Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2014, 17:23   #1
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Hallo zusammen,
ich habe seit geraumer Zeit das Problem, dass meine Browser (Chrome, Firefox, IE) verschiedene Probleme aufweisen:
Chrome(vormals primär genutzt):
- es sind Addons installiert die ich nicht entfernen kann: DiscountExtenasui 7.2, AdRRemoveerUTeube 1.9, Facebook voice input 148, GrreauTSave4U 2.3, Keep Last Two Tabs 216, Papas Pizzeria 233 zum Teil mehrfach
- Es wird ungewollt auf Werbeseiten weitergeleitet
- Ich habe das Gefühl es wird Werbung auf Webseiten implementiert, wo keine sein sollte
IE:
Nachdem Chrome vermutlich wegen den Addons nicht mehr richtig lief, bin ich auf IE umgestiegen. Dieses lässt sich aber nicht mehr starten. Wenn ich die .exe ausführe passiert nichts.
Firefox:
Momentan nutze ich Firefox, was aber ähnliche Symptome aufweist, wie Chrome nur nicht ganz so schlimm.

Ich wäre sehr erfreut, wenn mir ein Helfer in diesem Forum helfen könnte dieses Problem zu lösen, ich selbst habe es leider nicht geschafft.
Bereits ausgeführte Schritte:
- In Quarantäne verschobene Trojaner per Antivir(Log im Thread)
- In Quarantäne verschobene Malware per Malwarebytes Anti Malware (Log im Thread)


Vielen Dank für die Hilfe schonmal im Voraus

Hier meine erstellten Logs:
Antivir (von Anfang Juli)
Code:
ATTFilter
Typ:	Datei
Quelle:	C:\ProgramData\ExstraSavvings\f4.x64.dll
Status:	Infiziert
Quarantäne-Objekt:	56b8edb1.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.20.30
Virendefinitionsdatei:	8.11.159.126
Gefunden:	ADWARE/MultiPlug.CI
Datum/Uhrzeit:	09.07.2014, 19:28


Typ:	Datei
Quelle:	C:\ProgramData\ExstraSavvings\f4.exe
Status:	Infiziert
Quarantäne-Objekt:	56abe8ba.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.20.30
Virendefinitionsdatei:	8.11.159.126
Gefunden:	ADWARE/MultiPlug.YU
Datum/Uhrzeit:	09.07.2014, 19:27


Typ:	Datei
Quelle:	C:\ProgramData\ExstraSavvings\f4.dll
Status:	Infiziert
Quarantäne-Objekt:	5619ad8c.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.20.10
Virendefinitionsdatei:	8.11.155.242
Gefunden:	ADWARE/MultiPlug.ajad
Datum/Uhrzeit:	21.06.2014, 09:50


Typ:	Datei
Quelle:	C:\ProgramData\AllSoaverr\j8deZA16kS.dll
Status:	Infiziert
Quarantäne-Objekt:	562f3f55.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.36
Virendefinitionsdatei:	7.11.152.150
Gefunden:	ADWARE/MultiPlug.bfk
Datum/Uhrzeit:	02.06.2014, 18:47


Typ:	Datei
Quelle:	C:\ProgramData\AllSoaverr\j8deZA16kS.dll
Status:	Infiziert
Quarantäne-Objekt:	4eb81562.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.36
Virendefinitionsdatei:	7.11.152.150
Gefunden:	ADWARE/MultiPlug.bfk
Datum/Uhrzeit:	02.06.2014, 18:47


Typ:	Datei
Quelle:	C:\ProgramData\DiscountExtenasui\4XXPC8G.exe
Status:	Infiziert
Quarantäne-Objekt:	55b55460.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.18
Virendefinitionsdatei:	7.11.148.224
Gefunden:	ADWARE/Rogue.497664.97
Datum/Uhrzeit:	11.05.2014, 21:07


Typ:	Datei
Quelle:	C:\ProgramData\SaveNewaAppz\_ycU4x.exe
Status:	Infiziert
Quarantäne-Objekt:	556a545f.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.18
Virendefinitionsdatei:	7.11.148.224
Gefunden:	ADWARE/Adware.Gen7
Datum/Uhrzeit:	11.05.2014, 21:06


