 00000000 ____D () C:\Users\User\.gimp-2.8
2014-03-13 17:10 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 17:10 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 19:47 - 2014-03-12 19:37 - 00010852 _____ () C:\zoek-results.log
2014-03-12 19:46 - 2010-11-21 04:47 - 00252572 _____ () C:\Windows\PFRO.log
2014-03-12 19:44 - 2014-03-12 19:37 - 00000000 ____D () C:\zoek_backup
2014-03-12 19:37 - 2014-03-12 19:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-12 19:36 - 2012-01-24 00:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-12 19:35 - 2014-03-12 19:35 - 01285120 _____ () C:\Users\User\Desktop\zoek.exe
2014-03-12 19:32 - 2014-03-12 19:32 - 00000973 _____ () C:\Users\User\Desktop\JRT.txt
2014-03-12 19:25 - 2014-03-12 19:25 - 01037734 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-03-12 19:25 - 2014-03-12 19:25 - 01037734 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-03-12 18:36 - 2014-03-12 18:36 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-11 21:08 - 2014-02-05 18:08 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 21:08 - 2013-05-28 18:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:08 - 2013-05-28 18:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 21:08 - 2011-12-01 22:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:03 - 2014-03-11 21:03 - 00000023 _____ () C:\Users\User\Desktop\kaspersky activation code.txt
2014-03-11 18:33 - 2014-02-16 18:51 - 00000000 _____ () C:\dfu.log
2014-03-11 18:32 - 2013-11-01 23:48 - 00000000 ____D () C:\Users\User\Downloads\Gameforge Live
2014-03-09 20:31 - 2013-10-27 12:29 - 00000000 ____D () C:\AdwCleaner
2014-03-09 20:28 - 2013-09-08 18:05 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-09 19:50 - 2014-03-09 19:49 - 00002892 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-09 19:46 - 2014-03-09 19:11 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-09 19:46 - 2014-03-09 19:11 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-09 19:46 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-03-09 19:46 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-03-09 19:46 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-03-09 19:40 - 2013-11-07 14:12 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-09 19:38 - 2014-03-09 19:39 - 00755712 _____ () C:\Users\User\Desktop\Präsentationsvorlage_Erläuterung_Datensicherheit_BasisPCschutz_FelixVonderbank.ppt
2014-03-09 19:37 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-09 19:37 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-09 19:37 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 19:23 - 2013-12-14 17:26 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-09 19:23 - 2013-04-12 11:58 - 00000997 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-09 19:22 - 2014-03-09 19:22 - 01244192 _____ () C:\Users\User\Downloads\adwcleaner_3.0.2.0.exe
2014-03-09 19:16 - 2014-03-09 19:16 - 00000000 ____D () C:\Download Expert
2014-03-09 19:14 - 2014-03-09 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Users\User\AppData\Local\13333
2014-03-09 19:14 - 2014-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-03-09 19:14 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-09 19:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-09 19:12 - 2014-03-09 19:12 - 00002334 _____ () C:\Users\User\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-09 19:11 - 2014-03-09 19:11 - 00001128 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-09 18:19 - 2014-03-09 18:13 - 256314176 _____ () C:\Users\User\Downloads\kis14.0.0.4651abDE_5155.exe
2014-03-04 15:35 - 2014-03-12 19:34 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 15:35 - 2014-03-12 19:34 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 15:35 - 2014-03-12 19:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 15:35 - 2014-03-12 19:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 15:35 - 2014-03-12 19:34 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 15:35 - 2014-03-12 19:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 15:35 - 2014-03-12 19:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 15:35 - 2014-03-12 19:33 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 15:35 - 2014-03-12 19:33 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 15:35 - 2013-10-23 11:50 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 15:35 - 2013-10-23 11:50 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 15:35 - 2013-10-23 11:50 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 15:35 - 2012-01-24 00:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 15:35 - 2012-01-24 00:22 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 15:35 - 2012-01-24 00:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 15:35 - 2012-01-24 00:22 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 14:06 - 2012-01-24 00:22 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 14:06 - 2012-01-24 00:22 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 14:05 - 2013-10-23 11:53 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 14:05 - 2012-01-24 00:22 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 14:05 - 2012-01-24 00:22 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 14:05 - 2012-01-24 00:22 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 14:05 - 2012-01-24 00:22 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 12:32 - 2014-03-12 19:36 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-01 21:04 - 2014-03-01 21:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 13:39 - 2014-02-24 18:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\TIPP10
2014-02-25 10:45 - 2014-02-25 20:20 - 00042496 _____ () C:\Users\User\Desktop\Abiturrechner 2014.xls
2014-02-24 18:39 - 2014-02-24 18:39 - 00000000 ____D () C:\Program Files (x86)\Tipp10
2014-02-24 18:39 - 2014-02-24 18:38 - 04441861 _____ ((c) 2006-2011, Tom Thielicke IT Solutions ) C:\Users\User\Downloads\tipp10_win_v2-1-0.exe
2014-02-21 14:18 - 2014-02-21 14:18 - 713413019 _____ () C:\Windows\MEMORY.DMP
2014-02-21 14:18 - 2014-02-21 14:18 - 00292944 _____ () C:\Windows\Minidump\022114-26286-01.dmp
2014-02-21 14:18 - 2014-02-21 14:18 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 18:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 14:38 - 2014-02-19 14:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-19 14:12 - 2014-02-19 14:11 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-02-19 14:12 - 2013-10-23 11:55 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA
2014-02-19 14:12 - 2012-01-24 00:22 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-19 14:10 - 2012-01-24 00:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-16 15:57 - 2013-08-24 10:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 15:56 - 2011-07-18 21:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 14:49 - 2013-11-06 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 13:57 - 2014-02-14 13:57 - 00710848 _____ ( ) C:\Users\User\Downloads\COMPUTER_BILD-Download-Manager_fuer_ssksw.exe
2014-02-14 12:26 - 2014-02-14 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:53 - 2014-02-13 21:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Sony Creative Software Inc
2014-02-12 21:54 - 2013-09-08 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 21:52 - 2013-06-13 17:53 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 21:50 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 19:16 - 2013-07-26 12:45 - 00000819 _____ () C:\Users\User\Desktop\mv accs.txt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-20 18:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---



addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by User at 2014-03-14 14:26:41
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.1.540 - Online Media Technologies Ltd.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Extended Update (HKCU\...\AffiliatedUpdate) (Version:  - )
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.2.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.2.430 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{37D0157F-45C6-4DB2-9AE5-489DD98CE169}) (Version: 11.1.2.31 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: 1.4 - NewBlue)
NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: 1.4 - NewBlue)
NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 1.4 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Sampler Pack for Windows (HKLM-x32\...\NewBlue Sampler Pack for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 1.4 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version:  - Markement GmbH)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Secunia PSI (3.0.0.8013) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM-x32\...\{DC6B4110-394D-45B9-A677-BA495D84CA63}) (Version: 3.1 - Sinvise Systems)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{59446CD0-D49A-4154-BDD5-59CB3B6F89AC}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{BA61259D-63F0-4177-A0E1-E4064EC2B470}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Vegas Pro 11.0 (64-bit) (HKLM\...\{7E3B2D0F-029B-11E2-BD68-F04DA23A5C58}) (Version: 11.0.701 - Sony)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

16-02-2014 14:56:08 Windows Update
19-02-2014 13:11:34 DirectX wurde installiert
12-03-2014 18:37:48 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-26 21:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {190C3BC6-8BF4-4407-A881-B15552D3B517} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3F8CC579-36C1-4B0B-81AE-C477224B8695} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {CC53C16E-6A44-4D9F-9458-8088D41C87B8} - \Re-markit Update No Task File
Task: {E7E948B7-3446-477D-8B1A-7D541ED501D3} - \AmiUpdXp No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2012-01-24 00:22 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-11-07 14:07 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-02-14 12:26 - 2014-02-14 12:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-13 23:05 - 2014-02-13 23:05 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2012-01-23 23:47 - 2011-05-20 19:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk => C:\Windows\pss\Microsoft SharePoint Workspace.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2014 02:25:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.3523, Zeitstempel: 0x5315c9f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0xf10
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (03/14/2014 02:23:56 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/13/2014 06:24:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (03/13/2014 05:02:58 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/12/2014 07:47:08 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/12/2014 07:46:14 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/12/2014 07:37:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_NVIDIA Install Application, Version: 2.1002.147.1067, Zeitstempel: 0x52f01c1e
Name des fehlerhaften Moduls: NVI2.DLL, Version: 2.1002.147.1067, Zeitstempel: 0x52f01d13
Ausnahmecode: 0x40000015
Fehleroffset: 0x00115624
ID des fehlerhaften Prozesses: 0x2474
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_NVIDIA Install Application0
Pfad der fehlerhaften Anwendung: setup.exe_NVIDIA Install Application1
Pfad des fehlerhaften Moduls: setup.exe_NVIDIA Install Application2
Berichtskennung: setup.exe_NVIDIA Install Application3

Error: (03/12/2014 07:34:24 PM) (Source: Application Hang) (User: )
Description: Programm GFExperience.exe, Version 10.11.15.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 684

Startzeit: 01cf3e1bcd92dd14

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Berichts-ID:


System errors:
=============
Error: (03/12/2014 07:44:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/12/2014 07:44:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/12/2014 07:44:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/12/2014 07:44:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/12/2014 07:44:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/12/2014 07:36:00 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (03/14/2014 02:25:41 PM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.35235315c9f7ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4f1001cf3f88ae6f29a4C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\SYSTEM32\ntdll.dll231427c7-ab7c-11e3-b782-8c89a5a48e0b

Error: (03/14/2014 02:23:56 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/13/2014 06:24:38 PM) (Source: Application Error)(User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c712f401cf3ed5c468bed6C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll59f39bd3-aad4-11e3-9abb-8c89a5a48e0b

Error: (03/13/2014 05:02:58 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/12/2014 07:47:08 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/12/2014 07:46:14 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/12/2014 07:37:12 PM) (Source: Application Error)(User: )
Description: setup.exe_NVIDIA Install Application2.1002.147.106752f01c1eNVI2.DLL2.1002.147.106752f01d134000001500115624247401cf3e217dbeab55C:\NVIDIA\DisplayDriver\GeForce335.23Driver\setup.exeC:\Program Files\NVIDIA Corporation\Installer2\installer.{9ABC362F-22E7-4E93-9C32-FE4DB64DFACA}\NVI2.DLL5335a784-aa15-11e3-9536-8c89a5a48e0b

Error: (03/12/2014 07:34:24 PM) (Source: Application Hang)(User: )
Description: GFExperience.exe10.11.15.068401cf3e1bcd92dd143C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe


CodeIntegrity Errors:
===================================
  Date: 2014-03-09 19:57:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:57:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:57:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:54:07.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP14.0.0\Data\updater\Temporary Files\temporaryFolder\updates\bin\kav14\14.0.0.4651\drv64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:54:07.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP14.0.0\Data\updater\Temporary Files\temporaryFolder\updates\bin\kav14\14.0.0.4651\drv64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:54:07.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP14.0.0\Data\updater\Temporary Files\temporaryFolder\updates\bin\kav14\14.0.0.4651\drv64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:52:01.741
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:52:01.741
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-09 19:52:01.726
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-26 22:16:50.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 4077.64 MB
Available physical RAM: 2311.93 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 6147.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:821.88 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:27.05 GB) NTFS
Drive i: (ExterneFestplatte) (Fixed) (Total:931.51 GB) (Free:632.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: FD3BE0E2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CE7A9C1E)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 14:28 on 14/03/2014 by User
Administrator - Elevation successful

========== regfind ==========

Searching for "quick_start"
[HKEY_CURRENT_USER\Software\mozilla\Extends]
"appid"="quick_start@gmail.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"quick_start@gmail.com"="C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\extensions\quick_start@gmail.com"
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\mozilla\Extends]
"appid"="quick_start@gmail.com"

