Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.07.2014, 22:01   #1
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo zusammen,

ihr seid meine letzte Rettung, bevor ich mein System neu aufsetzen muss. Bis heute nachmittag lief noch alles problemlos. Als ich gerade mit Lightworks (Videobearbeitungsprogramm) gearbeitet hatte und Firefox 30 noch im Hintergrund geöffnet war, erschien eine Fehlermeldung, dass irgendetwas nicht installiert werden konnte. Erschien mir komisch, da ich gerade nichts installiert hatte und klickte es einfach weg (mit dem roten X in der Ecke, um auf Nummer sicher zu gehen).

Als ich mit dem Videoschnitt fertig war und es an den Upload bei youtube gehen sollte, war youtube nicht mehr erreichbar (Fehlermeldung im Browser: "Fehler: Datenübertragung unterbrochen"). Ich startete dann den Router neu und es ging immer noch nicht. Ich stellte dann fest, dass aber andere Seiten gingen. Nur youtube, gmail, google und weitere Seiten, die ich mehrmals täglich (quasi am häufigsten) nutze spuckten die Fehlermeldung aus. Ich checkte dann erstmal die Internetverbindung auf dem Laptop, da liefen alle Seiten reibungslos.

Um den Fehler auf den Firefox einzuschränken, probierte ich den Internet Explorer, aber da das gleiche Spiel:

- Pop-Ups, die zur URL "h**p://cdn.cloudwm.com/uploads/19/pop/pop.html?url=http%3A%2F%2F20d625b48e.se%2F%3Fplacement%3D400298%26redirect%26test" führen
- doppelt grün unterstrichene Textbausteine im Browser, die Vorschaubilder zu Werbeseiten ausspucken
- youtube, google, gmail und weitere "meistbesuchte" Seiten nicht verfügbar, während andere Seiten problemlos zu erreichen sind

Kaspersky hat nicht angeschlagen, Malwarebytes hat noch Reste vom "HD Streamer" gefunden, unter dem ich vor kurzem gelitten hatte. Ich hoffe, ihr könnt mir helfen, mein System noch zu retten..

Alt 14.07.2014, 22:24   #2
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.07.2014, 22:57   #3
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Sandra und Danke für die schnelle Antwort.

Hier die FRS.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by heaven_one (administrator) on HEAVEN_ONE_DESK on 14-07-2014 23:03:40
Running from C:\Users\heaven_one\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
() C:\Windows\SysWOW64\HsMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
() E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\system\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\Isis\isis.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Office2010\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-05-05] (FNet Co., Ltd.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Isis] => C:\Program Files (x86)\Isis\Isis.exe [330544 2014-07-14] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6693-c5e3-11e2-ad6d-f20518dc8237} - V:\WebOfDeceit1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6696-c5e3-11e2-ad6d-f20518dc8237} - V:\MysteryTrackers3.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6699-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669c-c5e3-11e2-ad6d-f20518dc8237} - V:\DarkDimensions2.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669f-c5e3-11e2-ad6d-f20518dc8237} - V:\Setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a2-c5e3-11e2-ad6d-f20518dc8237} - V:\AutoRun.exe setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a5-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66ae-c5e3-11e2-ad6d-f20518dc8237} - V:\autorun.exe de
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {0c1bfcc8-33e3-11e3-a2bf-d5f6d5825536} - X:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3710df5e-250a-11e3-a911-a7fd9cb2d336} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3c0e84ad-5aa3-11e3-8715-b5af60595e2a} - X:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {58900481-d40e-11e2-b8e4-9b284c39d929} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {701da640-fd48-11e2-965d-b21c2651a234} - G:\AutoRun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520863-3004-11e3-b469-995977b6d634} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520866-3004-11e3-b469-995977b6d634} - W:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {890bf1dc-c3be-11e2-8c67-ee86fe28a028} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e643-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e646-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e64e-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {a31e57cc-c836-11e2-a87d-aa2813efeb36} - V:\WitchHunters1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {b425b6c5-2872-11e3-bc5d-ac09f191ed28} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {c3a8bbae-303d-11e3-b36a-e27e933dc536} - R:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {ddefc0c1-c906-11e2-bbf4-ed6cd39dba35} - V:\setup.exe
Startup: C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> F:\Systemprogramme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9766D28426C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.eurailpress.de/news/alle-nachrichten.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\heaven_one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - E:\games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: KeeFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\keefox@chris.tomlinson [2014-06-11]
FF Extension: Live Gold - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\livegold@dotcreation [2013-05-11]
FF Extension: selectivecookiedelete - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\selectivecookiedelete@siju.mathew [2013-05-11]
FF Extension: IE Tab - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-11]
FF Extension: Live HTTP Headers - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-21]
FF Extension: ReminderFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-18]
FF Extension: DownloadHelper - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Memory Fox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-05-11]
FF Extension: Certificate Patrol - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\CertPatrol@PSYC.EU.xpi [2013-05-11]
FF Extension: anonymoX - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\client@anonymox.net.xpi [2013-05-11]
FF Extension: Viewtubes - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\FF_AddOn@viewtubes.de.xpi [2013-05-11]
FF Extension: Ghostery - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\firefox@ghostery.com.xpi [2014-01-21]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\info@convert2mp3.net.xpi [2014-07-01]
FF Extension: Quick Maps - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\map@quickmaps.me.xpi [2013-05-11]
FF Extension: Personas Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\personas@christopher.beard.xpi [2013-05-11]
FF Extension: Thumbnail Zoom Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-05-11]
FF Extension: translator - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@dontfollowme.net.xpi [2013-05-11]
FF Extension: Google Translator for Firefox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@zoli.bod.xpi [2013-06-25]
FF Extension: TweakTube - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi [2013-05-11]
FF Extension: Image Zoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-11]
FF Extension: ShowIP - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-11]
FF Extension: HttpFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-05-11]
FF Extension: {58dd2728-3045-411f-a2a4-39e35178c731} - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi [2013-11-02]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-11]
FF Extension: MeasureIt - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-09-09]
FF Extension: Secure Sanitizer - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{7e69e900-c32e-11db-8314-0800200c9a66}.xpi [2013-05-11]
FF Extension: Adblock Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-11]
FF Extension: BetterPrivacy - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-05-11]
FF Extension: DownThemAll! - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-11]
FF Extension: Greasemonkey - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-11]
FF Extension: PageZoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351}.xpi [2013-05-11]
FF Extension: Web Download Compiler Pro - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-27]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (HD Streamer) - C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-05] (FNet Co., Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 isis; C:\Windows\System32\drivers\isis.sys [47408 2014-07-14] (Windows (R) Win 7 DDK provider)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-05-19] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2014-05-19] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-08] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-30] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-11-30] (Paragon)
S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-07-17] (Acronis)
R3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X]
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Downloads\FRST64.exe
2014-07-14 23:03 - 2014-07-14 23:03 - 00030255 _____ () C:\Users\heaven_one\Downloads\FRST.txt
2014-07-14 23:03 - 2014-07-14 23:03 - 00000000 ____D () C:\FRST
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:31 - 2014-07-14 22:31 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-14 22:22 - 2014-07-14 22:22 - 00001233 _____ () C:\Users\heaven_one\Desktop\JRT.txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000119 _____ () C:\Users\heaven_one\Desktop\Neues Textdokument (2).txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 21:42 - 2014-07-14 22:03 - 00000000 ____D () C:\AdwCleaner
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:29 - 2014-07-14 22:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 21:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 16:41 - 2014-07-14 16:41 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:07 - 2014-07-14 16:08 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:04 - 2014-07-14 16:06 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 13:50 - 2014-07-14 14:12 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:49 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 10:20 - 2014-07-14 21:54 - 00084992 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:24 - 2014-07-12 11:26 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 10:24 - 2014-07-12 10:26 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:24 - 2014-07-12 10:26 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-11 10:55 - 2014-07-11 10:56 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 18:30 - 2014-07-10 18:33 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 15:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 15:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:09 - 2014-07-07 13:14 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:14 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:08 - 2014-07-07 13:09 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:01 - 2014-07-07 13:03 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:44 - 2014-07-07 11:45 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:43 - 2014-07-07 11:45 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:21 - 2014-07-07 09:23 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:10 - 2014-07-07 09:12 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 14:58 - 2014-06-22 15:09 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 20:52 - 2014-06-23 21:02 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-17 20:52 - 2014-06-17 20:52 - 11228460 _____ () C:\Users\heaven_one\Downloads\Ma2.zip
2014-06-17 20:52 - 2014-06-17 20:52 - 09469094 _____ () C:\Users\heaven_one\Downloads\Ma.zip
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Program Files (x86)\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:54 - 01551068 _____ () C:\Users\heaven_one\Documents\Sicherheitskopie_MMB.2.0.x_MyMicroBalance.mmb

==================== One Month Modified Files and Folders =======

2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Downloads\FRST64.exe
2014-07-14 23:03 - 2014-07-14 23:03 - 00030255 _____ () C:\Users\heaven_one\Downloads\FRST.txt
2014-07-14 23:03 - 2014-07-14 23:03 - 00000000 ____D () C:\FRST
2014-07-14 22:46 - 2013-06-08 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:40 - 2013-05-23 18:49 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu
2014-07-14 22:38 - 2013-09-01 14:14 - 00000000 ____D () C:\Users\heaven_one\Documents\SavedGames
2014-07-14 22:37 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 22:37 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 22:36 - 2013-05-05 10:00 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-14 22:36 - 2013-05-05 10:00 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-14 22:36 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 22:33 - 2013-05-05 00:05 - 01828476 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 22:31 - 2014-07-14 22:31 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-14 22:31 - 2013-08-02 18:46 - 00003046 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2014-07-14 22:31 - 2013-05-05 00:09 - 00002980 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-07-14 22:30 - 2014-05-04 09:06 - 00060672 _____ () C:\Windows\setupact.log
2014-07-14 22:30 - 2014-02-01 20:53 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 22:30 - 2013-05-05 00:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-14 22:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 22:29 - 2013-05-11 18:27 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\KeePass
2014-07-14 22:26 - 2013-10-13 10:49 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia
2014-07-14 22:22 - 2014-07-14 22:22 - 00001233 _____ () C:\Users\heaven_one\Desktop\JRT.txt
2014-07-14 22:22 - 2014-02-01 20:53 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 22:15 - 2014-07-14 22:15 - 00000119 _____ () C:\Users\heaven_one\Desktop\Neues Textdokument (2).txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 22:05 - 2014-07-14 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 22:05 - 2013-11-23 20:58 - 00000000 ____D () C:\Users\heaven_one\Documents\Outlook-Dateien
2014-07-14 22:04 - 2013-05-05 00:05 - 00000000 ____D () C:\Users\heaven_one
2014-07-14 22:03 - 2014-07-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-07-14 22:03 - 2014-04-06 11:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 21:54 - 2014-07-14 10:20 - 00084992 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-14 21:40 - 2014-07-14 21:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:36 - 2014-05-19 13:04 - 00006830 _____ () C:\Windows\PFRO.log
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 20:00 - 2014-04-12 10:37 - 00000000 ____D () C:\Users\Public\Documents\EyeFrame Data
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-14 17:19 - 2014-07-14 13:49 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 17:13 - 2014-05-08 19:48 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\HandBrake
2014-07-14 16:41 - 2014-07-14 16:41 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 16:24 - 2013-05-05 00:57 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\vlc
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:08 - 2014-07-14 16:07 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:06 - 2014-07-14 16:04 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 16:01 - 2013-07-04 19:51 - 00001315 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-14 16:01 - 2013-07-04 19:51 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 14:12 - 2014-07-14 13:50 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:08 - 2013-05-11 16:21 - 00265614 _____ () C:\Users\heaven_one\Documents\NewDatabase.kdbx
2014-07-14 09:24 - 2013-06-25 11:52 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Skype
2014-07-13 16:37 - 2013-06-20 13:35 - 00000000 ____D () C:\Users\heaven_one\Desktop\Dokumente
2014-07-13 09:44 - 2014-03-15 23:01 - 00071880 _____ () C:\Users\heaven_one\Desktop\801010.xlsx
2014-07-12 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:34 - 2014-04-02 13:50 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2014-07-12 11:26 - 2014-07-12 11:24 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 11:24 - 2014-03-27 18:16 - 00000000 ____D () C:\Users\heaven_one\Desktop\Cajon Workshop
2014-07-12 10:34 - 2013-12-18 22:02 - 00001841 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-07-12 10:34 - 2013-12-18 22:02 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-12 10:26 - 2014-07-12 10:24 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:26 - 2014-07-12 10:24 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-12 10:22 - 2014-04-05 09:36 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Audacity
2014-07-12 09:30 - 2013-05-31 13:13 - 00001980 _____ () C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini
2014-07-12 09:30 - 2013-05-31 13:13 - 00000000 ____D () C:\Users\heaven_one\Documents\backup_MyMicroBalance
2014-07-12 09:30 - 2013-05-30 16:41 - 02015212 _____ () C:\Users\heaven_one\Documents\MyMicroBalance.mmb
2014-07-11 10:56 - 2014-07-11 10:55 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-11 10:18 - 2014-06-04 14:56 - 00108334 _____ () C:\Windows\DPINST.LOG
2014-07-11 10:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:15 - 2009-07-14 06:45 - 00492960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 20:36 - 2013-11-23 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 20:35 - 2013-09-14 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 20:35 - 2013-05-08 00:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 18:33 - 2014-07-10 18:30 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-09 21:40 - 2013-05-05 00:30 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 21:40 - 2013-05-05 00:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:19 - 2014-04-10 18:01 - 00000000 ____D () C:\Program Files\OBS
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:56 - 2013-06-25 11:52 - 00000000 ____D () C:\ProgramData\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:14 - 2014-07-07 13:09 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:14 - 2014-07-07 13:09 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:08 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:03 - 2014-07-07 13:01 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:45 - 2014-07-07 11:44 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:45 - 2014-07-07 11:43 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:23 - 2014-07-07 09:21 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:12 - 2014-07-07 09:10 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-07 09:05 - 2013-05-11 18:27 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-07 09:05 - 2013-05-11 18:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-07-04 14:03 - 2013-07-04 19:51 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Paint.NET
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-29 14:17 - 2013-05-05 00:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-23 23:38 - 2013-07-13 15:15 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\FileZilla
2014-06-23 21:56 - 2013-11-23 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-23 21:56 - 2013-07-13 15:15 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-23 21:02 - 2014-06-17 20:52 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-23 19:59 - 2014-04-03 12:02 - 00003584 _____ () C:\Users\heaven_one\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-23 16:55 - 2013-05-11 14:22 - 00000000 ____D () C:\Users\heaven_one\Desktop\teamspeak3-server_win64
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 15:09 - 2014-06-22 14:58 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-20 22:14 - 2014-07-10 15:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-10 15:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 09:17 - 2014-02-01 20:53 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 09:17 - 2014-02-01 20:53 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 09:05 - 2013-05-05 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 03:39 - 2014-07-10 15:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 15:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 15:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 15:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 15:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 15:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 15:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 15:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 15:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 15:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 15:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 15:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 15:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 15:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 15:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 15:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 15:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 15:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 15:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 15:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 15:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 15:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 15:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 15:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 15:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 15:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 15:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 15:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 15:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 15:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 15:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 15:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 15:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 15:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 15:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 15:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 15:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 15:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 15:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 04:18 - 2014-07-10 15:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 15:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 15:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 20:52 - 2014-06-17 20:52 - 11228460 _____ () C:\Users\heaven_one\Downloads\Ma2.zip
2014-06-17 20:52 - 2014-06-17 20:52 - 09469094 _____ () C:\Users\heaven_one\Downloads\Ma.zip
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Program Files (x86)\MyMicroBalance
2014-06-16 17:54 - 2014-06-16 17:56 - 01551068 _____ () C:\Users\heaven_one\Documents\Sicherheitskopie_MMB.2.0.x_MyMicroBalance.mmb