Typ:	Datei
Quelle:	C:\ProgramData\ExeStaraCoupon\ZzTvSoxapT.x64.dll
Status:	Infiziert
Quarantäne-Objekt:	4ec1af01.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.04
Virendefinitionsdatei:	7.11.143.120
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	15.04.2014, 12:57


Typ:	Datei
Quelle:	C:\ProgramData\ExeStaraCoupon\ZzTvSoxapT.exe
Status:	Infiziert
Quarantäne-Objekt:	565680a6.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.04
Virendefinitionsdatei:	7.11.143.120
Gefunden:	ADWARE/Adware.Gen7
Datum/Uhrzeit:	15.04.2014, 12:57


Typ:	Datei
Quelle:	C:\ProgramData\ExeStaraCoupon\ZzTvSoxapT.dll
Status:	Infiziert
Quarantäne-Objekt:	55d28e5e.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.04
Virendefinitionsdatei:	7.11.143.120
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	15.04.2014, 12:56


Typ:	Datei
Quelle:	C:\ProgramData\SaveNewaAppz\_ycU4x.x64.dll
Status:	Infiziert
Quarantäne-Objekt:	777c45b6.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.16.08
Virendefinitionsdatei:	7.11.136.204
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	13.03.2014, 18:48


Typ:	Datei
Quelle:	C:\ProgramData\ENjoyCouupoon\Gni.x64.dll
Status:	Infiziert
Quarantäne-Objekt:	11450a41.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.16.08
Virendefinitionsdatei:	7.11.136.204
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	13.03.2014, 18:48


Typ:	Datei
Quelle:	C:\ProgramData\DiscountExtenasui\4XXPC8G.x64.dll
Status:	Infiziert
Quarantäne-Objekt:	43e950cb.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.16.08
Virendefinitionsdatei:	7.11.136.204
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	13.03.2014, 18:48


Typ:	Datei
Quelle:	C:\ProgramData\AdRRemoveerUTeube\azGP.x64.dll
Status:	Infiziert
Quarantäne-Objekt:	5b6f7f12.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.16.08
Virendefinitionsdatei:	7.11.136.204
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	13.03.2014, 18:48


Typ:	Datei
Quelle:	C:\ProgramData\Intelewin filter\Intelewinfilter.dll
Status:	Infiziert
Quarantäne-Objekt:	5bd77e28.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.16.08
Virendefinitionsdatei:	7.11.136.188
Gefunden:	TR/BProtector.Gen2
Datum/Uhrzeit:	13.03.2014, 00:23


Typ:	Datei
Quelle:	C:\ProgramData\ENjoyCouupoon\Gni.exe
Status:	Infiziert
Quarantäne-Objekt:	553477ef.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.14.18
Virendefinitionsdatei:	7.11.135.146
Gefunden:	ADWARE/Rogue.495616.73
Datum/Uhrzeit:	07.03.2014, 16:33


Typ:	Datei
Quelle:	C:\ProgramData\ENjoyCouupoon\Gni.dll
Status:	Infiziert
Quarantäne-Objekt:	79084cca.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.14.18
Virendefinitionsdatei:	7.11.135.146
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	07.03.2014, 16:33


Typ:	Datei
Quelle:	c:\ProgramData\Intelewin filter\IntelewinfilterSvc.dll
Status:	Infiziert
Quarantäne-Objekt:	1f303cff.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.14.18
Virendefinitionsdatei:	7.11.135.146
Gefunden:	ADWARE/Adware.Gen2
Datum/Uhrzeit:	07.03.2014, 16:33


Typ:	Datei
Quelle:	c:\ProgramData\Intelewin filter\IntelewinfilterSvc.dll
Status:	Infiziert
Quarantäne-Objekt:	55f87060.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.14.18
Virendefinitionsdatei:	7.11.135.146
Gefunden:	ADWARE/Adware.Gen2
Datum/Uhrzeit:	07.03.2014, 16:17


Typ:	Datei
Quelle:	c:\ProgramData\Intelewin filter\IntelewinfilterSvc.dll
Status:	Infiziert
Quarantäne-Objekt:	4d6f5177.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.14.18
Virendefinitionsdatei:	7.11.135.146
Gefunden:	ADWARE/Adware.Gen2
Datum/Uhrzeit:	07.03.2014, 16:17