Searching for "Re-markit"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\PROGRAM FILES (X86)\RE-MARKIT-SOFT\RE-MARKIT157.EXE"="03/09/2014 19:20"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"Re-markit"="700"
[HKEY_CURRENT_USER\Software\mozilla\Firefox\Extensions]
"{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}"="C:\Program Files (x86)\Re-markit-soft\157.xpi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC53C16E-6A44-4D9F-9458-8088D41C87B8}]
"Path"="\Re-markit Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update]
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\BillP Studios\Detected\Services]
"C:\PROGRAM FILES (X86)\RE-MARKIT-SOFT\RE-MARKIT157.EXE"="03/09/2014 19:20"
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\BillP Studios\WinPatrol\Services]
"Re-markit"="700"
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\mozilla\Firefox\Extensions]
"{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}"="C:\Program Files (x86)\Re-markit-soft\157.xpi"

Searching for "         "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeToMP3Converter.exe"="Free YouTube to MP3 Converter 3.12.3.610 Setup              "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeToiPodConverter_3112430.exe"="Free YouTube to iPod Converter 3.11.2.430 Setup             "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeDownload_3.2.2.430.exe"="Free YouTube Download 3.2.2.430 Setup                       "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\AVSVideoConverter.exe"="AVS Video Converter Setup                                   "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\MicroVolts_0.9.4.50_ENG.exe"="MicroVolts English Client Setup                             "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\gimp-2.8.6-setup.exe"="GIMP Setup                                                  "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\spywareblastersetup50.exe"="SpywareBlaster Setup                                        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Desktop\Micro_Vault_CBT_v0115.exe"="Micro Vault                                                 "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&7&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A270010CAD6F0&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&7&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A270010CAD6F0&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&7&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A270010CAD6F0&0#]
"DeviceDesc"="iPod            "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeToMP3Converter.exe"="Free YouTube to MP3 Converter 3.12.3.610 Setup              "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeToiPodConverter_3112430.exe"="Free YouTube to iPod Converter 3.11.2.430 Setup             "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeDownload_3.2.2.430.exe"="Free YouTube Download 3.2.2.430 Setup                       "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\AVSVideoConverter.exe"="AVS Video Converter Setup                                   "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\MicroVolts_0.9.4.50_ENG.exe"="MicroVolts English Client Setup                             "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\gimp-2.8.6-setup.exe"="GIMP Setup                                                  "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\spywareblastersetup50.exe"="SpywareBlaster Setup                                        "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Desktop\Micro_Vault_CBT_v0115.exe"="Micro Vault                                                 "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeToMP3Converter.exe"="Free YouTube to MP3 Converter 3.12.3.610 Setup              "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeToiPodConverter_3112430.exe"="Free YouTube to iPod Converter 3.11.2.430 Setup             "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\FreeYouTubeDownload_3.2.2.430.exe"="Free YouTube Download 3.2.2.430 Setup                       "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\AVSVideoConverter.exe"="AVS Video Converter Setup                                   "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\MicroVolts_0.9.4.50_ENG.exe"="MicroVolts English Client Setup                             "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\gimp-2.8.6-setup.exe"="GIMP Setup                                                  "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Downloads\spywareblastersetup50.exe"="SpywareBlaster Setup                                        "
[HKEY_USERS\S-1-5-21-3295961374-3500667211-776711534-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\User\Desktop\Micro_Vault_CBT_v0115.exe"="Micro Vault                                                 "

-= EOF =-
         
Wenn ich einen neuen Tab öffne ist dort immernoch Quick-Start als Standard.
www.fastdailyfind.com ist auch noch da und es hat sich ein neues Fenster zur "reperatur von windows" geöffnet...

Das sind screenshots von den fenstern die sich öffnen:

hxxp://s1.directupload.net/images/140314/awppn2fp.png

Ich gehe mal davon aus, dass ich mir da einen kleinen Virus runterladen würde

hxxp://s14.directupload.net/images/140314/qigz6aep.png

beides http...wurde wohl von der Seite als schutz vor infizierten links gemacht?

Und der Rechner läuft ganz normal, bis auf der Browser halt :s

Alt 14.03.2014, 14:58   #8
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Servus,



ok, vielen Dank für die Bilder... ich denke, jetzt bekommen wir das in den Griff.
Starte den Rechner nach dem Fix mit FRST neu auf!




Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF NewTab: chrome://quick_start/content/index.html
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\quick_start@gmail.com [2014-03-09]
FF HKCU\...\Firefox\Extensions: [{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\157.xpi [2014-03-09]
C:\Program Files (x86)\Re-markit-soft
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\User\AppData\Local\13333
C:\ProgramData\ntuser.pol
C:\Windows\system32\GroupPolicy
C:\Windows\SysWOW64\GroupPolicy
Task: {CC53C16E-6A44-4D9F-9458-8088D41C87B8} - \Re-markit Update No Task File
Task: {E7E948B7-3446-477D-8B1A-7D541ED501D3} - \AmiUpdXp No Task File
Reg: reg delete "HKEY_CURRENT_USER\Software\mozilla\Extends" /v appid /f
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 14.03.2014, 23:25   #9
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert



FRST:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by User at 2014-03-14 17:10:53 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF NewTab: chrome://quick_start/content/index.html
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\quick_start@gmail.com [2014-03-09]
FF HKCU\...\Firefox\Extensions: [{cf798cb9-b0d9-4ec0-a967-4987b7bedcec}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\157.xpi [2014-03-09]
C:\Program Files (x86)\Re-markit-soft
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\User\AppData\Local\13333
C:\ProgramData\ntuser.pol
C:\Windows\system32\GroupPolicy
C:\Windows\SysWOW64\GroupPolicy
Task: {CC53C16E-6A44-4D9F-9458-8088D41C87B8} - \Re-markit Update No Task File
Task: {E7E948B7-3446-477D-8B1A-7D541ED501D3} - \AmiUpdXp No Task File
Reg: reg delete "HKEY_CURRENT_USER\Software\mozilla\Extends" /v appid /f
end
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
Firefox newtab deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\Extensions\quick_start@gmail.com => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{cf798cb9-b0d9-4ec0-a967-4987b7bedcec} => Value deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.xpi => Moved successfully.
C:\Program Files (x86)\Re-markit-soft => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
X6va015 => Service deleted successfully.
X6va017 => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\Users\User\AppData\Local\13333 => Moved successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\Windows\System32\GroupPolicy => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC53C16E-6A44-4D9F-9458-8088D41C87B8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC53C16E-6A44-4D9F-9458-8088D41C87B8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7E948B7-3446-477D-8B1A-7D541ED501D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7E948B7-3446-477D-8B1A-7D541ED501D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.