Some content of TEMP:
====================
C:\Users\heaven_one\AppData\Local\Temp\A~NSISu_.exe
C:\Users\heaven_one\AppData\Local\Temp\Uninstall.exe
C:\Users\heaven_one\AppData\Local\Temp\wcduninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 15:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Und hier die Additions.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by heaven_one at 2014-07-14 23:04:03
Running from C:\Users\heaven_one\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

3DZUG Polizei (HKLM-x32\...\DAE2779A-8A6E-42A1-9698-8ED0F3CF9B68_is1) (Version: 1.0 - 3DZUG)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
aerosoft's - Berlin-Wittenberg (HKLM-x32\...\{04D946B3-0B81-41A4-A793-B59000EAEAA8}) (Version: 1.00 - aerosoft)
aerosoft's - Im Koeblitzer Bergland (HKLM-x32\...\{8B8ABACE-3DF1-4DDC-8BF5-3D2D368E3E64}) (Version: 1.20 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.02 - aerosoft)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
ASRock 3TB+ Unlocker v1.0 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.209 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft Montreal)
ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.0.22 - ASUS)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Back to the Future: Ep 1 - It's About Time (HKLM-x32\...\Steam App 31290) (Version:  - Telltale Games)
Back to the Future: Ep 2 - Get Tannen! (HKLM-x32\...\Steam App 94500) (Version:  - )
Back to the Future: Ep 3 - Citizen Brown (HKLM-x32\...\Steam App 94510) (Version:  - )
Back to the Future: Ep 4 - Double Visions (HKLM-x32\...\Steam App 94520) (Version:  - )
Back to the Future: Ep 5 - OUTATIME (HKLM-x32\...\Steam App 94530) (Version:  - )
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version:  - Threaks)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - )
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version:  - Larian Studios)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
EyeFrame Converter 1.8.1 (HKLM-x32\...\{DAEA793F-1378-45D1-A4AD-8ED944AA1F76}_is1) (Version:  - Tin2tin)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Game of Thrones  (HKLM-x32\...\Steam App 208730) (Version:  - Cyanide Studios)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hector: Ep 1 (HKLM-x32\...\Steam App 94600) (Version:  - )
Hector: Ep 2 (HKLM-x32\...\Steam App 94610) (Version:  - )
Hector: Ep 3 (HKLM-x32\...\Steam App 94620) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Trains - Three Country Corner Route (HKLM-x32\...\{8591C645-D5C9-4357-8566-C7945AC2DE65}) (Version: 1.00.0000 - Just Trains)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version:  - Crystal Dynamics)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.8.2 - Loksim3D)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office-korrekturverktøy 2013 - bokmål  (HKLM\...\{90150000-001F-0414-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{cde5fd82-4a8f-483e-adf0-ca7343d00433}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mountain Trap - Das Anwesen der Erinnerungen (HKCU\...\Mountain Trap - Das Anwesen der Erinnerungen 1.0) (Version: 1.0 - Dok)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9AFDC558-9575-48B8-BC39-CCAACB8DC05E}) (Version: 4.4.1.0 - Alexander Nikiforov)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Game Long Name (HKLM\...\UDK-e262b0e0-c32a-4c0f-85a7-4038dee9f6ff) (Version:  - Epic Games, Inc.)
MyMicroBalance (HKLM-x32\...\{D5D2D341-52AE-4811-9BFF-85FE26C23721}) (Version: 3.0.0 - startzentrum GmbH & Co KG)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.50 (Version: 337.50 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OMSI - Hamburg (HKLM-x32\...\{CBAF25BB-BD31-4663-84C8-13104B3D3DCC}) (Version: 1.11 - aerosoft)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
OMSI 2 FX Version 1.0 (HKLM-x32\...\{A74A4675-0C9B-49EA-AEFF-CB7D132E2D87}_is1) (Version: 1.0 - Thomas Schlichtinger/OmsiSoftware.de)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Paragon Hard Disk Manager™ 12 Suite (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - )
Puzzle Agent (HKLM-x32\...\Steam App 31270) (Version:  - Telltale Games)
Puzzle Agent 2 (HKLM-x32\...\Steam App 94590) (Version:  - )
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version:  - Wizarbox)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RivaTuner Statistics Server 5.3.0 (HKLM-x32\...\RTSS) (Version: 5.3.0 - Unwinder)
RW_Tools V4 (HKCU\...\RW_Tools V4) (Version:  - )
Sam & Max 301: The Penal Zone (HKLM-x32\...\Steam App 31220) (Version:  - Telltale Games)
Sam & Max 302: The Tomb of Sammun-Mak (HKLM-x32\...\Steam App 31230) (Version:  - Telltale Games)
Sam & Max 303: They Stole Max's Brain! (HKLM-x32\...\Steam App 31240) (Version:  - Telltale Games)
Sam & Max 304: Beyond the Alley of the Dolls (HKLM-x32\...\Steam App 31250) (Version:  - Telltale Games)
Sam & Max 305: The City that Dares not Sleep (HKLM-x32\...\Steam App 31260) (Version:  - Telltale Games)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Scrolls (HKLM-x32\...\Scrolls 1.0.0) (Version: 1.0.0 - Mojang)
Scrolls (x32 Version: 1.0.0 - Mojang) Hidden
Seagate DiscWizard (HKLM-x32\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Solaris Urbino 12 III - Version 2.01 by CNB-Projekts - (HKCU\...\Solaris Urbino 12 III - Version 2.01 by CNB-Projekts -) (Version:  - )
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SweetFX Configurator (HKCU\...\f4ebec2474b2f64a) (Version: 1.3.2.27 - SweetFX Configurator)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version:  - Frogwares)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.3 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.3 - Ubisoft) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
UKTS Freeware Pack - AP Class 142 Scenario Pack #1 (HKLM-x32\...\{FC98D1D7-713F-464C-8881-B08C04DB1BBA}) (Version: 1.0.1 - UKTrainSim)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (HKLM-x32\...\{07BB63A6-188D-4447-A0B6-8ED8B2075B81}) (Version: 1.0.9 - UKTrainSim)
UKTS Freeware Pack - Clutter #1 (HKLM-x32\...\{F355333F-795E-4593-ACAA-5C0F9D719D49}) (Version: 1.0.6 - UKTrainSim)
UKTS Freeware Pack - Commercial #1 (HKLM-x32\...\{64C9CBEC-1260-44F1-9304-F0CF9EFF9951}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Foliage #1 (HKLM-x32\...\{E7B3D305-0229-4720-81A5-811E2E23DE43}) (Version: 1.0.2 - UKTrainSim)
UKTS Freeware Pack - Housing #1 (HKLM-x32\...\{AAEA1063-229A-406B-9962-864AEFBBD82F}) (Version: 1.1.1 - UKTrainSim)
UKTS Freeware Pack - Industrial #1 (HKLM-x32\...\{B19E2B7A-745D-4B67-B21B-C97F727F3923}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Railway Buildings #1 (HKLM-x32\...\{13969A12-BC34-42DB-906D-D55FA9675EC2}) (Version: 1.0.4 - UKTrainSim)
UKTS Freeware Pack - UK Carriages #1 (HKLM-x32\...\{5CBFEC54-FA2C-4A96-A203-FBDBC5C40D69}) (Version: 1.1.2 - UKTrainSim)
UKTS Freeware Pack - UK Classic Diesel and Electric #1 (HKLM-x32\...\{8413AD1E-09F1-42F9-A33C-5FF3EC8EA308}) (Version: 1.1.4 - UKTrainSim)
UKTS Freeware Pack - UK DMUs-EMUs-Trams #1 (HKLM-x32\...\{2F554E44-C40D-4685-B73F-4E3701765B8C}) (Version: 1.1.4 - UKTrainSim)
UKTS Freeware Pack - UK Steam #1 (HKLM-x32\...\{BF9DC935-7351-406E-9073-A364827AAA8D}) (Version: 1.1.1 - UKTrainSim)
UKTS Freeware Pack - UK Wagons #1 (HKLM-x32\...\{2CEDFC42-C1AC-443D-A11D-4BA201CC2C84}) (Version: 1.1.3 - UKTrainSim)
UKTS Freeware Route Pack - Coniston Branch (HKLM-x32\...\{A911FCA6-F910-4065-868D-9828C285944B}) (Version: 1.0.7 - UKTrainSim)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wallace & Gromit Ep 1: Fright of the Bumblebees (HKLM-x32\...\Steam App 31100) (Version:  - Telltale Games)
Wallace & Gromit Ep 2: The Last Resort (HKLM-x32\...\Steam App 31110) (Version:  - Telltale Games)
Wallace & Gromit Ep 3: Muzzled! (HKLM-x32\...\Steam App 31120) (Version:  - Telltale Games)
Wallace & Gromit Ep 4: The Bogey Man (HKLM-x32\...\Steam App 31130) (Version:  - Telltale Games)
Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version:  - Eugen Systems)
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Ino-Co Plus)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World Landscapes (HKLM-x32\...\World Landscapes1.08.06.12 - Freeware Edition) (Version: 1.08.06.12 - Freeware Edition - 3DTrains)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)
Zusi 2.4 (HKLM-x32\...\Zusi - Der Zugsimulator_is1) (Version: 2.4 - Carsten Hoelscher)

==================== Restore Points  =========================

04-07-2014 06:49:29 Windows Update
04-07-2014 12:02:47 paint.net v4.0
08-07-2014 06:14:55 Windows Update
10-07-2014 18:33:49 Windows Update
14-07-2014 14:01:03 paint.net v4.0.1
14-07-2014 19:40:23 Prüfpunkt von HitmanPro
14-07-2014 19:40:53 Prüfpunkt von HitmanPro
14-07-2014 20:02:55 Wiederherstellungsvorgang
14-07-2014 20:12:54 Prüfpunkt von HitmanPro
14-07-2014 20:37:59 Removed Path of Exile

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0299508D-4F47-43AC-9268-2BAA4E402238} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {0B1CA921-BA41-4E99-A121-2D94E0647ABA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {3141C657-C2A6-4545-B8ED-00839CE1E669} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe [2012-10-25] (ASRock)
Task: {4B4C08FD-7DF1-4A58-9E87-5825A5614571} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {7052EB1A-655A-4741-AF38-6D37E4CA51DB} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {7B70A393-0F58-47BA-8604-76B883ED4DB8} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-07-18] ()
Task: {DBDC3E80-A3C9-48EA-B2E4-AEF617A9B642} - System32\Tasks\AsrXTU => E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe [2012-04-12] ()
Task: {FBB8097F-B2D1-40A9-8684-E64C7D747CB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-05 00:25 - 2014-03-27 04:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-24 21:30 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-05-05 00:44 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-05-04 22:33 - 2012-04-12 21:32 - 08455464 _____ () E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe
2013-05-05 00:44 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-07-07 09:06 - 2014-07-07 09:06 - 00046080 _____ () C:\Users\heaven_one\AppData\Local\KeePass\PluginCache\J1dTSUyDMfoJCshbCV5J\Fleck2.dll
2014-07-14 16:41 - 2014-07-14 16:41 - 00330544 _____ () C:\Program Files (x86)\Isis\isis.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-05-04 22:33 - 2012-02-24 11:53 - 00094208 _____ () E:\backup neuinstall\ASRock Utility\AXTU\Bin\IccLibDll.DLL
2013-11-24 21:30 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-04 10:25 - 2014-04-04 10:25 - 00102400 _____ () C:\Program Files (x86)\Isis\nfapi.dll
2014-06-05 06:41 - 2014-06-05 06:41 - 00331776 _____ () C:\Program Files (x86)\Isis\ProtocolFilters.dll
2014-06-18 12:27 - 2014-06-18 12:27 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-05 00:41 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-09 21:40 - 2014-07-09 21:40 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: XBOX 360 For Windows (Headset)
Description: USB-Audiogerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-USB-Audio)
Service: usbaudio
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ASUS Xonar DG Audio Device
Description: ASUS Xonar DG Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK
Service: cmudaxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: COMODO Internet Security Helper Driver
Description: COMODO Internet Security Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: cmdHlp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 10:26:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = DarksidersInstaller wurde entfernt.; Fehler = 0x80070005).

Error: (07/14/2014 10:26:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed DarksidersInstaller.; Fehler = 0x80070005).


System errors:
=============
Error: (07/14/2014 10:30:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/14/2014 10:29:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/14/2014 10:26:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (07/14/2014 10:26:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VDarksidersInstaller wurde entfernt.0x80070005

Error: (07/14/2014 10:26:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved DarksidersInstaller.0x80070005


CodeIntegrity Errors:
===================================
  Date: 2014-07-12 21:44:16.826
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.826
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.818
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-08 15:25:48.472
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-08 15:25:48.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-08 15:25:48.470
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-08 15:25:48.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 16348.18 MB
Available physical RAM: 12928.44 MB
Total Pagefile: 32694.54 MB
Available Pagefile: 29262.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (heaven_one_desk) (Fixed) (Total:238.47 GB) (Free:46.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Games) (Fixed) (Total:2599.08 GB) (Free:591.78 GB) NTFS
Drive f: (Programme) (Fixed) (Total:195.31 GB) (Free:102.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 667FF7DE)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2795 GB) (Disk ID: B6B1A4E8)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 14.07.2014, 23:45   #4
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Railworker,

danke

Bitte verschiebe FRST noch auf dem Desktop.
Poste mir bitte noch die Logs vom Adwarecleaner und JRT, Hitmanpro hat auch nichts gefunden?

Wie sieht es nach folgenden Schritten aus?

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :
Open AL
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    FFdefaults;
    CHRdefaults;
    emptyIEcache;
    emptyFFcache;
    emptyCHRcache;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 3
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.

Alt 15.07.2014, 11:08   #5
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Wow, das ging ja echt zügig mit deinem Feedback. Schonmal lieben Dank für deine Mühen!

OpenAL habe ich deinstalliert. HitmanPro oder Malwarebyte hatte bei der ersten Suche Rste von "HD Streamer" gefunden, jetzt bei weiteren Suchen wird alles als "sauber" angezeigt.