Typ:	Datei
Quelle:	C:\ProgramData\AdRRemoveerUTeube\azGP.exe
Status:	Infiziert
Quarantäne-Objekt:	5a010453.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.14.08
Virendefinitionsdatei:	7.11.131.14
Gefunden:	ADWARE/Rogue.495616.73
Datum/Uhrzeit:	12.02.2014, 18:07


Typ:	Datei
Quelle:	C:\ProgramData\AdRRemoveerUTeube\azGP.dll
Status:	Infiziert
Quarantäne-Objekt:	5ab5498d.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.180
Virendefinitionsdatei:	7.11.128.164
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	03.02.2014, 18:58


Typ:	Datei
Quelle:	C:\Users\Koray\Downloads\FlashPlayersetup__3873_i289992310_il22.exe
Status:	Infiziert
Quarantäne-Objekt:	517271ed.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.180
Virendefinitionsdatei:	7.11.127.54
Gefunden:	ADWARE/Lollipop.1.5
Datum/Uhrzeit:	25.01.2014, 17:22


Typ:	Datei
Quelle:	C:\ProgramData\DiscountExtenasui\4XXPC8G.dll
Status:	Infiziert
Quarantäne-Objekt:	5d6f3d27.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.166
Virendefinitionsdatei:	7.11.122.174
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	29.12.2013, 23:29


Typ:	Datei
Quelle:	C:\ProgramData\SaveNewaAppz\_ycU4x.dll
Status:	Infiziert
Quarantäne-Objekt:	5ad83d02.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.166
Virendefinitionsdatei:	7.11.122.174
Gefunden:	ADWARE/Adware.Gen
Datum/Uhrzeit:	29.12.2013, 23:29


Typ:	Datei
Quelle:	C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe
Status:	Infiziert
Quarantäne-Objekt:	5afc0470.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.104
Virendefinitionsdatei:	7.11.96.80
Gefunden:	ADWARE/Adware.Gen7
Datum/Uhrzeit:	11.08.2013, 16:55


Typ:	Datei
Quelle:	C:\Users\Koray\AppData\Local\Temp\JDownloaderSetup.exe
Status:	Infiziert
Quarantäne-Objekt:	59fd040c.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.236
Virendefinitionsdatei:	7.11.58.92
Gefunden:	ADWARE/InstallCore.Gen
Datum/Uhrzeit:	25.01.2013, 15:29
         
AntiMalware:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.07.2014
Scan Time: 18:55:15
Logfile: Anti Malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.09.07
Rootkit Database: v2014.07.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Koray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319984
Time Elapsed: 12 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 2
PUP.Optional.MultiPlug, C:\ProgramData\ShoopDerop\J.dll, Delete-on-Reboot, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, C:\ProgramData\ShoopDerop\J.dll, Delete-on-Reboot, [2f4c821bb2c97db9a2311e76b54c1ce4], 

Registry Keys: 70
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\SehopoDrop.SehopoDrop, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\SehopoDrop.SehopoDrop.4.7, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SehopoDrop.SehopoDrop, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SehopoDrop.SehopoDrop.4.7, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{26937694-8F4E-12B4-0678-C0AFCD1FF157}\INPROCSERVER32, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{26937694-8F4E-12B4-0678-C0AFCD1FF157}, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar.1, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar.1, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE.1, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE.1, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.SweetPacks, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}, Quarantined, [8cef1588cbb0dc5a51a3aca410f1b24e], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{51B8CDC9-EB43-4ACA-ABAF-3D0270902034}, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\AllSaver.AllSaver, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\AllSaver.AllSaver.1.4, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AllSaver.AllSaver, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AllSaver.AllSaver.1.4, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51B8CDC9-EB43-4ACA-ABAF-3D0270902034}, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51B8CDC9-EB43-4ACA-ABAF-3D0270902034}, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{51B8CDC9-EB43-4ACA-ABAF-3D0270902034}, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{51B8CDC9-EB43-4ACA-ABAF-3D0270902034}, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}, Quarantined, [e09b6e2f2f4c8aacd86c3d5b4ab79070], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}, Quarantined, [1566207dfb8060d639994d477f822dd3], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{513A1853-7CF8-2476-30A6-D0A007BD7018}, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\EXsstrauSaVings.EXsstrauSaVings, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\EXsstrauSaVings.EXsstrauSaVings.4.2, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\EXsstrauSaVings.EXsstrauSaVings, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\EXsstrauSaVings.EXsstrauSaVings.4.2, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{513A1853-7CF8-2476-30A6-D0A007BD7018}, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{513A1853-7CF8-2476-30A6-D0A007BD7018}, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{513A1853-7CF8-2476-30A6-D0A007BD7018}, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{513A1853-7CF8-2476-30A6-D0A007BD7018}, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{513A1853-7CF8-2476-30A6-D0A007BD7018}, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, Quarantined, [f3885a43b3c8e155c9e2e90f1de617e9], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [4e2d9ffeb8c3b77f5a51609842c139c7], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, Quarantined, [314acfceccafff370f9cc2367f847789], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [314a3667126959dd1d8e68904eb5827e], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, Quarantined, [81fa0a9388f3f1451dd73189e71bf907], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [1f5ce3ba5a210135030fed07a65d5ba5], 
PUP.Optional.SProtector.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, Quarantined, [0378415cdaa12a0c98100aebe71cb34d], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [413a5c415f1c9d99969006ede41fcc34], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [53281b82d0abe84ec65183369d65be42], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [a6d5415c1566cc6a2de4c62e0cf76e92], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 