========= reg delete "HKEY_CURRENT_USER\Software\mozilla\Extends" /v appid /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========



The system needed a reboot. 

==== End of Fixlog ====
         
HitmanPro (bevor die funde gelöscht sind)
Code:
ATTFilter
HitmanPro 3.7.9.212
www.hitmanpro.com

   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-03-14 17:14:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 64

   Objects scanned . . . : 1.614.360
   Files scanned . . . . : 18.794
   Remnants scanned  . . : 429.123 files / 1.166.443 keys

Malware _____________________________________________________________________

   C:\Users\User\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe
      Size . . . . . . . : 100.864 bytes
      Age  . . . . . . . : 336.1 days (2013-04-12 15:10:43)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : B3DB2337A7EBB2AD25D430ED5B8FBEDE6FC598C24729FE5E03D319F3CED4E2E0
    > Bitdefender  . . . : Trojan.Generic.10250073
      Fuzzy  . . . . . . : 98.0

   C:\zoek_backup\C_Users_User_AppData_Roaming_HPP\wupdte.exe
      Size . . . . . . . : 10.752 bytes
      Age  . . . . . . . : 1.9 days (2014-03-12 19:44:13)
      Entropy  . . . . . : 5.1
      SHA-256  . . . . . : 294587D993EC106B446DB2F5D9FDE320A9D39DE8188F02754CB2562A6D0FAD08
      Description  . . . : wupdte
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . :  
    > Bitdefender  . . . : Trojan.Generic.9894453
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -4.8s C:\zoek_backup\restore.txt
         -4.8s C:\zoek_backup\C_Users_User_AppData_Roaming_Mozilla_Firefox_Profiles_3k5dhc3m.default_prefs__1944_.backup.vir
         -3.6s C:\zoek_backup\C_Users_User_.android\
         -3.5s C:\zoek_backup\C_Users_User_.android\adbkey
         -3.5s C:\zoek_backup\C_Users_User_.android\adbkey.pub
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\atl100.dll
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\BrowserHelpersInstaller.exe
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\DVDVideoSoft.Resources.dll
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\DVSSysReport.exe
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\DVSUpdate.exe
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\IEDownloadMenuAndBtns.dll
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\IEDownloadMenuAndBtns64.dll
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\insthpr.exe
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\mfc100u.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\mfcm100u.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\msvcp100.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\msvcr100.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\Newtonsoft.Json.Net20.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\PrerequisiteCheck.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\SettingsHelper.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\SubscriptionOffer.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tier0-pinv-1.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ytgroovlc.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVDVideoSoft.AppFx.resources.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVDVideoSoft.DialogForms.resources.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVDVideoSoft.Resources.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVSSysReport.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\PrerequisiteCheck.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\SubscriptionOffer.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVDVideoSoft.AppFx.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVDVideoSoft.DialogForms.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVDVideoSoft.Resources.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVSSysReport.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\PrerequisiteCheck.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\SubscriptionOffer.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVDVideoSoft.AppFx.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVDVideoSoft.DialogForms.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVDVideoSoft.Resources.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVSSysReport.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\PrerequisiteCheck.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\SubscriptionOffer.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVDVideoSoft.AppFx.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVDVideoSoft.DialogForms.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVDVideoSoft.Resources.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVSSysReport.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\PrerequisiteCheck.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\SubscriptionOffer.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVDVideoSoft.AppFx.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVDVideoSoft.DialogForms.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVDVideoSoft.Resources.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVSSysReport.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\PrerequisiteCheck.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\SubscriptionOffer.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVDVideoSoft.AppFx.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVDVideoSoft.DialogForms.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVDVideoSoft.Resources.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVSSysReport.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\PrerequisiteCheck.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVDVideoSoft.AppFx.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVDVideoSoft.DialogForms.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVDVideoSoft.Resources.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVSSysReport.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\PrerequisiteCheck.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\SubscriptionOffer.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVDVideoSoft.AppFx.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVDVideoSoft.DialogForms.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVDVideoSoft.Resources.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVSSysReport.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\PrerequisiteCheck.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\SubscriptionOffer.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVDVideoSoft.AppFx.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVDVideoSoft.DialogForms.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVDVideoSoft.Resources.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVSSysReport.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\PrerequisiteCheck.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\SubscriptionOffer.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVDVideoSoft.AppFx.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVDVideoSoft.DialogForms.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVDVideoSoft.Resources.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVSSysReport.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\PrerequisiteCheck.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\SubscriptionOffer.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVDVideoSoft.AppFx.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVDVideoSoft.DialogForms.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVDVideoSoft.Resources.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVSSysReport.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\PrerequisiteCheck.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\SubscriptionOffer.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVDVideoSoft.AppFx.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVDVideoSoft.DialogForms.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVDVideoSoft.Resources.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVSSysReport.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\PrerequisiteCheck.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\SubscriptionOffer.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVDVideoSoft.AppFx.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVDVideoSoft.DialogForms.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVDVideoSoft.Resources.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVSSysReport.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\PrerequisiteCheck.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\SubscriptionOffer.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVDVideoSoft.AppFx.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVDVideoSoft.DialogForms.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVDVideoSoft.Resources.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVSSysReport.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\PrerequisiteCheck.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\SubscriptionOffer.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVDVideoSoft.AppFx.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVDVideoSoft.DialogForms.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVDVideoSoft.Resources.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVSSysReport.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\PrerequisiteCheck.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHS\
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHS\DVDVideoSoft.Resources.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\SubscriptionOffer.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHS\SubscriptionOffer.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHT\
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHT\DVDVideoSoft.Resources.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHT\SubscriptionOffer.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVDVideoSoft.AppFx.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVDVideoSoft.DialogForms.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVDVideoSoft.Resources.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVSSysReport.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\PrerequisiteCheck.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\SubscriptionOffer.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVDVideoSoft.AppFx.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVDVideoSoft.DialogForms.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVDVideoSoft.Resources.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVSSysReport.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\PrerequisiteCheck.resources.dll
         -1.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\SubscriptionOffer.resources.dll
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Readme.txt
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Setup.dat
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Setup.exe
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Setup.ico
         -1.8s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\TsuDll.dll
         -1.8s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\_Setup.dll
         -1.8s C:\zoek_backup\C_Users_User_AppData_Local_avgchrome\
         -1.8s C:\zoek_backup\C_Users_User_AppData_Local_avgchrome\avgp