Hier der Log von FRST mit der Datei auf dem Desktop:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by heaven_one (administrator) on HEAVEN_ONE_DESK on 15-07-2014 06:24:42
Running from C:\Users\heaven_one\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
() E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\Isis\isis.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Office2010\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-05-05] (FNet Co., Ltd.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Isis] => C:\Program Files (x86)\Isis\Isis.exe [330544 2014-07-14] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6693-c5e3-11e2-ad6d-f20518dc8237} - V:\WebOfDeceit1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6696-c5e3-11e2-ad6d-f20518dc8237} - V:\MysteryTrackers3.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6699-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669c-c5e3-11e2-ad6d-f20518dc8237} - V:\DarkDimensions2.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669f-c5e3-11e2-ad6d-f20518dc8237} - V:\Setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a2-c5e3-11e2-ad6d-f20518dc8237} - V:\AutoRun.exe setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a5-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66ae-c5e3-11e2-ad6d-f20518dc8237} - V:\autorun.exe de
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {0c1bfcc8-33e3-11e3-a2bf-d5f6d5825536} - X:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3710df5e-250a-11e3-a911-a7fd9cb2d336} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3c0e84ad-5aa3-11e3-8715-b5af60595e2a} - X:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {58900481-d40e-11e2-b8e4-9b284c39d929} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {701da640-fd48-11e2-965d-b21c2651a234} - G:\AutoRun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520863-3004-11e3-b469-995977b6d634} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520866-3004-11e3-b469-995977b6d634} - W:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {890bf1dc-c3be-11e2-8c67-ee86fe28a028} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e643-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e646-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e64e-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {a31e57cc-c836-11e2-a87d-aa2813efeb36} - V:\WitchHunters1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {b425b6c5-2872-11e3-bc5d-ac09f191ed28} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {c3a8bbae-303d-11e3-b36a-e27e933dc536} - R:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {ddefc0c1-c906-11e2-bbf4-ed6cd39dba35} - V:\setup.exe
Startup: C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> F:\Systemprogramme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9766D28426C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.eurailpress.de/news/alle-nachrichten.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\heaven_one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - E:\games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: KeeFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\keefox@chris.tomlinson [2014-06-11]
FF Extension: Live Gold - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\livegold@dotcreation [2013-05-11]
FF Extension: selectivecookiedelete - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\selectivecookiedelete@siju.mathew [2013-05-11]
FF Extension: IE Tab - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-11]
FF Extension: Live HTTP Headers - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-21]
FF Extension: ReminderFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-18]
FF Extension: DownloadHelper - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Memory Fox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-05-11]
FF Extension: Certificate Patrol - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\CertPatrol@PSYC.EU.xpi [2013-05-11]
FF Extension: anonymoX - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\client@anonymox.net.xpi [2013-05-11]
FF Extension: Viewtubes - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\FF_AddOn@viewtubes.de.xpi [2013-05-11]
FF Extension: Ghostery - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\firefox@ghostery.com.xpi [2014-01-21]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\info@convert2mp3.net.xpi [2014-07-01]
FF Extension: Quick Maps - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\map@quickmaps.me.xpi [2013-05-11]
FF Extension: Personas Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\personas@christopher.beard.xpi [2013-05-11]
FF Extension: Thumbnail Zoom Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-05-11]
FF Extension: translator - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@dontfollowme.net.xpi [2013-05-11]
FF Extension: Google Translator for Firefox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@zoli.bod.xpi [2013-06-25]
FF Extension: TweakTube - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi [2013-05-11]
FF Extension: Image Zoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-11]
FF Extension: ShowIP - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-11]
FF Extension: HttpFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-05-11]
FF Extension: {58dd2728-3045-411f-a2a4-39e35178c731} - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi [2013-11-02]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-11]
FF Extension: MeasureIt - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-09-09]
FF Extension: Secure Sanitizer - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{7e69e900-c32e-11db-8314-0800200c9a66}.xpi [2013-05-11]
FF Extension: Adblock Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-11]
FF Extension: BetterPrivacy - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-05-11]
FF Extension: DownThemAll! - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-11]
FF Extension: Greasemonkey - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-11]
FF Extension: PageZoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351}.xpi [2013-05-11]
FF Extension: Web Download Compiler Pro - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-27]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (HD Streamer) - C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-05] (FNet Co., Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 isis; C:\Windows\System32\drivers\isis.sys [47408 2014-07-14] (Windows (R) Win 7 DDK provider)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-05-19] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2014-05-19] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-08] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-30] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-11-30] (Paragon)
S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-07-17] (Acronis)
R3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X]
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 06:24 - 2014-07-15 06:24 - 00030296 _____ () C:\Users\heaven_one\Desktop\FRST.txt
2014-07-14 23:03 - 2014-07-15 06:24 - 00000000 ____D () C:\FRST
2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Desktop\FRST64.exe
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:31 - 2014-07-15 06:22 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-14 22:15 - 2014-07-14 22:15 - 00000119 _____ () C:\Users\heaven_one\Desktop\Neues Textdokument (2).txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 21:42 - 2014-07-14 22:03 - 00000000 ____D () C:\AdwCleaner
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:29 - 2014-07-14 22:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 21:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 16:41 - 2014-07-14 16:41 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:07 - 2014-07-14 16:08 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:04 - 2014-07-14 16:06 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 13:50 - 2014-07-14 14:12 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:49 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 10:20 - 2014-07-14 21:54 - 00084992 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:24 - 2014-07-12 11:26 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 10:24 - 2014-07-12 10:26 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:24 - 2014-07-12 10:26 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-11 10:55 - 2014-07-11 10:56 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 18:30 - 2014-07-10 18:33 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 15:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 15:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:09 - 2014-07-07 13:14 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:14 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:08 - 2014-07-07 13:09 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:01 - 2014-07-07 13:03 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:44 - 2014-07-07 11:45 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:43 - 2014-07-07 11:45 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:21 - 2014-07-07 09:23 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:10 - 2014-07-07 09:12 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 14:58 - 2014-06-22 15:09 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 20:52 - 2014-06-23 21:02 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-17 20:52 - 2014-06-17 20:52 - 11228460 _____ () C:\Users\heaven_one\Downloads\Ma2.zip
2014-06-17 20:52 - 2014-06-17 20:52 - 09469094 _____ () C:\Users\heaven_one\Downloads\Ma.zip
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Program Files (x86)\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:54 - 01551068 _____ () C:\Users\heaven_one\Documents\Sicherheitskopie_MMB.2.0.x_MyMicroBalance.mmb

==================== One Month Modified Files and Folders =======

2014-07-15 06:24 - 2014-07-15 06:24 - 00030296 _____ () C:\Users\heaven_one\Desktop\FRST.txt
2014-07-15 06:24 - 2014-07-14 23:03 - 00000000 ____D () C:\FRST
2014-07-15 06:24 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 06:24 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 06:22 - 2014-07-14 22:31 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-15 06:22 - 2014-02-01 20:53 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 06:22 - 2013-11-23 20:58 - 00000000 ____D () C:\Users\heaven_one\Documents\Outlook-Dateien
2014-07-15 06:22 - 2013-05-05 00:09 - 00002980 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-07-15 06:21 - 2014-02-01 20:53 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 06:21 - 2013-08-02 18:46 - 00003046 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2014-07-15 06:21 - 2013-06-08 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-15 06:21 - 2013-05-05 10:00 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 06:21 - 2013-05-05 10:00 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 06:21 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 06:20 - 2013-05-05 00:05 - 01836180 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 06:17 - 2014-05-04 09:06 - 00060952 _____ () C:\Windows\setupact.log
2014-07-15 06:17 - 2013-05-23 18:49 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu
2014-07-15 06:17 - 2013-05-05 00:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-15 06:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Desktop\FRST64.exe
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:38 - 2013-09-01 14:14 - 00000000 ____D () C:\Users\heaven_one\Documents\SavedGames
2014-07-14 22:29 - 2013-05-11 18:27 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\KeePass
2014-07-14 22:26 - 2013-10-13 10:49 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia
2014-07-14 22:15 - 2014-07-14 22:15 - 00000119 _____ () C:\Users\heaven_one\Desktop\Neues Textdokument (2).txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 22:05 - 2014-07-14 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 22:04 - 2013-05-05 00:05 - 00000000 ____D () C:\Users\heaven_one
2014-07-14 22:03 - 2014-07-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-07-14 22:03 - 2014-04-06 11:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 21:54 - 2014-07-14 10:20 - 00084992 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-14 21:40 - 2014-07-14 21:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:36 - 2014-05-19 13:04 - 00006830 _____ () C:\Windows\PFRO.log
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 20:00 - 2014-04-12 10:37 - 00000000 ____D () C:\Users\Public\Documents\EyeFrame Data
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-14 17:19 - 2014-07-14 13:49 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 17:13 - 2014-05-08 19:48 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\HandBrake
2014-07-14 16:41 - 2014-07-14 16:41 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 16:24 - 2013-05-05 00:57 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\vlc
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:08 - 2014-07-14 16:07 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:06 - 2014-07-14 16:04 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 16:01 - 2013-07-04 19:51 - 00001315 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-14 16:01 - 2013-07-04 19:51 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 14:12 - 2014-07-14 13:50 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:08 - 2013-05-11 16:21 - 00265614 _____ () C:\Users\heaven_one\Documents\NewDatabase.kdbx
2014-07-14 09:24 - 2013-06-25 11:52 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Skype
2014-07-13 16:37 - 2013-06-20 13:35 - 00000000 ____D () C:\Users\heaven_one\Desktop\Dokumente
2014-07-13 09:44 - 2014-03-15 23:01 - 00071880 _____ () C:\Users\heaven_one\Desktop\801010.xlsx
2014-07-12 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:34 - 2014-04-02 13:50 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2014-07-12 11:26 - 2014-07-12 11:24 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 11:24 - 2014-03-27 18:16 - 00000000 ____D () C:\Users\heaven_one\Desktop\Cajon Workshop
2014-07-12 10:34 - 2013-12-18 22:02 - 00001841 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-07-12 10:34 - 2013-12-18 22:02 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-12 10:26 - 2014-07-12 10:24 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:26 - 2014-07-12 10:24 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-12 10:22 - 2014-04-05 09:36 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Audacity
2014-07-12 09:30 - 2013-05-31 13:13 - 00001980 _____ () C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini
2014-07-12 09:30 - 2013-05-31 13:13 - 00000000 ____D () C:\Users\heaven_one\Documents\backup_MyMicroBalance
2014-07-12 09:30 - 2013-05-30 16:41 - 02015212 _____ () C:\Users\heaven_one\Documents\MyMicroBalance.mmb
2014-07-11 10:56 - 2014-07-11 10:55 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-11 10:18 - 2014-06-04 14:56 - 00108334 _____ () C:\Windows\DPINST.LOG
2014-07-11 10:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:15 - 2009-07-14 06:45 - 00492960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 20:36 - 2013-11-23 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 20:35 - 2013-09-14 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 20:35 - 2013-05-08 00:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 18:33 - 2014-07-10 18:30 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-09 21:40 - 2013-05-05 00:30 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 21:40 - 2013-05-05 00:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:19 - 2014-04-10 18:01 - 00000000 ____D () C:\Program Files\OBS
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:56 - 2013-06-25 11:52 - 00000000 ____D () C:\ProgramData\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:14 - 2014-07-07 13:09 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:14 - 2014-07-07 13:09 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:08 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:03 - 2014-07-07 13:01 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:45 - 2014-07-07 11:44 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:45 - 2014-07-07 11:43 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:23 - 2014-07-07 09:21 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:12 - 2014-07-07 09:10 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-07 09:05 - 2013-05-11 18:27 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-07 09:05 - 2013-05-11 18:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-07-04 14:03 - 2013-07-04 19:51 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Paint.NET
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-29 14:17 - 2013-05-05 00:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-23 23:38 - 2013-07-13 15:15 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\FileZilla
2014-06-23 21:56 - 2013-11-23 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-23 21:56 - 2013-07-13 15:15 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-23 21:02 - 2014-06-17 20:52 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-23 19:59 - 2014-04-03 12:02 - 00003584 _____ () C:\Users\heaven_one\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-23 16:55 - 2013-05-11 14:22 - 00000000 ____D () C:\Users\heaven_one\Desktop\teamspeak3-server_win64
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 15:09 - 2014-06-22 14:58 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-20 22:14 - 2014-07-10 15:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-10 15:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 09:17 - 2014-02-01 20:53 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 09:17 - 2014-02-01 20:53 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 09:05 - 2013-05-05 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 03:39 - 2014-07-10 15:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 15:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 15:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 15:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 15:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 15:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 15:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 15:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 15:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 15:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 15:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 15:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 15:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 15:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 15:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 15:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 15:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 15:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 15:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 15:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 15:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 15:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 15:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 15:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 15:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 15:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 15:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 15:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 15:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 15:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 15:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 15:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 15:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 15:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 15:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 15:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 15:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 15:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 15:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 04:18 - 2014-07-10 15:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 15:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 15:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 20:52 - 2014-06-17 20:52 - 11228460 _____ () C:\Users\heaven_one\Downloads\Ma2.zip
2014-06-17 20:52 - 2014-06-17 20:52 - 09469094 _____ () C:\Users\heaven_one\Downloads\Ma.zip
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Program Files (x86)\MyMicroBalance
2014-06-16 17:54 - 2014-06-16 17:56 - 01551068 _____ () C:\Users\heaven_one\Documents\Sicherheitskopie_MMB.2.0.x_MyMicroBalance.mmb

Some content of TEMP:
====================
C:\Users\heaven_one\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 15:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Der Log von ADWCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 14/07/2014 um 21:43:48
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : heaven_one - HEAVEN_ONE_DESK
# Gestartet von : C:\Users\heaven_one\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.215.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\foxydeal.sqlite
Datei Gefunden : C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\user.js
Ordner Gefunden : C:\Program Files (x86)\Addon Enabler
Ordner Gefunden : C:\Program Files (x86)\NCH Software
Ordner Gefunden : C:\ProgramData\NCH Software
Ordner Gefunden : C:\Users\heaven_one\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\isreaditlater@ideashower.com
Ordner Gefunden : C:\Users\heaven_one\AppData\Roaming\NCH Software
Ordner Gefunden : C:\Users\HEAVEN~1\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\prefs.js ]

Zeile gefunden : user_pref("services.sync.username", "323mp5rowrr2pgvgtd3lov7ekuwqipce");

-\\ Google Chrome v

[ Datei : C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2839 octets] - [14/07/2014 21:43:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2899 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 15/07/2014 um 11:57:54
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : heaven_one - HEAVEN_ONE_DESK
# Gestartet von : C:\Users\heaven_one\Downloads\adwcleaner_3.215.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Program Files (x86)\NCH Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\prefs.js ]

Zeile gefunden : user_pref("services.sync.username", "323mp5rowrr2pgvgtd3lov7ekuwqipce");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4706 octets] - [14/07/2014 21:43:48]
AdwCleaner[S0].txt - [3006 octets] - [14/07/2014 21:50:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4826 octets] ##########
         
--- --- ---



Und vom JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by heaven_one on 15.07.2014 at  6:25:34,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2014 at  6:31:40,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Antivirenprogramm hatte ich deaktiviert. Hier der ZOEK-Log:

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 14-07-2014
Tool run by heaven_one on 15.07.2014 at  6:43:56,05.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\heaven_one\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

15.07.2014 06:44:41 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\HEAVEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.eurailpress.de/news/alle-nachrichten.html");
user_pref("browser.search.defaultenginename", "DuckDuckGo");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\HEAVEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\HEAVEN~1\AppData\Roaming\Thunderbird\Profiles\qkukb5w0.default\prefs.js:

Added to C:\Users\HEAVEN~1\AppData\Roaming\Thunderbird\Profiles\qkukb5w0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\heaven_one\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\heaven_one\Searches deleted
C:\Users\heaven_one\Downloads\FreeYouTubeToMP3Converter(1).exe deleted
C:\Windows\Syswow64\lMMLDeleteUserData42107612FX.tmp deleted
C:\Users\HEAVEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\HEAVEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\jetpack deleted
"C:\Windows\Installer\607b02.msi" deleted
"C:\Users\heaven_one\AppData\Roaming\HTC" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.04.2014 15:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\HEAVEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default
- IE Tab - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
- Memory Fox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
- HTTP - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
- KeeFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\extensions\keefox@chris.tomlinson
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- KeeFox - %ProfilePath%\extensions\keefox@chris.tomlinson
- Live Gold - %ProfilePath%\extensions\livegold@dotcreation
- selectivecookiedelete - %ProfilePath%\extensions\selectivecookiedelete@siju.mathew
- IE Tab - %ProfilePath%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
- HTTP - %ProfilePath%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
- ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Memory Fox - %ProfilePath%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
- Undetermined - %ProfilePath%\extensions\CertPatrol@PSYC.EU.xpi
- anonymoX - %ProfilePath%\extensions\client@anonymox.net.xpi
- Viewtubes - %ProfilePath%\extensions\FF_AddOn@viewtubes.de.xpi
- convert2mp3.net YouTube2MP3 Converter - %ProfilePath%\extensions\info@convert2mp3.net.xpi
- Quick Maps - %ProfilePath%\extensions\map@quickmaps.me.xpi
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi
- translator - %ProfilePath%\extensions\translator@dontfollowme.net.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- TweakTube - %ProfilePath%\extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi
- Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
- ShowIP - %ProfilePath%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
- HttpFox - %ProfilePath%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi
- 58dd2728-3045-411f-a2a4-39e35178c731 - %ProfilePath%\extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi
- SmoothWheel AMO - %ProfilePath%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
- MeasureIt - %ProfilePath%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
- Secure Sanitizer - %ProfilePath%\extensions\{7e69e900-c32e-11db-8314-0800200c9a66}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- PageZoom - %ProfilePath%\extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351}.xpi
- Web Download Compiler Pro - %ProfilePath%\extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi

ProfilePath: C:\Users\HEAVEN~1\AppData\Roaming\Thunderbird\Profiles\qkukb5w0.default
- ReminderFox - C:\Users\heaven_one\AppData\Roaming\Thunderbird\Profiles\qkukb5w0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- Lightning - C:\Users\heaven_one\AppData\Roaming\Thunderbird\Profiles\qkukb5w0.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Display Contact Photo - %ProfilePath%\extensions\contactPhoto@leven.ch.xpi
- Contact Tabs - %ProfilePath%\extensions\contacttabs@janek.org.xpi
- LookOut - %ProfilePath%\extensions\lookout@aron.rubin.xpi
- Skicka Senare - %ProfilePath%\extensions\sendlater3@kamens.us.xpi
- sipgateFFX - %ProfilePath%\extensions\sipgateffx@michael.rotmanov.xpi
- Signature Switch - %ProfilePath%\extensions\{2ab1b709-ba03-4361-abf9-c50b964ff75d}.xpi
- Auto Address Cleaner - %ProfilePath%\extensions\{b65d0be3-cc20-44e1-bbaa-ea394dbffa34}.xpi
- Maximize Message Pane - %ProfilePath%\extensions\{CC1FC7EB-79F7-4A28-B12C-731304F16E53}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default
4390CCD3790F8D9C427C0C29590C62D7	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -	Shockwave Flash
B33B016B77560C7832BF4D311EA23328	- C:\Users\heaven_one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
87132527E2256CF6683A18C4EB34DD3B	- C:\Windows\system32\Wat\npWatWeb.dll -	Windows Activation Technologies
53FDFA3D642B21A4BAA6085D41448D9B	- E:\games\Ubisoft Game Launcher\npuplaypchub.dll -	------
930819EF090A25DA669DDF4E0848D26F	- E:\games\Ubisoft Game Launcher\npuplaypc.dll -	------


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 16:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 16:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 16:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[25.03.2014 18:21]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 16:49]

HD Streamerversion:1.1.1.0description:High definition videos on demandhomepage_url:hxxp://imedia-h.com/hd-streamer/manifest_version:2permissions:[tabswebNavigationcontextMenuswebRequeststorage<all_urls>]content_scripts:[{all_frames:falsejs:[jquery-1.9.1.min.jsci.content.pack.jscontent.js]matches:[<all_urls>]run_at:document_start}{all_frames:falsejs:[ci.browser.helper.js]matches:[<all_urls>]run_at:document_end}]background:{page:background.html}browser_action:{default_icon:settings_128.pngdefault_title:HD Streamer Settings}icons:{128:128.png48:48.png18:18.png16:16.png}} - heaven_one\AppData\Local\GOOGLE\CHROME\USER DATA\DEFAULT\Extensions\oleglodmkonbpfmlffapjfednjopbeeh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\heaven_one\AppData\Local\GOOGLE\CHROME\USER DATA\DEFAULT\preferences was reset successfully
C:\Users\heaven_one\AppData\Local\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\heaven_one\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\heaven_one\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\heaven_one\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\heaven_one\AppData\Local\Mozilla\Firefox\Profiles\m79t9zfs.default\Cache emptied successfully
C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\personas\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\heaven_one\AppData\Local\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=31 folders=27 17709410 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\heaven_one\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\HEAVEN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 15.07.2014 at  6:55:21,03 ======================
         

Und die SC-Cleaner.txt:

Code:
ATTFilter
Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 07/15/2014 11:55:43 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\heaven_one\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\heaven_one\Desktop


0 bad shortcuts found.

Program finished at: 07/15/2014 11:55:44 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
         


Alt 15.07.2014, 21:49   #6
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Railworker,

gut

Beantwortest du mir bitte noch meine Frage?
Zitat:
Wie sieht es nach folgenden Schritten aus?
und mach nochmal ein neues Log mit FRST.

Schritt 1
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht

Alt 15.07.2014, 23:17   #7
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Oh, die hab ich total übersehen, sorry!

Bis jetzt hat sich nichts geändert. Google, gmail, etc. sind immer noch nicht erreichbar, während andere Seiten (wie das Forum -zum Glück) funktionieren. Wenn ich jedoch auf einen link klicke (da reicht der Klick auf den Anmeldebutton hier im Forum), wird im Hintergrund ein neues Fenster mit der cloudwm-Adresse aus meinem ersten Post geöffnet (wobei das jetzt, wie es scheint, nur kurz aufploppt und dann sofort wieder verschwindet). Auch die doppelt grün unterstrichenen, zufällig ausgewählten Textbausteine, die beim Drüberfahren ein Werbefenster öffnen, sind noch da. Das kleine Seitenladesymbol im Tab läuft auch ständig im Kreis (als würde die Seite noch nicht fertig sein mit Laden, obwohl sie es ist)

Ich hänge dir mal zwei Screenshot (mit Snipping Tool gemacht) an, direkt hier von der Seite, während ich den Text tippe:

[IMG]h**p://www.pic-upload.de/view-23912589/werbelink.jpg.html[/IMG]

[IMG]h**p://www.pic-upload.de/view-23912590/werbelink2.jpg.html[/IMG]

Und hier noch die FRST.txt nach dem aktuellen Durchlauf:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by heaven_one (administrator) on HEAVEN_ONE_DESK on 16-07-2014 00:03:27
Running from C:\Users\heaven_one\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\Isis\isis.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Office2010\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-05-05] (FNet Co., Ltd.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Isis] => C:\Program Files (x86)\Isis\Isis.exe [330544 2014-07-14] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6693-c5e3-11e2-ad6d-f20518dc8237} - V:\WebOfDeceit1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6696-c5e3-11e2-ad6d-f20518dc8237} - V:\MysteryTrackers3.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6699-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669c-c5e3-11e2-ad6d-f20518dc8237} - V:\DarkDimensions2.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669f-c5e3-11e2-ad6d-f20518dc8237} - V:\Setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a2-c5e3-11e2-ad6d-f20518dc8237} - V:\AutoRun.exe setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a5-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66ae-c5e3-11e2-ad6d-f20518dc8237} - V:\autorun.exe de
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {0c1bfcc8-33e3-11e3-a2bf-d5f6d5825536} - X:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3710df5e-250a-11e3-a911-a7fd9cb2d336} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3c0e84ad-5aa3-11e3-8715-b5af60595e2a} - X:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {58900481-d40e-11e2-b8e4-9b284c39d929} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {701da640-fd48-11e2-965d-b21c2651a234} - G:\AutoRun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520863-3004-11e3-b469-995977b6d634} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520866-3004-11e3-b469-995977b6d634} - W:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {890bf1dc-c3be-11e2-8c67-ee86fe28a028} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e643-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e646-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e64e-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {a31e57cc-c836-11e2-a87d-aa2813efeb36} - V:\WitchHunters1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {b425b6c5-2872-11e3-bc5d-ac09f191ed28} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {c3a8bbae-303d-11e3-b36a-e27e933dc536} - R:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {ddefc0c1-c906-11e2-bbf4-ed6cd39dba35} - V:\setup.exe
Startup: C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> F:\Systemprogramme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9766D28426C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\heaven_one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - E:\games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: KeeFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\keefox@chris.tomlinson [2014-06-11]
FF Extension: Live Gold - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\livegold@dotcreation [2013-05-11]
FF Extension: selectivecookiedelete - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\selectivecookiedelete@siju.mathew [2013-05-11]
FF Extension: IE Tab - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-11]
FF Extension: Live HTTP Headers - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-21]
FF Extension: ReminderFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-18]
FF Extension: DownloadHelper - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Memory Fox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-05-11]
FF Extension: Certificate Patrol - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\CertPatrol@PSYC.EU.xpi [2013-05-11]
FF Extension: anonymoX - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\client@anonymox.net.xpi [2013-05-11]
FF Extension: Viewtubes - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\FF_AddOn@viewtubes.de.xpi [2013-05-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\info@convert2mp3.net.xpi [2014-07-01]
FF Extension: Quick Maps - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\map@quickmaps.me.xpi [2013-05-11]
FF Extension: Personas Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\personas@christopher.beard.xpi [2013-05-11]
FF Extension: Thumbnail Zoom Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-05-11]
FF Extension: translator - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@dontfollowme.net.xpi [2013-05-11]
FF Extension: Google Translator for Firefox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@zoli.bod.xpi [2013-06-25]
FF Extension: TweakTube - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi [2013-05-11]
FF Extension: Image Zoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-11]
FF Extension: ShowIP - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-11]
FF Extension: HttpFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-05-11]
FF Extension: {58dd2728-3045-411f-a2a4-39e35178c731} - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi [2013-11-02]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-11]
FF Extension: MeasureIt - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-09-09]
FF Extension: Secure Sanitizer - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{7e69e900-c32e-11db-8314-0800200c9a66}.xpi [2013-05-11]
FF Extension: Adblock Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-11]
FF Extension: BetterPrivacy - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-05-11]
FF Extension: DownThemAll! - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-11]
FF Extension: Greasemonkey - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-11]
FF Extension: PageZoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351}.xpi [2013-05-11]
FF Extension: Web Download Compiler Pro - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-27]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (HD Streamer) - C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-05] (FNet Co., Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 isis; C:\Windows\System32\drivers\isis.sys [47408 2014-07-14] (Windows (R) Win 7 DDK provider)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-05-19] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2014-05-19] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-08] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-30] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-11-30] (Paragon)
S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-07-17] (Acronis)
R3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X]
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 12:11 - 2014-07-15 12:11 - 00001904 _____ () C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini
2014-07-15 11:59 - 2014-07-15 11:59 - 00004918 _____ () C:\Users\heaven_one\Desktop\AdwCleaner[R0].txt
2014-07-15 11:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-15 11:57 - 2014-07-15 11:57 - 01348263 _____ () C:\Users\heaven_one\Downloads\adwcleaner_3.215.exe
2014-07-15 11:56 - 2014-07-15 11:56 - 00001826 _____ () C:\Users\heaven_one\Desktop\sc-cleaner.txt
2014-07-15 11:55 - 2014-07-15 11:56 - 00001826 _____ () C:\sc-cleaner.txt
2014-07-15 11:55 - 2014-07-15 11:55 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\heaven_one\Desktop\sc-cleaner.exe
2014-07-15 06:57 - 2014-07-15 06:57 - 00015055 _____ () C:\Users\heaven_one\Desktop\zoek-results.txt
2014-07-15 06:52 - 2014-07-15 06:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-15 06:44 - 2014-07-15 06:55 - 00015055 _____ () C:\zoek-results.log
2014-07-15 06:43 - 2014-07-15 06:50 - 00000000 ____D () C:\zoek_backup
2014-07-15 06:34 - 2014-07-15 06:34 - 01287168 _____ () C:\Users\heaven_one\Desktop\zoek.exe
2014-07-15 06:31 - 2014-07-15 06:31 - 00000630 _____ () C:\Users\heaven_one\Desktop\JRT.txt
2014-07-15 06:24 - 2014-07-16 00:03 - 00030232 _____ () C:\Users\heaven_one\Desktop\FRST.txt
2014-07-15 06:24 - 2014-07-15 06:25 - 00047845 _____ () C:\Users\heaven_one\Desktop\Addition.txt
2014-07-14 23:03 - 2014-07-16 00:03 - 00000000 ____D () C:\FRST
2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Desktop\FRST64.exe
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:31 - 2014-07-16 00:02 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-14 22:15 - 2014-07-14 22:15 - 00000119 _____ () C:\Users\heaven_one\Desktop\Neues Textdokument (2).txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 21:42 - 2014-07-15 11:58 - 00000000 ____D () C:\AdwCleaner
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:29 - 2014-07-14 22:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 21:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 16:41 - 2014-07-14 16:41 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:07 - 2014-07-14 16:08 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:04 - 2014-07-14 16:06 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 13:50 - 2014-07-14 14:12 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:49 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 10:20 - 2014-07-14 21:54 - 00084992 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:24 - 2014-07-12 11:26 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 10:24 - 2014-07-12 10:26 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:24 - 2014-07-12 10:26 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-11 10:55 - 2014-07-11 10:56 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 18:30 - 2014-07-10 18:33 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 15:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 15:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:09 - 2014-07-07 13:14 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:14 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:08 - 2014-07-07 13:09 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:01 - 2014-07-07 13:03 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:44 - 2014-07-07 11:45 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:43 - 2014-07-07 11:45 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:21 - 2014-07-07 09:23 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:10 - 2014-07-07 09:12 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 14:58 - 2014-06-22 15:09 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 20:52 - 2014-06-23 21:02 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-17 20:52 - 2014-06-17 20:52 - 11228460 _____ () C:\Users\heaven_one\Downloads\Ma2.zip
2014-06-17 20:52 - 2014-06-17 20:52 - 09469094 _____ () C:\Users\heaven_one\Downloads\Ma.zip
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Program Files (x86)\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:54 - 01551068 _____ () C:\Users\heaven_one\Documents\Sicherheitskopie_MMB.2.0.x_MyMicroBalance.mmb