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\24oojbk0.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\2db7f4hp.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\2kolj8xp.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\3pff9xd0.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\6gkpgkgp.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\gmu8lpbp.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\p47yoy3p.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\26rb70ea.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\27x6egca.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\28cxfqoq.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2adeedza.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2htydrk1.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2y15i5dq.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2zb6ym8q.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\39z7j3pq.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\3bnv6vua.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\hdlcfcy1.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\sciws5i1.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\17ob3rb2.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\1ozft862.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\20t318q2.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\2olqmat2.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\2yq5gv62.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\37mn60zr.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\3ptrm7s2.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\156pw8e3.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\1n2mgee3.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\1qcqfnlc.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\1x3hpzbs.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\2317x5kc.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\285w2qg3.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\dw94nbs3.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\mhgoxr4c.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\q3x5mjuc.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1263cmxt.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1ccf72bt.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1ohtdc64.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1u4imsyt.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\2cwy0vkd.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\2o7cstld.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\315volld.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\9o7d4kgt.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\lr7ii0r4.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\oz86eb0d.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\13ttpxq5.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\16p4qik5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1djsm1v5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1j44fvte.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1kan2dc5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1sr6fv2u.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1wglxe85.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\26jk49bu.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\2ixunlf5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\31up9p35.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\352cxu0u.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\35oydmeu.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3auxirle.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3fz0czm5.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3lft60je.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3u6nulou.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\nvc7qz1u.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\13vnsv66.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\1ardrua6.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\1khdo0j6.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\29gpatcv.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\2v38v456.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\33qouog6.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3d6clwif.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3ec1gm4v.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3fhrpk5v.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3fpjryaf.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\c5qgqqcv.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\nzq8i4uf.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\1l5u41jg.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\1u255shg.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\217mx137.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\26omvijg.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\28j2eks7.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2bs28gjg.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2c1ig19w.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2cy8w32w.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2e9sygow.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2ub3xqhw.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\369vwf77.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\36i4ceo7.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\3rju97o7.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\1u3rukb8.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\20gvh6dx.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\2o00rkoh.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\3lq7gqqh.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\ll4pvn8h.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\z0nlbmhh.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\1026jw4y.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\1az4s21y.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\1j681wxy.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\2gbx2gti.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\2n8kvku9.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\9bolvw7i.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\dkcmnmsy.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\kj3na9ni.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\xwqu1rn9.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\15yop5pz.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\1g164e4j.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\1wsecsej.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\2aoztfjz.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\2da25t2z.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\2iduv9jz.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\4tzhsucz.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\tn96d5yz.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\b\
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\b\2683lelk.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\b\yfm0ur7k.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\c\
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\2kgrv1xm.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\2rjwcz0m.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\372r0o1m.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\3hmmcnwm.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\gp0j6bim.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\wv4memmm.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\23jfwrpn.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\2d5fujln.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\3ss3klxn.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\9bnshwin.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\2f7qpkgo.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\39nrp0ao.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\3j18m0po.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\fj7qiq0o.d
         -0.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\prepared\
         -0.0s C:\zoek_backup\C_Users_User_AppData_Roaming_HPP\
          0.0s C:\zoek_backup\C_Users_User_AppData_Roaming_HPP\wupdte.exe
          0.0s C:\zoek_backup\C_Users_User_daemonprocess.txt.vir
          0.0s C:\zoek_backup\C_Users_User_Downloads_FreeYouTubeToMP3Converter.exe.vir
          0.2s C:\zoek_backup\C_Windows_wininit.ini.vir
          0.2s C:\zoek_backup\C_Windows_Syswow64_SET9C46.tmp.vir
          0.2s C:\zoek_backup\C_Windows_Syswow64_SETB2D8.tmp.vir
          0.4s C:\zoek_backup\C_Windows_Syswow64_SETBCCE.tmp.vir
          0.5s C:\zoek_backup\C_Users_User_Downloads_wpsetup.exe.vir


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\55SVN3K3.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\8SJ1IXP1.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\9T04X25R.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\DFUHCJZP.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\G7G60O5E.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\GJW0DYBB.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\H5DWRVEZ.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\H7QCRD6H.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\J13MFOAV.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\JOVXSGKL.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\KY5SL3W3.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\L49V0S1U.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\MBOIOICM.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\O3MRHK01.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Q3VJIJWQ.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Q9CY2RYR.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\T3GK0AXT.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\VQSVQXHC.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\W4LF1CME.txt
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ad.zanox.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.glispa.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.trackitdown.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.yahoo.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:adtech.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:adultswim.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:apmebf.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:atdmt.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:burstnet.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:celebrityfake.xxx
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:de.sitestat.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:doubleclick.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:games.adultswim.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:pornpicsgirls.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:revsci.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:serving-sys.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:statcounter.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:stats.paypal.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:track.adform.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:track.zalando.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:tradedoubler.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.etracker.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.freecamsexposed.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.googleadservices.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.pornpicsgirls.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:xiti.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:yadro.ru
         
HitmanPro (nach dem löschen der Funde):
Code:
ATTFilter
HitmanPro 3.7.9.212
www.hitmanpro.com

   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-03-14 17:14:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 64