==================== One Month Modified Files and Folders =======

2014-07-16 00:03 - 2014-07-15 06:24 - 00030232 _____ () C:\Users\heaven_one\Desktop\FRST.txt
2014-07-16 00:03 - 2014-07-14 23:03 - 00000000 ____D () C:\FRST
2014-07-16 00:02 - 2014-07-14 22:31 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-16 00:02 - 2014-02-01 20:53 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 00:02 - 2013-11-23 20:58 - 00000000 ____D () C:\Users\heaven_one\Documents\Outlook-Dateien
2014-07-16 00:02 - 2013-08-02 18:46 - 00003046 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2014-07-16 00:02 - 2013-05-05 00:09 - 00002980 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-07-16 00:01 - 2014-05-04 09:06 - 00061680 _____ () C:\Windows\setupact.log
2014-07-16 00:01 - 2013-06-08 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-16 00:01 - 2013-05-05 00:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-16 00:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 13:19 - 2013-05-11 18:27 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\KeePass
2014-07-15 13:19 - 2013-05-05 00:05 - 01846496 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 13:06 - 2014-04-12 10:37 - 00000000 ____D () C:\Users\Public\Documents\EyeFrame Data
2014-07-15 12:22 - 2014-02-01 20:53 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 12:14 - 2013-05-05 10:00 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 12:14 - 2013-05-05 10:00 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 12:14 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 12:11 - 2014-07-15 12:11 - 00001904 _____ () C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini
2014-07-15 12:11 - 2013-05-30 16:41 - 02019144 _____ () C:\Users\heaven_one\Documents\MyMicroBalance.mmb
2014-07-15 12:10 - 2013-05-31 13:13 - 00000000 ____D () C:\Users\heaven_one\Documents\backup_MyMicroBalance
2014-07-15 11:59 - 2014-07-15 11:59 - 00004918 _____ () C:\Users\heaven_one\Desktop\AdwCleaner[R0].txt
2014-07-15 11:58 - 2014-07-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-07-15 11:58 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 11:58 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 11:57 - 2014-07-15 11:57 - 01348263 _____ () C:\Users\heaven_one\Downloads\adwcleaner_3.215.exe
2014-07-15 11:57 - 2013-05-05 00:05 - 00000000 ____D () C:\Users\heaven_one
2014-07-15 11:56 - 2014-07-15 11:56 - 00001826 _____ () C:\Users\heaven_one\Desktop\sc-cleaner.txt
2014-07-15 11:56 - 2014-07-15 11:55 - 00001826 _____ () C:\sc-cleaner.txt
2014-07-15 11:55 - 2014-07-15 11:55 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\heaven_one\Desktop\sc-cleaner.exe
2014-07-15 06:57 - 2014-07-15 06:57 - 00015055 _____ () C:\Users\heaven_one\Desktop\zoek-results.txt
2014-07-15 06:55 - 2014-07-15 06:44 - 00015055 _____ () C:\zoek-results.log
2014-07-15 06:54 - 2014-05-19 13:04 - 00007362 _____ () C:\Windows\PFRO.log
2014-07-15 06:54 - 2013-05-05 00:45 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-15 06:50 - 2014-07-15 06:43 - 00000000 ____D () C:\zoek_backup
2014-07-15 06:43 - 2014-07-15 06:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-15 06:34 - 2014-07-15 06:34 - 01287168 _____ () C:\Users\heaven_one\Desktop\zoek.exe
2014-07-15 06:31 - 2014-07-15 06:31 - 00000630 _____ () C:\Users\heaven_one\Desktop\JRT.txt
2014-07-15 06:25 - 2014-07-15 06:24 - 00047845 _____ () C:\Users\heaven_one\Desktop\Addition.txt
2014-07-15 06:17 - 2013-05-23 18:49 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu
2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Desktop\FRST64.exe
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:38 - 2013-09-01 14:14 - 00000000 ____D () C:\Users\heaven_one\Documents\SavedGames
2014-07-14 22:26 - 2013-10-13 10:49 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia
2014-07-14 22:15 - 2014-07-14 22:15 - 00000119 _____ () C:\Users\heaven_one\Desktop\Neues Textdokument (2).txt
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 22:05 - 2014-07-14 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 22:03 - 2014-04-06 11:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 21:54 - 2014-07-14 10:20 - 00084992 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-14 21:40 - 2014-07-14 21:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-14 17:19 - 2014-07-14 13:49 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 17:13 - 2014-05-08 19:48 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\HandBrake
2014-07-14 16:41 - 2014-07-14 16:41 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 16:24 - 2013-05-05 00:57 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\vlc
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:08 - 2014-07-14 16:07 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:06 - 2014-07-14 16:04 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 16:01 - 2013-07-04 19:51 - 00001315 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-14 16:01 - 2013-07-04 19:51 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 14:12 - 2014-07-14 13:50 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:08 - 2013-05-11 16:21 - 00265614 _____ () C:\Users\heaven_one\Documents\NewDatabase.kdbx
2014-07-14 09:24 - 2013-06-25 11:52 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Skype
2014-07-13 16:37 - 2013-06-20 13:35 - 00000000 ____D () C:\Users\heaven_one\Desktop\Dokumente
2014-07-13 09:44 - 2014-03-15 23:01 - 00071880 _____ () C:\Users\heaven_one\Desktop\801010.xlsx
2014-07-12 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:34 - 2014-04-02 13:50 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2014-07-12 11:26 - 2014-07-12 11:24 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 11:24 - 2014-03-27 18:16 - 00000000 ____D () C:\Users\heaven_one\Desktop\Cajon Workshop
2014-07-12 10:34 - 2013-12-18 22:02 - 00001841 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-07-12 10:34 - 2013-12-18 22:02 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-12 10:26 - 2014-07-12 10:24 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:26 - 2014-07-12 10:24 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-12 10:22 - 2014-04-05 09:36 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Audacity
2014-07-11 10:56 - 2014-07-11 10:55 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-11 10:18 - 2014-06-04 14:56 - 00108334 _____ () C:\Windows\DPINST.LOG
2014-07-11 10:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:15 - 2009-07-14 06:45 - 00492960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 20:36 - 2013-11-23 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 20:35 - 2013-09-14 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 20:35 - 2013-05-08 00:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 18:33 - 2014-07-10 18:30 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-09 21:40 - 2013-05-05 00:30 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 21:40 - 2013-05-05 00:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:19 - 2014-04-10 18:01 - 00000000 ____D () C:\Program Files\OBS
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:56 - 2013-06-25 11:52 - 00000000 ____D () C:\ProgramData\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:14 - 2014-07-07 13:09 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:14 - 2014-07-07 13:09 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:08 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:03 - 2014-07-07 13:01 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:45 - 2014-07-07 11:44 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:45 - 2014-07-07 11:43 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:23 - 2014-07-07 09:21 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:12 - 2014-07-07 09:10 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-07 09:05 - 2013-05-11 18:27 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-07 09:05 - 2013-05-11 18:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-07-04 14:03 - 2013-07-04 19:51 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Paint.NET
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-29 14:17 - 2013-05-05 00:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-23 23:38 - 2013-07-13 15:15 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\FileZilla
2014-06-23 21:56 - 2013-11-23 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-23 21:56 - 2013-07-13 15:15 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-23 21:02 - 2014-06-17 20:52 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-23 19:59 - 2014-04-03 12:02 - 00003584 _____ () C:\Users\heaven_one\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-23 16:55 - 2013-05-11 14:22 - 00000000 ____D () C:\Users\heaven_one\Desktop\teamspeak3-server_win64
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 15:09 - 2014-06-22 14:58 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-20 22:14 - 2014-07-10 15:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-10 15:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 09:17 - 2014-02-01 20:53 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 09:17 - 2014-02-01 20:53 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 09:05 - 2013-05-05 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 03:39 - 2014-07-10 15:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 15:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 15:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 15:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 15:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 15:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 15:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 15:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 15:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 15:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 15:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 15:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 15:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 15:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 15:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 15:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 15:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 15:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 15:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 15:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 15:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 15:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 15:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 15:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 15:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 15:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 15:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 15:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 15:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 15:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 15:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 15:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 15:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 15:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 15:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 15:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 15:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 15:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 15:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 04:18 - 2014-07-10 15:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 15:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 15:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 20:52 - 2014-06-17 20:52 - 11228460 _____ () C:\Users\heaven_one\Downloads\Ma2.zip
2014-06-17 20:52 - 2014-06-17 20:52 - 09469094 _____ () C:\Users\heaven_one\Downloads\Ma.zip
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMicroBalance
2014-06-16 17:56 - 2014-06-16 17:56 - 00000000 ____D () C:\Program Files (x86)\MyMicroBalance
2014-06-16 17:54 - 2014-06-16 17:56 - 01551068 _____ () C:\Users\heaven_one\Documents\Sicherheitskopie_MMB.2.0.x_MyMicroBalance.mmb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 15:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.07.2014, 23:53   #8
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Railworker

kennst du die extension web download compiler pro im firefox?

Teste bitte nochmal den Firefox und Chrome nach dem Fix.
Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR Extension: (HD Streamer) - C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh [2014-01-21]
FF Extension: {58dd2728-3045-411f-a2a4-39e35178c731} - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi [2013-11-02]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alt 16.07.2014, 07:07   #9
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Sandra,

bei der "web download compiler" Extension habe ich mich tatsächlich gefragt, was das sein soll und ob/ wieso ich sowas installiert habe. Also sage ich mal "nein, ich kenne die nicht".

Den Fix habe ich ausgeführt, Problem bleibt leider bestehen.

Hier die Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 01
Ran by heaven_one at 2014-07-16 08:02:49 Run:1
Running from C:\Users\heaven_one\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Extension: (HD Streamer) - C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh [2014-01-21]
FF Extension: {58dd2728-3045-411f-a2a4-39e35178c731} - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi [2013-11-02]

*****************

C:\Users\heaven_one\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh => Moved successfully.
C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{58dd2728-3045-411f-a2a4-39e35178c731}.xpi => Moved successfully.

==== End of Fixlog ====
         

Alt 16.07.2014, 22:38   #10
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Railworker,

wie sieht es hiernach aus?
Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF Extension: Web Download Compiler Pro - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi [2013-11-06]
() C:\Program Files (x86)\Isis\isis.exe
HKLM-x32\...\Run: [Isis] => C:\Program Files (x86)\Isis\Isis.exe [330544 2014-07-14] ()
C:\Program Files (x86)\Isis
R1 isis; C:\Windows\System32\drivers\isis.sys [47408 2014-07-14] (Windows (R) Win 7 DDK provider)
C:\Windows\System32\drivers\isis.sys 
Reboot:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alt 17.07.2014, 07:55   #11
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Sandra,

vielen vielen lieben Dank! Das scheint es gewesen zu sein.

Die grün unterstrichenen Textbausteine sind weg, alle Internetseiten funktionieren wieder und die Pop-Ups nach jedem link-klick sind auch weg. Bevor ich den Rechner wieder "voll" nutze, warte ich aber mal noch auf dein Feedback.

Hier die aktuelle Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 01
Ran by heaven_one at 2014-07-17 08:46:49 Run:2
Running from C:\Users\heaven_one\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Web Download Compiler Pro - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi [2013-11-06]
() C:\Program Files (x86)\Isis\isis.exe
HKLM-x32\...\Run: [Isis] => C:\Program Files (x86)\Isis\Isis.exe [330544 2014-07-14] ()
C:\Program Files (x86)\Isis
R1 isis; C:\Windows\System32\drivers\isis.sys [47408 2014-07-14] (Windows (R) Win 7 DDK provider)
C:\Windows\System32\drivers\isis.sys 
Reboot:
*****************

C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{f834d023-28f9-4ad0-b6f4-b49d037a7408}.xpi => Moved successfully.
[4548] C:\Program Files (x86)\Isis\isis.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Isis => value deleted successfully.
C:\Program Files (x86)\Isis => Moved successfully.
isis => Service stopped successfully.
isis => Service deleted successfully.
C:\Windows\System32\drivers\isis.sys => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         

Alt 17.07.2014, 22:05   #12
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Railworker,
Zitat:
vielen vielen lieben Dank! Das scheint es gewesen zu sein.
Sehr schön! Lass uns dann gemeinsam meinem Kollegen Matthias danken.

Wir machen noch einen Kontrollscan
Schritt 1
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



und ich brauche noch ein neues FRST
Schritt 2
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 18.07.2014, 11:51   #13
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Sandra,

dann auch ein Danke an Matthias :-) Wenn ich dem Forum eine kleine Spende zukommen lasse, hilft das ja euch allen, oder?

Hier erstmal das logfile von Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8643efcb637a824e9160b855f78de81b
# engine=19232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-18 10:32:11
# local_time=2014-07-18 12:32:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 19413 37153953 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 217554 157309381 0 0
# scanned=1529006
# found=8
# cleaned=0
# scan_time=19108
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HEAVEN~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=57486BFF18978F01B9C168692D60B44F932165AA ft=1 fh=16562f888c5a338e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=057C9E4855118E4441C25251430DD82D64AB85F6 ft=1 fh=c71c0011b9c35d25 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_heaven_one_Downloads_FreeYouTubeToMP3Converter(1).exe.vir"
sh=0E290B4CBC4343FA6752EEE966B01D5618FCF874 ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Agent.AJY Trojaner" ac=I fn="E:\backup heaven_one\android\apps\wingames3i_micz6i7d.apk"
sh=DCE70A0B08A18C1E1988504F260023C1A8F8AFED ft=1 fh=573a09eb3b7e9048 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\backup heaven_one\Programme\dvdflick_setup_1.3.0.7.exe"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\backup neuinstall\heaven_one\AppData\Roaming\OpenCandy\30891F1B0EE640B1A9C7D3D9A683EDF8\conduitinstaller.exe"
sh=FC6FB59A6CE504D606BCB70D0279A39F1854DD62 ft=1 fh=43e56a9faa44cd2c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\backup neuinstall\heaven_one\AppData\Roaming\OpenCandy\30891F1B0EE640B1A9C7D3D9A683EDF8\ConduitRBCB_p1v1.exe"
sh=1AF9CDF585F33E94D836AE53AEDA946C0E483626 ft=1 fh=d0e810728f9d25f9 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\Downloads\TuneUpUtilities2012v120350013_de-DE.exe"
         
FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by heaven_one (administrator) on HEAVEN_ONE_DESK on 18-07-2014 12:44:11
Running from C:\Users\heaven_one\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
() C:\Windows\SysWOW64\HsMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\system\HsMgr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
() E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Office2010\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-05-05] (FNet Co., Ltd.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6693-c5e3-11e2-ad6d-f20518dc8237} - V:\WebOfDeceit1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6696-c5e3-11e2-ad6d-f20518dc8237} - V:\MysteryTrackers3.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba6699-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669c-c5e3-11e2-ad6d-f20518dc8237} - V:\DarkDimensions2.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba669f-c5e3-11e2-ad6d-f20518dc8237} - V:\Setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a2-c5e3-11e2-ad6d-f20518dc8237} - V:\AutoRun.exe setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66a5-c5e3-11e2-ad6d-f20518dc8237} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {00ba66ae-c5e3-11e2-ad6d-f20518dc8237} - V:\autorun.exe de
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {0c1bfcc8-33e3-11e3-a2bf-d5f6d5825536} - X:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3710df5e-250a-11e3-a911-a7fd9cb2d336} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {3c0e84ad-5aa3-11e3-8715-b5af60595e2a} - X:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {58900481-d40e-11e2-b8e4-9b284c39d929} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {701da640-fd48-11e2-965d-b21c2651a234} - G:\AutoRun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520863-3004-11e3-b469-995977b6d634} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {7c520866-3004-11e3-b469-995977b6d634} - W:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {890bf1dc-c3be-11e2-8c67-ee86fe28a028} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e643-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e646-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {8c26e64e-cf57-11e2-a255-ce04dbccba34} - V:\setup.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {a31e57cc-c836-11e2-a87d-aa2813efeb36} - V:\WitchHunters1.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {b425b6c5-2872-11e3-bc5d-ac09f191ed28} - V:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {c3a8bbae-303d-11e3-b36a-e27e933dc536} - R:\autorun.exe
HKU\S-1-5-21-2489264969-1098162153-4203861086-1000\...\MountPoints2: {ddefc0c1-c906-11e2-bbf4-ed6cd39dba35} - V:\setup.exe
Startup: C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> F:\Systemprogramme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9766D28426C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF Homepage: hxxp://www.eurailpress.de/news/alle-nachrichten.html
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\heaven_one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - E:\games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: KeeFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\keefox@chris.tomlinson [2014-06-11]
FF Extension: Live Gold - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\livegold@dotcreation [2013-05-11]
FF Extension: selectivecookiedelete - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\selectivecookiedelete@siju.mathew [2013-05-11]
FF Extension: IE Tab - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-11]
FF Extension: Live HTTP Headers - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-21]
FF Extension: ReminderFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-18]
FF Extension: DownloadHelper - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Memory Fox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-05-11]
FF Extension: Certificate Patrol - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\CertPatrol@PSYC.EU.xpi [2013-05-11]
FF Extension: anonymoX - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\client@anonymox.net.xpi [2013-05-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\info@convert2mp3.net.xpi [2014-07-01]
FF Extension: Quick Maps - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\map@quickmaps.me.xpi [2013-05-11]
FF Extension: Personas Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\personas@christopher.beard.xpi [2013-05-11]
FF Extension: Thumbnail Zoom Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-05-11]
FF Extension: Google Translator for Firefox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\translator@zoli.bod.xpi [2013-06-25]
FF Extension: Image Zoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-11]
FF Extension: ShowIP - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-11]
FF Extension: HttpFox - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-05-11]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-11]
FF Extension: MeasureIt - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-09-09]
FF Extension: Adblock Plus - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-11]
FF Extension: BetterPrivacy - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-05-11]
FF Extension: DownThemAll! - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-11]
FF Extension: Greasemonkey - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-11]
FF Extension: PageZoom - C:\Users\heaven_one\AppData\Roaming\Mozilla\Firefox\Profiles\m79t9zfs.default\Extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351}.xpi [2013-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-27]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-05] (FNet Co., Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-05-19] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2014-05-19] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-08] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-30] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-11-30] (Paragon)
S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-07-17] (Acronis)
R3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X]
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 12:44 - 2014-07-18 12:44 - 00028686 _____ () C:\Users\heaven_one\Desktop\FRST.txt
2014-07-18 07:11 - 2014-07-18 07:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-17 16:50 - 2014-07-17 16:50 - 14540532 _____ () C:\Users\heaven_one\Downloads\Sounds16.zip
2014-07-17 16:25 - 2014-07-17 16:30 - 408196276 _____ () C:\Users\heaven_one\Downloads\Projekt Bremen-Nord Version 5.rar
2014-07-17 16:24 - 2014-07-17 16:24 - 06211432 _____ () C:\Users\heaven_one\Downloads\NG272 Alt.rar
2014-07-17 16:24 - 2014-07-17 16:24 - 01978932 _____ () C:\Users\heaven_one\Downloads\NG272 Neu.rar
2014-07-17 16:24 - 2014-07-17 16:24 - 01642388 _____ () C:\Users\heaven_one\Downloads\4341.rar
2014-07-17 16:23 - 2014-07-17 16:23 - 02604070 _____ () C:\Users\heaven_one\Downloads\4320.rar
2014-07-17 16:23 - 2014-07-17 16:23 - 02603594 _____ () C:\Users\heaven_one\Downloads\4316.rar
2014-07-17 16:23 - 2014-07-17 16:23 - 02473163 _____ () C:\Users\heaven_one\Downloads\4325.rar
2014-07-17 16:16 - 2014-07-17 16:23 - 768100261 _____ () C:\Users\heaven_one\Downloads\GladbeckV5.zip
2014-07-15 12:11 - 2014-07-18 10:06 - 00001916 _____ () C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini
2014-07-15 11:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-15 11:57 - 2014-07-15 11:57 - 01348263 _____ () C:\Users\heaven_one\Downloads\adwcleaner_3.215.exe
2014-07-15 11:55 - 2014-07-15 11:56 - 00001826 _____ () C:\sc-cleaner.txt
2014-07-15 11:55 - 2014-07-15 11:55 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\heaven_one\Desktop\sc-cleaner.exe
2014-07-15 06:52 - 2014-07-15 06:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-15 06:44 - 2014-07-15 06:55 - 00015055 _____ () C:\zoek-results.log
2014-07-15 06:43 - 2014-07-15 06:50 - 00000000 ____D () C:\zoek_backup
2014-07-15 06:34 - 2014-07-15 06:34 - 01287168 _____ () C:\Users\heaven_one\Desktop\zoek.exe
2014-07-14 23:03 - 2014-07-18 12:44 - 00000000 ____D () C:\FRST
2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Desktop\FRST64.exe
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:31 - 2014-07-18 07:09 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 21:42 - 2014-07-15 11:58 - 00000000 ____D () C:\AdwCleaner
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:29 - 2014-07-14 22:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 21:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:07 - 2014-07-14 16:08 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:04 - 2014-07-14 16:06 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 13:50 - 2014-07-14 14:12 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:49 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 10:20 - 2014-07-16 00:08 - 00100352 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:24 - 2014-07-17 23:10 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-12 10:24 - 2014-07-12 10:26 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:24 - 2014-07-12 10:26 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-11 10:55 - 2014-07-11 10:56 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 18:30 - 2014-07-10 18:33 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 15:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 15:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 15:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:09 - 2014-07-07 13:14 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:14 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:08 - 2014-07-07 13:09 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:01 - 2014-07-07 13:03 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:01 - 2014-07-07 13:03 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:44 - 2014-07-07 11:45 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:43 - 2014-07-07 11:45 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:21 - 2014-07-07 09:23 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:10 - 2014-07-07 09:12 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:13 - 2014-06-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 14:58 - 2014-06-22 15:09 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-18 12:44 - 2014-07-18 12:44 - 00028686 _____ () C:\Users\heaven_one\Desktop\FRST.txt
2014-07-18 12:44 - 2014-07-14 23:03 - 00000000 ____D () C:\FRST
2014-07-18 12:22 - 2014-02-01 20:53 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 11:27 - 2013-11-23 20:58 - 00000000 ____D () C:\Users\heaven_one\Documents\Outlook-Dateien
2014-07-18 11:26 - 2013-06-08 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-18 10:06 - 2014-07-15 12:11 - 00001916 _____ () C:\Users\heaven_one\AppData\Roaming\MyMicroBalanceConfig.ini
2014-07-18 10:06 - 2013-05-30 16:41 - 02031242 _____ () C:\Users\heaven_one\Documents\MyMicroBalance.mmb
2014-07-18 10:05 - 2013-05-31 13:13 - 00000000 ____D () C:\Users\heaven_one\Documents\backup_MyMicroBalance
2014-07-18 09:31 - 2014-02-01 20:53 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 08:44 - 2013-05-05 00:05 - 01935287 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 07:15 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 07:15 - 2009-07-14 06:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 07:14 - 2013-05-05 10:00 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-18 07:14 - 2013-05-05 10:00 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-18 07:14 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:11 - 2014-07-18 07:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 07:09 - 2014-07-14 22:31 - 00003050 _____ () C:\Windows\System32\Tasks\asrRd
2014-07-18 07:09 - 2013-05-05 00:09 - 00002980 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-07-18 07:08 - 2014-05-04 09:06 - 00064088 _____ () C:\Windows\setupact.log
2014-07-18 07:08 - 2013-08-02 18:46 - 00003046 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2014-07-18 07:08 - 2013-05-05 00:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-18 07:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 23:19 - 2013-05-11 18:27 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\KeePass
2014-07-17 23:10 - 2014-07-12 11:24 - 00000000 ____D () C:\Users\heaven_one\Desktop\Saeed
2014-07-17 23:07 - 2013-05-05 00:57 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\vlc
2014-07-17 16:50 - 2014-07-17 16:50 - 14540532 _____ () C:\Users\heaven_one\Downloads\Sounds16.zip
2014-07-17 16:36 - 2014-03-15 23:01 - 00072877 _____ () C:\Users\heaven_one\Desktop\801010.xlsx
2014-07-17 16:30 - 2014-07-17 16:25 - 408196276 _____ () C:\Users\heaven_one\Downloads\Projekt Bremen-Nord Version 5.rar
2014-07-17 16:24 - 2014-07-17 16:24 - 06211432 _____ () C:\Users\heaven_one\Downloads\NG272 Alt.rar
2014-07-17 16:24 - 2014-07-17 16:24 - 01978932 _____ () C:\Users\heaven_one\Downloads\NG272 Neu.rar
2014-07-17 16:24 - 2014-07-17 16:24 - 01642388 _____ () C:\Users\heaven_one\Downloads\4341.rar
2014-07-17 16:23 - 2014-07-17 16:23 - 02604070 _____ () C:\Users\heaven_one\Downloads\4320.rar
2014-07-17 16:23 - 2014-07-17 16:23 - 02603594 _____ () C:\Users\heaven_one\Downloads\4316.rar
2014-07-17 16:23 - 2014-07-17 16:23 - 02473163 _____ () C:\Users\heaven_one\Downloads\4325.rar
2014-07-17 16:23 - 2014-07-17 16:16 - 768100261 _____ () C:\Users\heaven_one\Downloads\GladbeckV5.zip
2014-07-16 18:34 - 2013-06-25 11:52 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Skype
2014-07-16 07:55 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 00:08 - 2014-07-14 10:20 - 00100352 ___SH () C:\Users\heaven_one\Desktop\Thumbs.db
2014-07-15 13:06 - 2014-04-12 10:37 - 00000000 ____D () C:\Users\Public\Documents\EyeFrame Data
2014-07-15 11:58 - 2014-07-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-07-15 11:57 - 2014-07-15 11:57 - 01348263 _____ () C:\Users\heaven_one\Downloads\adwcleaner_3.215.exe
2014-07-15 11:57 - 2013-05-05 00:05 - 00000000 ____D () C:\Users\heaven_one
2014-07-15 11:56 - 2014-07-15 11:55 - 00001826 _____ () C:\sc-cleaner.txt
2014-07-15 11:55 - 2014-07-15 11:55 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\heaven_one\Desktop\sc-cleaner.exe
2014-07-15 06:55 - 2014-07-15 06:44 - 00015055 _____ () C:\zoek-results.log
2014-07-15 06:54 - 2014-05-19 13:04 - 00007362 _____ () C:\Windows\PFRO.log
2014-07-15 06:54 - 2013-05-05 00:45 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-15 06:50 - 2014-07-15 06:43 - 00000000 ____D () C:\zoek_backup
2014-07-15 06:43 - 2014-07-15 06:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-15 06:34 - 2014-07-15 06:34 - 01287168 _____ () C:\Users\heaven_one\Desktop\zoek.exe
2014-07-15 06:17 - 2013-05-23 18:49 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu
2014-07-14 23:03 - 2014-07-14 23:03 - 02086912 _____ (Farbar) C:\Users\heaven_one\Desktop\FRST64.exe
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{4A7ADE05-550F-48FD-B8D7-53B7A4BCBDF1}
2014-07-14 22:44 - 2014-07-14 22:44 - 00003256 _____ () C:\Windows\System32\Tasks\{226FE937-A29F-499C-B05F-76374CCB09D4}
2014-07-14 22:42 - 2014-07-14 22:42 - 03736040 _____ (Piriform Ltd) C:\Users\heaven_one\Downloads\ccsetup415_slim.exe
2014-07-14 22:42 - 2014-07-14 22:42 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-14 22:42 - 2014-07-14 22:42 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 22:42 - 2014-07-14 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 22:38 - 2013-09-01 14:14 - 00000000 ____D () C:\Users\heaven_one\Documents\SavedGames
2014-07-14 22:26 - 2013-10-13 10:49 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia
2014-07-14 22:15 - 2014-07-14 22:15 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 22:14 - 2014-07-14 22:14 - 01016261 _____ (Thisisu) C:\Users\heaven_one\Downloads\JRT_6.1.4.exe
2014-07-14 22:05 - 2014-07-14 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 22:03 - 2014-04-06 11:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 22:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 21:40 - 2014-07-14 21:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 21:33 - 2014-07-14 21:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 21:32 - 2014-07-14 21:32 - 11185664 _____ (SurfRight B.V.) C:\Users\heaven_one\Desktop\hitmanpro_x64.exe
2014-07-14 21:28 - 2014-07-14 21:28 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:28 - 2014-07-14 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-14 21:24 - 2014-07-14 21:24 - 00961360 _____ (Chip Digital GmbH) C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-07-14 17:19 - 2014-07-14 13:49 - 00000000 ____D () C:\Users\heaven_one\Desktop\videos cc
2014-07-14 17:15 - 2014-07-14 17:15 - 05151944 _____ () C:\Users\heaven_one\Downloads\Fruits Game - Let's Identify fruits name.mp4
2014-07-14 17:13 - 2014-05-08 19:48 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\HandBrake
2014-07-14 16:10 - 2014-07-14 16:10 - 17789117 _____ () C:\Users\heaven_one\Desktop\Beach Rocks At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 05836366 _____ () C:\Users\heaven_one\Desktop\Cityscape At Dusk-1.m4v
2014-07-14 16:09 - 2014-07-14 16:09 - 02515399 _____ () C:\Users\heaven_one\Desktop\Clouds (time Lapse)-1.mp4
2014-07-14 16:08 - 2014-07-14 16:07 - 144305049 _____ () C:\Users\heaven_one\Desktop\Cycling Amsterdam In The Rain-1.mp4
2014-07-14 16:07 - 2014-07-14 16:07 - 14411359 _____ () C:\Users\heaven_one\Desktop\216448035-1.mp4
2014-07-14 16:06 - 2014-07-14 16:04 - 113612814 _____ () C:\Users\heaven_one\Desktop\yellowstone 29p.mp4
2014-07-14 16:01 - 2013-07-04 19:51 - 00001315 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-14 16:01 - 2013-07-04 19:51 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-14 14:17 - 2014-07-14 14:17 - 00000000 ____D () C:\Users\heaven_one\Documents\paint.net Benutzerdateien
2014-07-14 14:12 - 2014-07-14 13:50 - 00000000 ____D () C:\Users\heaven_one\Desktop\musik cc
2014-07-14 13:08 - 2013-05-11 16:21 - 00265614 _____ () C:\Users\heaven_one\Documents\NewDatabase.kdbx
2014-07-13 16:37 - 2013-06-20 13:35 - 00000000 ____D () C:\Users\heaven_one\Desktop\Dokumente
2014-07-12 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 12:55 - 2014-07-12 12:55 - 00003072 _____ () C:\Users\heaven_one\Downloads\Omsi-RealWetterDaten.rar
2014-07-12 11:34 - 2014-04-02 13:50 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2014-07-12 11:24 - 2014-03-27 18:16 - 00000000 ____D () C:\Users\heaven_one\Desktop\Cajon Workshop
2014-07-12 10:34 - 2013-12-18 22:02 - 00001841 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-07-12 10:34 - 2013-12-18 22:02 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-12 10:26 - 2014-07-12 10:24 - 108439379 _____ () C:\Users\heaven_one\Downloads\Vortrag-Loslassen-Saeed-Habibzadeh.zip
2014-07-12 10:26 - 2014-07-12 10:24 - 101441007 _____ () C:\Users\heaven_one\Downloads\Vortrag-Freundschaft-Saeed-Habibzadeh.zip
2014-07-12 10:22 - 2014-04-05 09:36 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\Audacity
2014-07-11 10:56 - 2014-07-11 10:55 - 36460296 _____ () C:\Users\heaven_one\Downloads\Ólafur Arnalds - Near Light (Live on KEXP).mp4
2014-07-11 10:18 - 2014-06-04 14:56 - 00108334 _____ () C:\Windows\DPINST.LOG
2014-07-11 10:15 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:15 - 2009-07-14 06:45 - 00492960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 20:36 - 2013-11-23 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 20:35 - 2013-09-14 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 20:35 - 2013-05-08 00:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 18:33 - 2014-07-10 18:30 - 89219928 _____ () C:\Users\heaven_one\Downloads\Mercedes_New_2.7.rar
2014-07-10 18:32 - 2014-07-10 18:32 - 00921624 _____ () C:\Users\heaven_one\Downloads\Hamburg Hof-rar.rar
2014-07-10 15:45 - 2014-07-10 15:45 - 00008259 _____ () C:\Users\heaven_one\Desktop\Meet_Without_Meat.xlsx
2014-07-09 21:40 - 2013-05-05 00:30 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 21:40 - 2013-05-05 00:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:19 - 2014-04-10 18:01 - 00000000 ____D () C:\Program Files\OBS
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Skype
2014-07-08 21:56 - 2014-07-08 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 21:56 - 2013-06-25 11:52 - 00000000 ____D () C:\ProgramData\Skype
2014-07-08 21:55 - 2014-07-08 21:55 - 01677440 _____ (Skype Technologies S.A.) C:\Users\heaven_one\Downloads\SkypeSetup.exe
2014-07-07 13:14 - 2014-07-07 13:09 - 233546454 _____ () C:\Users\heaven_one\Downloads\MBO530_V3final.zip
2014-07-07 13:14 - 2014-07-07 13:09 - 200266912 _____ () C:\Users\heaven_one\Downloads\MBO530G_V3final.zip
2014-07-07 13:09 - 2014-07-07 13:08 - 10595666 _____ () C:\Users\heaven_one\Downloads\Environment-Soundpack.zip
2014-07-07 13:03 - 2014-07-07 13:01 - 73578015 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 71468688 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o530_V2.7z
2014-07-07 13:03 - 2014-07-07 13:01 - 69288494 _____ () C:\Users\heaven_one\Downloads\Omsi2.ru_Mercedes_o520_V2.7z
2014-07-07 11:45 - 2014-07-07 11:44 - 47423332 _____ () C:\Users\heaven_one\Downloads\OMSI_O530-Rheinhausen-Repaints-numeriert-V1-01.rar
2014-07-07 11:45 - 2014-07-07 11:43 - 145311477 _____ () C:\Users\heaven_one\Downloads\OMSI_rvb-Repaintset_SD+NL_V3-02.rar
2014-07-07 11:43 - 2014-07-07 11:43 - 03471024 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-ORL.zip
2014-07-07 11:43 - 2014-07-07 11:43 - 03431937 _____ () C:\Users\heaven_one\Downloads\OMSI-O405N2ZT-rvb.zip
2014-07-07 11:33 - 2014-07-07 11:33 - 00037882 _____ () C:\Users\heaven_one\Downloads\SMRT-Font-GermanRework-Marc1972.zip
2014-07-07 09:27 - 2014-07-07 09:27 - 00074329 _____ () C:\Users\heaven_one\Downloads\Additional Traffic Signs 1.0.1.ams
2014-07-07 09:26 - 2014-07-07 09:26 - 03340544 _____ () C:\Users\heaven_one\Downloads\gcW_streetobjects_1.3.1.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 01138449 _____ () C:\Users\heaven_one\Downloads\b8aae73aaa41af44d125d01df14858b0-nemolusverkehrsschilder.zip
2014-07-07 09:26 - 2014-07-07 09:26 - 00031145 _____ () C:\Users\heaven_one\Downloads\din_fonts_10.zip
2014-07-07 09:25 - 2014-07-07 09:25 - 17220235 _____ () C:\Users\heaven_one\Downloads\TerrainSplinesV4_2-by_Baureihe189Fan-Bluescreen(1).7z
2014-07-07 09:25 - 2014-07-07 09:25 - 01558590 _____ () C:\Users\heaven_one\Downloads\VKL--s-Splines-V1.0.rar
2014-07-07 09:25 - 2014-07-07 09:25 - 01145661 _____ () C:\Users\heaven_one\Downloads\SceneryObjects_by_folti_12(1).rar
2014-07-07 09:23 - 2014-07-07 09:23 - 05585398 _____ () C:\Users\heaven_one\Downloads\ADDON_SimpleStreets.ams
2014-07-07 09:23 - 2014-07-07 09:21 - 149631138 _____ () C:\Users\heaven_one\Downloads\Rheinhausen V4 (gepackt von Cunwad).zip
2014-07-07 09:12 - 2014-07-07 09:10 - 111035298 _____ () C:\Users\heaven_one\Downloads\Ahlheim V2 - OMSI 2.7z
2014-07-07 09:05 - 2013-05-11 18:27 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-07 09:05 - 2013-05-11 18:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-07-04 14:03 - 2013-07-04 19:51 - 00000000 ____D () C:\Users\heaven_one\AppData\Local\Paint.NET
2014-07-03 18:34 - 2014-07-03 18:34 - 01292820 _____ () C:\Users\heaven_one\Downloads\3DZ-Bonus-Polizei.zip
2014-06-29 14:17 - 2013-05-05 00:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-28 22:51 - 2014-06-28 22:51 - 03821747 _____ () C:\Users\heaven_one\Downloads\dbtracks_londonbrighton.zip
2014-06-28 22:10 - 2014-06-28 22:10 - 00000366 _____ () C:\Windows\DirectX.log
2014-06-28 22:10 - 2014-06-28 22:10 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-06-23 23:38 - 2013-07-13 15:15 - 00000000 ____D () C:\Users\heaven_one\AppData\Roaming\FileZilla
2014-06-23 21:56 - 2013-11-23 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-23 21:56 - 2013-07-13 15:15 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-23 21:02 - 2014-06-17 20:52 - 00000000 ____D () C:\Users\heaven_one\Desktop\mannheim
2014-06-23 19:59 - 2014-04-03 12:02 - 00003584 _____ () C:\Users\heaven_one\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-23 16:55 - 2013-05-11 14:22 - 00000000 ____D () C:\Users\heaven_one\Desktop\teamspeak3-server_win64
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-22 18:32 - 2014-06-22 18:13 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-22 18:13 - 2014-06-22 18:13 - 00000000 ____D () C:\Users\heaven_one\Documents\Freemake
2014-06-22 15:09 - 2014-06-22 14:58 - 615586294 _____ () C:\Users\heaven_one\Desktop\live and let live.mp4
2014-06-20 22:14 - 2014-07-10 15:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-10 15:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 09:17 - 2014-02-01 20:53 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 09:17 - 2014-02-01 20:53 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 09:05 - 2013-05-05 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 03:39 - 2014-07-10 15:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 15:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 15:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 15:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 15:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 15:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 15:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 15:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 15:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 15:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 15:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 15:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 15:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 15:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 15:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 15:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 15:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 15:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 15:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 15:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 15:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 15:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 15:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 15:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 15:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 15:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 15:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 15:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 15:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 15:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 15:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 15:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 15:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 15:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 15:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 15:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 15:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 15:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 15:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 15:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 15:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 15:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 15:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 15:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 15:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 12:27 - 2014-06-18 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 04:18 - 2014-07-10 15:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 15:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 15:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\heaven_one\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 07:50