   Objects scanned . . . : 1.614.360
   Files scanned . . . . : 18.794
   Remnants scanned  . . : 429.123 files / 1.166.443 keys

Malware _____________________________________________________________________

   C:\Users\User\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe -> Quarantined
      Size . . . . . . . : 100.864 bytes
      Age  . . . . . . . : 336.1 days (2013-04-12 15:10:43)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : B3DB2337A7EBB2AD25D430ED5B8FBEDE6FC598C24729FE5E03D319F3CED4E2E0
    > Bitdefender  . . . : Trojan.Generic.10250073
      Fuzzy  . . . . . . : 98.0

   C:\zoek_backup\C_Users_User_AppData_Roaming_HPP\wupdte.exe -> Quarantined
      Size . . . . . . . : 10.752 bytes
      Age  . . . . . . . : 1.9 days (2014-03-12 19:44:13)
      Entropy  . . . . . : 5.1
      SHA-256  . . . . . : 294587D993EC106B446DB2F5D9FDE320A9D39DE8188F02754CB2562A6D0FAD08
      Description  . . . : wupdte
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . :  
    > Bitdefender  . . . : Trojan.Generic.9894453
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -4.8s C:\zoek_backup\restore.txt
         -4.8s C:\zoek_backup\C_Users_User_AppData_Roaming_Mozilla_Firefox_Profiles_3k5dhc3m.default_prefs__1944_.backup.vir
         -3.6s C:\zoek_backup\C_Users_User_.android\
         -3.5s C:\zoek_backup\C_Users_User_.android\adbkey
         -3.5s C:\zoek_backup\C_Users_User_.android\adbkey.pub
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\atl100.dll
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\BrowserHelpersInstaller.exe
         -3.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\DVDVideoSoft.Resources.dll
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\DVSSysReport.exe
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\DVSUpdate.exe
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\IEDownloadMenuAndBtns.dll
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\IEDownloadMenuAndBtns64.dll
         -3.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\insthpr.exe
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\mfc100u.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\mfcm100u.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\msvcp100.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\msvcr100.dll
         -3.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\Newtonsoft.Json.Net20.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\PrerequisiteCheck.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\SettingsHelper.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\SubscriptionOffer.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tier0-pinv-1.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ytgroovlc.exe
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVDVideoSoft.AppFx.resources.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVDVideoSoft.DialogForms.resources.dll
         -3.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVDVideoSoft.Resources.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\DVSSysReport.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\PrerequisiteCheck.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\da-DK\SubscriptionOffer.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVDVideoSoft.AppFx.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVDVideoSoft.DialogForms.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVDVideoSoft.Resources.resources.dll
         -3.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\DVSSysReport.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\PrerequisiteCheck.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\de-DE\SubscriptionOffer.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVDVideoSoft.AppFx.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVDVideoSoft.DialogForms.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVDVideoSoft.Resources.resources.dll
         -3.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\DVSSysReport.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\PrerequisiteCheck.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\el-GR\SubscriptionOffer.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVDVideoSoft.AppFx.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVDVideoSoft.DialogForms.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVDVideoSoft.Resources.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\DVSSysReport.resources.dll
         -2.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\PrerequisiteCheck.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\es-ES\SubscriptionOffer.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVDVideoSoft.AppFx.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVDVideoSoft.DialogForms.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVDVideoSoft.Resources.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\DVSSysReport.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\PrerequisiteCheck.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\fr-FR\SubscriptionOffer.resources.dll
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\
         -2.8s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVDVideoSoft.AppFx.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVDVideoSoft.DialogForms.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVDVideoSoft.Resources.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\DVSSysReport.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\hu-HU\PrerequisiteCheck.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVDVideoSoft.AppFx.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVDVideoSoft.DialogForms.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVDVideoSoft.Resources.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\DVSSysReport.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\PrerequisiteCheck.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\it-IT\SubscriptionOffer.resources.dll
         -2.7s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVDVideoSoft.AppFx.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVDVideoSoft.DialogForms.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVDVideoSoft.Resources.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\DVSSysReport.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\PrerequisiteCheck.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ja-JP\SubscriptionOffer.resources.dll
         -2.6s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVDVideoSoft.AppFx.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVDVideoSoft.DialogForms.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVDVideoSoft.Resources.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\DVSSysReport.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\PrerequisiteCheck.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\nl-NL\SubscriptionOffer.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVDVideoSoft.AppFx.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVDVideoSoft.DialogForms.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVDVideoSoft.Resources.resources.dll
         -2.5s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\DVSSysReport.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\PrerequisiteCheck.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pl-PL\SubscriptionOffer.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVDVideoSoft.AppFx.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVDVideoSoft.DialogForms.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVDVideoSoft.Resources.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\DVSSysReport.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\PrerequisiteCheck.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-BR\SubscriptionOffer.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVDVideoSoft.AppFx.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVDVideoSoft.DialogForms.resources.dll
         -2.4s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVDVideoSoft.Resources.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\DVSSysReport.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\PrerequisiteCheck.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\pt-PT\SubscriptionOffer.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVDVideoSoft.AppFx.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVDVideoSoft.DialogForms.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVDVideoSoft.Resources.resources.dll
         -2.3s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\DVSSysReport.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\PrerequisiteCheck.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\ru-RU\SubscriptionOffer.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVDVideoSoft.AppFx.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVDVideoSoft.DialogForms.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVDVideoSoft.Resources.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\DVSSysReport.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\PrerequisiteCheck.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\sv-SE\SubscriptionOffer.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVDVideoSoft.AppFx.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVDVideoSoft.DialogForms.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVDVideoSoft.Resources.resources.dll
         -2.2s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\DVSSysReport.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\PrerequisiteCheck.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHS\
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHS\DVDVideoSoft.Resources.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\tr-TR\SubscriptionOffer.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHS\SubscriptionOffer.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHT\
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHT\DVDVideoSoft.Resources.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CHT\SubscriptionOffer.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVDVideoSoft.AppFx.resources.dll