==================== End Of Log ============================
         
--- --- ---

Alt 18.07.2014, 11:52   #14
Railworker
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



und die addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by heaven_one at 2014-07-18 12:44:30
Running from C:\Users\heaven_one\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

3DZUG Polizei (HKLM-x32\...\DAE2779A-8A6E-42A1-9698-8ED0F3CF9B68_is1) (Version: 1.0 - 3DZUG)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
aerosoft's - Berlin-Wittenberg (HKLM-x32\...\{04D946B3-0B81-41A4-A793-B59000EAEAA8}) (Version: 1.00 - aerosoft)
aerosoft's - Im Koeblitzer Bergland (HKLM-x32\...\{8B8ABACE-3DF1-4DDC-8BF5-3D2D368E3E64}) (Version: 1.20 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.02 - aerosoft)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
ASRock 3TB+ Unlocker v1.0 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.209 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft Montreal)
ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.0.22 - ASUS)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Back to the Future: Ep 1 - It's About Time (HKLM-x32\...\Steam App 31290) (Version:  - Telltale Games)
Back to the Future: Ep 2 - Get Tannen! (HKLM-x32\...\Steam App 94500) (Version:  - )
Back to the Future: Ep 3 - Citizen Brown (HKLM-x32\...\Steam App 94510) (Version:  - )
Back to the Future: Ep 4 - Double Visions (HKLM-x32\...\Steam App 94520) (Version:  - )
Back to the Future: Ep 5 - OUTATIME (HKLM-x32\...\Steam App 94530) (Version:  - )
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version:  - Threaks)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - )
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version:  - Larian Studios)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
EyeFrame Converter 1.8.1 (HKLM-x32\...\{DAEA793F-1378-45D1-A4AD-8ED944AA1F76}_is1) (Version:  - Tin2tin)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Game of Thrones  (HKLM-x32\...\Steam App 208730) (Version:  - Cyanide Studios)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hector: Ep 1 (HKLM-x32\...\Steam App 94600) (Version:  - )
Hector: Ep 2 (HKLM-x32\...\Steam App 94610) (Version:  - )
Hector: Ep 3 (HKLM-x32\...\Steam App 94620) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Trains - Three Country Corner Route (HKLM-x32\...\{8591C645-D5C9-4357-8566-C7945AC2DE65}) (Version: 1.00.0000 - Just Trains)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version:  - Crystal Dynamics)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.8.2 - Loksim3D)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office-korrekturverktøy 2013 - bokmål  (HKLM\...\{90150000-001F-0414-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mountain Trap - Das Anwesen der Erinnerungen (HKCU\...\Mountain Trap - Das Anwesen der Erinnerungen 1.0) (Version: 1.0 - Dok)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9AFDC558-9575-48B8-BC39-CCAACB8DC05E}) (Version: 4.4.1.0 - Alexander Nikiforov)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Game Long Name (HKLM\...\UDK-e262b0e0-c32a-4c0f-85a7-4038dee9f6ff) (Version:  - Epic Games, Inc.)
MyMicroBalance (HKLM-x32\...\{D5D2D341-52AE-4811-9BFF-85FE26C23721}) (Version: 3.0.0 - startzentrum GmbH & Co KG)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.50 (Version: 337.50 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OMSI - Hamburg (HKLM-x32\...\{CBAF25BB-BD31-4663-84C8-13104B3D3DCC}) (Version: 1.11 - aerosoft)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
OMSI 2 FX Version 1.0 (HKLM-x32\...\{A74A4675-0C9B-49EA-AEFF-CB7D132E2D87}_is1) (Version: 1.0 - Thomas Schlichtinger/OmsiSoftware.de)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Paragon Hard Disk Manager™ 12 Suite (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - )
Puzzle Agent (HKLM-x32\...\Steam App 31270) (Version:  - Telltale Games)
Puzzle Agent 2 (HKLM-x32\...\Steam App 94590) (Version:  - )
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version:  - Wizarbox)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RivaTuner Statistics Server 5.3.0 (HKLM-x32\...\RTSS) (Version: 5.3.0 - Unwinder)
RW_Tools V4 (HKCU\...\RW_Tools V4) (Version:  - )
Sam & Max 301: The Penal Zone (HKLM-x32\...\Steam App 31220) (Version:  - Telltale Games)
Sam & Max 302: The Tomb of Sammun-Mak (HKLM-x32\...\Steam App 31230) (Version:  - Telltale Games)
Sam & Max 303: They Stole Max's Brain! (HKLM-x32\...\Steam App 31240) (Version:  - Telltale Games)
Sam & Max 304: Beyond the Alley of the Dolls (HKLM-x32\...\Steam App 31250) (Version:  - Telltale Games)
Sam & Max 305: The City that Dares not Sleep (HKLM-x32\...\Steam App 31260) (Version:  - Telltale Games)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Scrolls (HKLM-x32\...\Scrolls 1.0.0) (Version: 1.0.0 - Mojang)
Scrolls (x32 Version: 1.0.0 - Mojang) Hidden
Seagate DiscWizard (HKLM-x32\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Solaris Urbino 12 III - Version 2.01 by CNB-Projekts - (HKCU\...\Solaris Urbino 12 III - Version 2.01 by CNB-Projekts -) (Version:  - )
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SweetFX Configurator (HKCU\...\f4ebec2474b2f64a) (Version: 1.3.2.27 - SweetFX Configurator)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version:  - Frogwares)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.3 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.3 - Ubisoft) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
UKTS Freeware Pack - AP Class 142 Scenario Pack #1 (HKLM-x32\...\{FC98D1D7-713F-464C-8881-B08C04DB1BBA}) (Version: 1.0.1 - UKTrainSim)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (HKLM-x32\...\{07BB63A6-188D-4447-A0B6-8ED8B2075B81}) (Version: 1.0.9 - UKTrainSim)
UKTS Freeware Pack - Clutter #1 (HKLM-x32\...\{F355333F-795E-4593-ACAA-5C0F9D719D49}) (Version: 1.0.6 - UKTrainSim)
UKTS Freeware Pack - Commercial #1 (HKLM-x32\...\{64C9CBEC-1260-44F1-9304-F0CF9EFF9951}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Foliage #1 (HKLM-x32\...\{E7B3D305-0229-4720-81A5-811E2E23DE43}) (Version: 1.0.2 - UKTrainSim)
UKTS Freeware Pack - Housing #1 (HKLM-x32\...\{AAEA1063-229A-406B-9962-864AEFBBD82F}) (Version: 1.1.1 - UKTrainSim)
UKTS Freeware Pack - Industrial #1 (HKLM-x32\...\{B19E2B7A-745D-4B67-B21B-C97F727F3923}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Railway Buildings #1 (HKLM-x32\...\{13969A12-BC34-42DB-906D-D55FA9675EC2}) (Version: 1.0.4 - UKTrainSim)
UKTS Freeware Pack - UK Carriages #1 (HKLM-x32\...\{5CBFEC54-FA2C-4A96-A203-FBDBC5C40D69}) (Version: 1.1.2 - UKTrainSim)
UKTS Freeware Pack - UK Classic Diesel and Electric #1 (HKLM-x32\...\{8413AD1E-09F1-42F9-A33C-5FF3EC8EA308}) (Version: 1.1.4 - UKTrainSim)
UKTS Freeware Pack - UK DMUs-EMUs-Trams #1 (HKLM-x32\...\{2F554E44-C40D-4685-B73F-4E3701765B8C}) (Version: 1.1.4 - UKTrainSim)
UKTS Freeware Pack - UK Steam #1 (HKLM-x32\...\{BF9DC935-7351-406E-9073-A364827AAA8D}) (Version: 1.1.1 - UKTrainSim)
UKTS Freeware Pack - UK Wagons #1 (HKLM-x32\...\{2CEDFC42-C1AC-443D-A11D-4BA201CC2C84}) (Version: 1.1.3 - UKTrainSim)
UKTS Freeware Route Pack - Coniston Branch (HKLM-x32\...\{A911FCA6-F910-4065-868D-9828C285944B}) (Version: 1.0.7 - UKTrainSim)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wallace & Gromit Ep 1: Fright of the Bumblebees (HKLM-x32\...\Steam App 31100) (Version:  - Telltale Games)
Wallace & Gromit Ep 2: The Last Resort (HKLM-x32\...\Steam App 31110) (Version:  - Telltale Games)
Wallace & Gromit Ep 3: Muzzled! (HKLM-x32\...\Steam App 31120) (Version:  - Telltale Games)
Wallace & Gromit Ep 4: The Bogey Man (HKLM-x32\...\Steam App 31130) (Version:  - Telltale Games)
Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version:  - Eugen Systems)
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Ino-Co Plus)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World Landscapes (HKLM-x32\...\World Landscapes1.08.06.12 - Freeware Edition) (Version: 1.08.06.12 - Freeware Edition - 3DTrains)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)
Zusi 2.4 (HKLM-x32\...\Zusi - Der Zugsimulator_is1) (Version: 2.4 - Carsten Hoelscher)