         -2.1s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVDVideoSoft.DialogForms.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVDVideoSoft.Resources.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\DVSSysReport.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\PrerequisiteCheck.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-CN\SubscriptionOffer.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVDVideoSoft.AppFx.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVDVideoSoft.DialogForms.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVDVideoSoft.Resources.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\DVSSysReport.resources.dll
         -2.0s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\PrerequisiteCheck.resources.dll
         -1.9s C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_bin\zh-TW\SubscriptionOffer.resources.dll
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Readme.txt
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Setup.dat
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Setup.exe
         -1.9s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\Setup.ico
         -1.8s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\TsuDll.dll
         -1.8s C:\zoek_backup\C_PROGRA~3_InstallMate\{84481A87-2316-4923-8FAB-3BA8CA29323D}\_Setup.dll
         -1.8s C:\zoek_backup\C_Users_User_AppData_Local_avgchrome\
         -1.8s C:\zoek_backup\C_Users_User_AppData_Local_avgchrome\avgp
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\24oojbk0.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\2db7f4hp.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\2kolj8xp.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\3pff9xd0.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\6gkpgkgp.d
         -1.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\gmu8lpbp.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\0\p47yoy3p.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\26rb70ea.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\27x6egca.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\28cxfqoq.d
         -1.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2adeedza.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2htydrk1.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2y15i5dq.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\2zb6ym8q.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\39z7j3pq.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\3bnv6vua.d
         -1.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\hdlcfcy1.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\1\sciws5i1.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\17ob3rb2.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\1ozft862.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\20t318q2.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\2olqmat2.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\2yq5gv62.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\37mn60zr.d
         -1.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\2\3ptrm7s2.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\156pw8e3.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\1n2mgee3.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\1qcqfnlc.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\1x3hpzbs.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\2317x5kc.d
         -1.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\285w2qg3.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\dw94nbs3.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\mhgoxr4c.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\3\q3x5mjuc.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1263cmxt.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1ccf72bt.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1ohtdc64.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\1u4imsyt.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\2cwy0vkd.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\2o7cstld.d
         -1.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\315volld.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\9o7d4kgt.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\lr7ii0r4.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\4\oz86eb0d.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\13ttpxq5.d
         -1.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\16p4qik5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1djsm1v5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1j44fvte.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1kan2dc5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1sr6fv2u.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\1wglxe85.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\26jk49bu.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\2ixunlf5.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\31up9p35.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\352cxu0u.d
         -1.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\35oydmeu.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3auxirle.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3fz0czm5.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3lft60je.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\3u6nulou.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\5\nvc7qz1u.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\13vnsv66.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\1ardrua6.d
         -0.9s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\1khdo0j6.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\29gpatcv.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\2v38v456.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\33qouog6.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3d6clwif.d
         -0.8s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3ec1gm4v.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3fhrpk5v.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\3fpjryaf.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\c5qgqqcv.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\6\nzq8i4uf.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\1l5u41jg.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\1u255shg.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\217mx137.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\26omvijg.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\28j2eks7.d
         -0.7s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2bs28gjg.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2c1ig19w.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2cy8w32w.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2e9sygow.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\2ub3xqhw.d
         -0.6s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\369vwf77.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\36i4ceo7.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\7\3rju97o7.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\1u3rukb8.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\20gvh6dx.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\2o00rkoh.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\3lq7gqqh.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\ll4pvn8h.d
         -0.5s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\8\z0nlbmhh.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\1026jw4y.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\1az4s21y.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\1j681wxy.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\2gbx2gti.d
         -0.4s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\2n8kvku9.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\9bolvw7i.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\dkcmnmsy.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\kj3na9ni.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\9\xwqu1rn9.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\15yop5pz.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\1g164e4j.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\1wsecsej.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\2aoztfjz.d
         -0.3s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\2da25t2z.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\2iduv9jz.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\4tzhsucz.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\a\tn96d5yz.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\b\
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\b\2683lelk.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\b\yfm0ur7k.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\c\
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\2kgrv1xm.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\2rjwcz0m.d
         -0.2s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\372r0o1m.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\3hmmcnwm.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\gp0j6bim.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\d\wv4memmm.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\23jfwrpn.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\2d5fujln.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\3ss3klxn.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\e\9bnshwin.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\2f7qpkgo.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\39nrp0ao.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\3j18m0po.d
         -0.1s C:\zoek_backup\C_Users_User_AppData_Local_cache\data7\f\fj7qiq0o.d
         -0.0s C:\zoek_backup\C_Users_User_AppData_Local_cache\prepared\
         -0.0s C:\zoek_backup\C_Users_User_AppData_Roaming_HPP\
          0.0s C:\zoek_backup\C_Users_User_AppData_Roaming_HPP\wupdte.exe
          0.0s C:\zoek_backup\C_Users_User_daemonprocess.txt.vir
          0.0s C:\zoek_backup\C_Users_User_Downloads_FreeYouTubeToMP3Converter.exe.vir
          0.2s C:\zoek_backup\C_Windows_wininit.ini.vir
          0.2s C:\zoek_backup\C_Windows_Syswow64_SET9C46.tmp.vir
          0.2s C:\zoek_backup\C_Windows_Syswow64_SETB2D8.tmp.vir
          0.4s C:\zoek_backup\C_Windows_Syswow64_SETBCCE.tmp.vir
          0.5s C:\zoek_backup\C_Users_User_Downloads_wpsetup.exe.vir