==================== Restore Points  =========================

08-07-2014 06:14:55 Windows Update
10-07-2014 18:33:49 Windows Update
14-07-2014 14:01:03 paint.net v4.0.1
14-07-2014 19:40:23 Prüfpunkt von HitmanPro
14-07-2014 19:40:53 Prüfpunkt von HitmanPro
14-07-2014 20:02:55 Wiederherstellungsvorgang
14-07-2014 20:12:54 Prüfpunkt von HitmanPro
14-07-2014 20:37:59 Removed Path of Exile
15-07-2014 04:44:37 zoek.exe restore point
15-07-2014 22:06:06 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0299508D-4F47-43AC-9268-2BAA4E402238} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {0B1CA921-BA41-4E99-A121-2D94E0647ABA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {17CF9DB1-724B-48F0-80C0-C2DA38032BDB} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-07-18] ()
Task: {4B4C08FD-7DF1-4A58-9E87-5825A5614571} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {7052EB1A-655A-4741-AF38-6D37E4CA51DB} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {E882484C-7CD2-49E3-A7AA-2BF4182B5CBE} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe [2012-10-25] (ASRock)
Task: {E9817A77-E2EF-49A3-AFA1-251FE71DB256} - System32\Tasks\AsrXTU => E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe [2012-04-12] ()
Task: {FBB8097F-B2D1-40A9-8684-E64C7D747CB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-05 00:25 - 2014-03-27 04:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-24 21:30 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-05-05 00:44 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-05-05 00:44 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-07-07 09:06 - 2014-07-07 09:06 - 00046080 _____ () C:\Users\heaven_one\AppData\Local\KeePass\PluginCache\J1dTSUyDMfoJCshbCV5J\Fleck2.dll
2013-05-04 22:33 - 2012-04-12 21:32 - 08455464 _____ () E:\backup neuinstall\ASRock Utility\AXTU\Bin\AsrXTU.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-11-24 21:30 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-05-04 22:33 - 2012-02-24 11:53 - 00094208 _____ () E:\backup neuinstall\ASRock Utility\AXTU\Bin\IccLibDll.DLL
2013-05-05 00:41 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: XBOX 360 For Windows (Headset)
Description: USB-Audiogerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-USB-Audio)
Service: usbaudio
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ASUS Xonar DG Audio Device
Description: ASUS Xonar DG Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK
Service: cmudaxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: COMODO Internet Security Helper Driver
Description: COMODO Internet Security Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: cmdHlp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2014 00:41:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:53:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:52:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:11:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:11:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:11:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:11:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:11:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:11:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/18/2014 07:10:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/18/2014 07:08:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/17/2014 08:23:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/17/2014 04:12:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/17/2014 02:14:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/17/2014 08:47:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/17/2014 08:41:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/16/2014 06:22:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/16/2014 09:45:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/16/2014 07:55:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp

Error: (07/16/2014 00:01:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cmdHlp


Microsoft Office Sessions:
=========================
Error: (07/18/2014 00:41:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/18/2014 07:53:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\heaven_one\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:52:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/18/2014 07:11:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:11:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:11:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:11:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:11:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Downloads\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:11:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Downloads\esetsmartinstaller_deu.exe

Error: (07/18/2014 07:10:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\heaven_one\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-18 07:52:27.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 07:52:27.717
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 07:52:27.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 07:52:27.714
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 07:52:27.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 07:52:27.712
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.826
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.826
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 21:44:16.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 16348.18 MB
Available physical RAM: 12470.82 MB
Total Pagefile: 32694.54 MB
Available Pagefile: 29586.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (heaven_one_desk) (Fixed) (Total:238.47 GB) (Free:36.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Games) (Fixed) (Total:2599.08 GB) (Free:659.96 GB) NTFS
Drive f: (Programme) (Fixed) (Total:195.31 GB) (Free:102.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 667FF7DE)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2795 GB) (Disk ID: B6B1A4E8)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Zusätzlich habe ich mir mal Gedanken über meinen Virenschutz gemacht. Mit dem Kaspersky scheint es nicht wirklich zu funktionieren und da die Lizenz in 3 Monaten abläuft, steht entweder eine Verlängerung bzw. jetzt wahrscheinlicher, ein Wechsel an. Kannst du/ könnt ihr den von Eset (inkl. Firewall) empfehlen?

Alt 18.07.2014, 22:09   #15
Bootsektor
Ruhe in Frieden
† 2019
 
Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Standard

Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht



Hallo Railworker,

natürlich kommen Spenden uns allen zugute.

bitte achte zukünftig vermehrt darauf, wo du dir Programme runterlädst, Chip zB. ist gerne eine Quelle für Adware oder auch Downloader, von daher lieber direkt beim Hersteller das Programms runterladen

Eset ist gut

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\heaven_one\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
E:\backup heaven_one\android\apps\wingames3i_micz6i7d.apk
E:\backup heaven_one\Programme\dvdflick_setup_1.3.0.7.exe
E:\backup neuinstall\heaven_one\AppData\Roaming\OpenCandy\30891F1B0EE640B1A9C7D3D9A683EDF8\conduitinstaller.exe
E:\backup neuinstall\heaven_one\AppData\Roaming\OpenCandy\30891F1B0EE640B1A9C7D3D9A683EDF8\ConduitRBCB_p1v1.exe
E:\Downloads\Downloads\TuneUpUtilities2012v120350013_de-DE.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



OK
So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber.
Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir.

Schritt 1

Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren.
Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen.

Schritt 2
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Falls nach Delfix noch Programme aus unserer Bereinigung vorhanden sein sollten, kannst du diese nun bedenkenlos löschen.

Updates / Programme aktualisieren
  • FlashPlayer
Dein FlashPlayer für den InternetExplorer (ActiveX) ist nicht mehr aktuell.
  • deinstalliere die alten Versionen.
  • Öffne mit dem InternetExplorer folgenden Link Adobe - Adobe Flash Player installieren
  • Falls sich dort etwas anderes als der FlashPlayer noch zusätzlich mitinstallieren möchte, entferne den Haken dort
Aktualisierung einstellen
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen:
Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
  • Java
Dein Java ist nicht mehr aktuell.
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren.
Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren.

Windows XP
Gehe auf:
Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen
Windows Vista
Gehe auf:
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen
Windows 7
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen
Windows 8
Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen -->Javaversionen auswählen --> entfernen

Falls du Java doch unbedingt benötigst, dann
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 65 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.

und sorge dafür, dass Java automatisch updated.
Dazu:
  • öffne Java
  • klicke auf den Reiter Update
  • klicke auf: Benachrichtung ausgeben: Vor dem Download setze den Haken bei Automatisch nach Updates suchen
  • klicke auf Erweitert
  • ändere das Intervall mindestens auf wöchentlich
und schalte das Browser-Plugin aus.
Hier findest du eine Anleitung dazu.

Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems.

Aktualität des Systems
Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Antivirensoftware
  • Gehe sicher immer eine Antiviren Software installiert zu haben und halte diese unbedingt aktuell.

Zusätzlicher Schutz
  • MalwareBytes Anti-Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On-Demand Scantool welches viele aktuelle Malware erkennt und auch entfernt.
    Aktualisiere das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf einen Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Systemleistung
Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows.
Windows Vista
  • Klicke unten links auf das Vistasymbol
  • Gehe auf Programme -> Zubehör -> Systemprogramme -> Datenträgerbereinigung
  • Wähle nun Dateien von allen Benutzern des Computers aus und bestätige mit OK
  • Setze den Haken bei den zu löschenden Dateien zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Windows 7
  • Gehe auf das Windowsstartsymbol
  • Gebe im Suchfeld Datenträgerrereinigung ein
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK

Windows 8
  • Rechtsklicke in die untere linke Ecke deines Bildschirms
  • Klicke auf Suchen
  • Klicke auf Einstellungen
  • Gebe im Suchfeld Datenträgerbereinigung ein
  • Klicke in den Einstellungen auf der linken Seite nun auf Speicherplatz durch Löschen nicht erforderlicher Dateien freigeben
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Halte dich fern von jeglichen Registry Cleanern.
Diese schaden deinem System mehr als dass sie es schneller machen.

Verhaltensregeln zum sichereren Surfen
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
  • Achte besonders bei der Installation von Programmen darauf, ob sich weitere Software mitinstallieren möchte, wähle wo immer es geht die benutzerdefinierte Installation und wähle alles ab, was nichts mit dem Programm zu tun hat, welches du dir installieren möchtest.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind.

Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun.

Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.

Antwort

Themen zu Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht
aufsetzen, browser, check, datenübertragung, erreichbar, explorer, fehlermeldung, firefox, google, hintergrund, infektion, internet explorer, internetverbindung, laptop, malwarebytes, neu, pop-ups, redirect, router, seite, seiten, system, verbindung, vorschaubilder, werbung, youtube



Ähnliche Themen: Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht


  1. einzelne doppelt unterstrichene blaue Wörter und unerwünschte Werbung
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (13)
  2. Doppelt grün unterstrichene Wörter (Win7 Google Chrome)
    Log-Analyse und Auswertung - 01.04.2014 (5)
  3. Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet und unkontrollierte Öffnung von Werbefenstern
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (5)
  4. Doppelt grün unterstrichene Wörter mit Verlinkung
    Log-Analyse und Auswertung - 23.03.2014 (52)
  5. Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet
    Plagegeister aller Art und deren Bekämpfung - 22.03.2014 (17)
  6. Windows 8: Einzelne Wörter grün, doppelt unterstrichen und verlinkt mit Werbung etc.
    Plagegeister aller Art und deren Bekämpfung - 21.03.2014 (14)
  7. windwos 7 32 bit bekomme die grün unterstrichene Werbung im Internet nicht mehr weg
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (3)
  8. Firefox Werbung am Rand und doppelt grün unterstrichene Wörter
    Log-Analyse und Auswertung - 03.03.2014 (3)
  9. Windows 8: Im Browser erscheinen grün Doppelt unterstrichene Wörter, die mich umleiten wollen
    Log-Analyse und Auswertung - 29.12.2013 (17)
  10. Doppelt grün unterstrichene Worte, Link auf einen download eines unbekannten Players
    Log-Analyse und Auswertung - 17.12.2013 (11)
  11. grün doppelt unterstrichene Textstellen
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (16)
  12. Win7: Doppelt grün/blau unterstrichene Wörter im Browser mit Verlinkungen
    Log-Analyse und Auswertung - 16.09.2013 (7)
  13. Problem: Habe grün unterstrichene (doppelt) Textstellen
    Alles rund um Windows - 09.09.2013 (18)
  14. Doppelt grün unterstrichene Wörter mit Link auf externe Webseiten
    Log-Analyse und Auswertung - 05.09.2013 (7)
  15. Doppelt grün unterstrichene Wörter mit Link auf externe Webseiten
    Log-Analyse und Auswertung - 03.09.2013 (15)
  16. Doppelt grün unterstrichene Wörter und Fehlermeldung des Antiviren Programms
    Log-Analyse und Auswertung - 01.09.2013 (15)
  17. Windows 7: Doppelt grün unterstrichene Links, Websites werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 29.08.2013 (9)

Zum Thema Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht - Hallo zusammen, ihr seid meine letzte Rettung, bevor ich mein System neu aufsetzen muss. Bis heute nachmittag lief noch alles problemlos. Als ich gerade mit Lightworks (Videobearbeitungsprogramm) gearbeitet hatte und - Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht...
Archiv
Du betrachtest: Win 7 Infektion: Pop-Ups mit cdn.cloudwm.com, doppelt grün unterstrichene Textbausteine mit Werbung, einzelne Webseiten gehen nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.