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-3295961374-3500667211-776711534-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\55SVN3K3.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\8SJ1IXP1.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\9T04X25R.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\DFUHCJZP.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\G7G60O5E.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\GJW0DYBB.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\H5DWRVEZ.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\H7QCRD6H.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\J13MFOAV.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\JOVXSGKL.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\KY5SL3W3.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\L49V0S1U.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\MBOIOICM.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\O3MRHK01.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Q3VJIJWQ.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Q9CY2RYR.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\T3GK0AXT.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\VQSVQXHC.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\W4LF1CME.txt
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ad.zanox.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.glispa.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.trackitdown.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:ads.yahoo.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:adtech.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:adultswim.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:apmebf.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:atdmt.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:burstnet.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:celebrityfake.xxx
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:de.sitestat.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:doubleclick.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:games.adultswim.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:pornpicsgirls.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:revsci.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:serving-sys.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:statcounter.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:stats.paypal.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:track.adform.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:track.zalando.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:tradedoubler.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.etracker.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.freecamsexposed.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.googleadservices.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:www.pornpicsgirls.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:xiti.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3k5dhc3m.default\cookies.sqlite:yadro.ru
         
Ich war mir nicht sicher welche benötigt wird, deshalb hab ich lieber mal beide gespeichert

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=50e6d8a15b7e3541ab290444729477bf
# engine=17452
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-14 05:38:47
# local_time=2014-03-14 06:38:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 20822039 146448577 0 0
# scanned=152668
# found=0
# cleaned=0
# scan_time=4526
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.8013)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.2 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 x64 wmi64.exe 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Wenn ich einen neuen Tab öffne ist Quick-Start nicht mehr da, sondern wieder der Standard von Firefox
Und die beiden Seiten die ich in Screenshots hier gepostet habe werden auch nicht mehr geöffnet!

Sieht soweit in den ganzen logs alles gut aus?

Alt 15.03.2014, 13:03   #10
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Servus,



Zitat:
Zitat von hemmy Beitrag anzeigen
Sieht soweit in den ganzen logs alles gut aus?
es sieht schon viel besser aus, nur zeigt mir SecurityCheck an, dass dein Sicherheitscenter nicht mehr läuft, darum müssen wir uns noch kümmern.
Wir schauen uns das einmal an:




Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 15.03.2014, 16:27   #11
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Code:
ATTFilter
Farbar Service Scanner Version: 25-02-2014
Ran by User (administrator) on 15-03-2014 at 16:26:30
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         
Vielleicht stand das da, weil ich Kaspersky während SecurityCheck gelaufen ist angehalten habe, weil ich nicht sicher war, ob kaspersky das behindert

Wenn ich über die Systemsteuerung zur Firewall gehe, steht da "Diese Einstellungen werden durch Herstelleranwendung Kaspersky Internet Security verwaltet".

Alt 16.03.2014, 13:53   #12
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Servus,



Zitat:
Zitat von hemmy Beitrag anzeigen
Vielleicht stand das da, weil ich Kaspersky während SecurityCheck gelaufen ist angehalten habe, weil ich nicht sicher war, ob kaspersky das behindert

Wenn ich über die Systemsteuerung zur Firewall gehe, steht da "Diese Einstellungen werden durch Herstelleranwendung Kaspersky Internet Security verwaltet".
dann wäre das auch geklärt.







Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 16.03.2014, 15:09   #13
hemmy
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Hi,
alles erledigt und keine fragen mehr

Vielen lieben dank!

Ich wünsch dir was
hemmy

Alt 17.03.2014, 19:31   #14
M-K-D-B
/// TB-Ausbilder
 
Firefox ist infiziert - Standard

Firefox ist infiziert



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Firefox ist infiziert
browser, entfernen, firefox, gesucht, hintergrund, infiziert, installation, kaspersky, links, malwarebytes, neue, neuen, neuer, neues, nicht mehr, schließen, seite, software, startseite, suchmaschine, tab, testversion, version, öffnen, öffnet



Ähnliche Themen: Firefox ist infiziert


  1. Firefox spielt verrückt. Mit Adware infiziert. Lässt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 29.10.2015 (15)
  2. Windows 7: only-search-Virus. Firefox infiziert, CHIP.de wurde früher genutzt
    Log-Analyse und Auswertung - 31.05.2015 (12)
  3. Von Scareware/Trojaner infiziert - Firefox lässt ständig unerwünschte Werbung aufploppen!
    Log-Analyse und Auswertung - 12.04.2015 (13)
  4. win 7 laut Avast ist Firefox.exe infiziert
    Log-Analyse und Auswertung - 03.02.2015 (3)
  5. Win. 8.1: Website laut Avast bei Firefox infiziert
    Log-Analyse und Auswertung - 05.01.2015 (34)
  6. avast! meldet: URL Mal - https://54.186.138.97 - firefox.exe / Firefox addons unter anderem QueenaCouppoN
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (4)
  7. Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (3)
  8. Probleme mit Firefox, es öffnet sich beim Öffnen von Firefox immer ein zusätzlicher Tab
    Plagegeister aller Art und deren Bekämpfung - 02.12.2014 (7)
  9. Probleme mit Firefox, es öffnet sich beim Öffnen von Firefox immer ein zusätzlicher Tab
    Mülltonne - 23.11.2014 (1)
  10. Tastatureingabe in Firefox verzögert, Probleme bei der Anwahl von Checkboxen in Firefox per Maus
    Log-Analyse und Auswertung - 12.11.2014 (11)
  11. Firefox öffnet Tab zu Kreditwerbung oder FIrefox startet auch selbsbt mit der Krditwerbung
    Log-Analyse und Auswertung - 18.01.2012 (1)
  12. System infiziert. USB-Stick und Datensicherung auch infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  13. Probleme mit Firefox: firefox.exe & svchost.exe laufen mehrfach im Hintergrund. PC befallen?
    Plagegeister aller Art und deren Bekämpfung - 09.04.2011 (20)
  14. Merkwürdige Vorgänge bei Firefox, PC infiziert?
    Log-Analyse und Auswertung - 11.11.2010 (25)
  15. Internetexplorer und Firefox funktionioeren nicht mehr, Fraudpack hatte System infiziert.
    Log-Analyse und Auswertung - 03.09.2010 (1)
  16. Angehen eines Problems bei Firefox | Firefox arbeitet nicht mehr ordnungsgemäß.
    Alles rund um Windows - 23.06.2010 (4)
  17. Firefox infiziert???
    Plagegeister aller Art und deren Bekämpfung - 06.12.2005 (3)

Zum Thema Firefox ist infiziert - Hallo, ich habe mir vor ein paar Tagen während einer Installation wohl im Hintergrund unerwünschte Software für den Browser installiert... WinPatrol hat mir während der Installation einen Hintergrundvorgang gemeldet der - Firefox ist infiziert...
Archiv
Du betrachtest: Firefox ist infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.