Registry Values: 5
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {4933727D-20EF-11E2-981F-E8039ADF2CBA}, Quarantined, [1f5ce3ba5a210135030fed07a65d5ba5]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Y1D1Q1JtGtAtH0O0LtF1YtH1K, Quarantined, [413a5c415f1c9d99969006ede41fcc34]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {4933727D-20EF-11E2-981F-E8039ADF2CBA}, Quarantined, [a6d5415c1566cc6a2de4c62e0cf76e92]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE, 1, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL, 1, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a]

Registry Data: 2
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://searchy.easylifeapp.com/, Good: (www.google.com), Bad: (hxxp://searchy.easylifeapp.com/),Replaced,[7dfe831a77048babdafaa2f607fd46ba]
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://searchy.easylifeapp.com/, Good: (www.google.com), Bad: (hxxp://searchy.easylifeapp.com/),Replaced,[99e25f3ed0ab7bbbc80c940429db9f61]

Folders: 11
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SaveByClick.A, C:\Program Files (x86)\SaveByClick, Quarantined, [1a613a63215a68ce146f0b91f012748c], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 

Files: 648
PUP.Optional.MultiPlug, C:\ProgramData\ShoopDerop\J.dll, Delete-on-Reboot, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.MultiPlug, C:\ProgramData\ShoopDerop\J.x64.dll, Quarantined, [2f4c821bb2c97db9a2311e76b54c1ce4], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll, Quarantined, [7704c8d596e5a195db1c292c50b2619f], 
PUP.Optional.MultiPlug.A, C:\ProgramData\AllSoaverr\j8deZA16kS.exe, Quarantined, [8cef1588cbb0dc5a51a3aca410f1b24e], 
PUP.Optional.MultiPlug.A, C:\ProgramData\AllSoaverr\j8deZA16kS.x64.dll, Quarantined, [f7847e1f403b6fc715dfa8a856ab7789], 
PUP.Optional.MultiPlug, C:\ProgramData\ShoopDerop\J.exe, Quarantined, [e09b6e2f2f4c8aacd86c3d5b4ab79070], 
PUP.Optional.Multiplug, C:\ProgramData\ExstraSavvings\f4.exe, Quarantined, [1566207dfb8060d639994d477f822dd3], 
PUP.Optional.MultiPlug, C:\ProgramData\ExstraSavvings\f4.x64.dll, Quarantined, [0a71bde09edd6ec85c789bf954ad29d7], 
PUP.Optional.OpenCandy.A, C:\Users\Koray\Downloads\winamp565_full_emusic-7plus_de-de.exe, Quarantined, [4734821b4f2c171fd2b076ccaf518c74], 
PUP.Optional.SweetIM, C:\Windows\Installer\4a0058.msi, Quarantined, [116a277602792a0ca7b8d2eb7094d52b], 
PUP.Optional.Superfish.A, C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [aecdd6c7a2d96acc607c665e34ceac54], 
PUP.Optional.Superfish.A, C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [fa814d504d2e0135c6165a6a4cb67b85], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png, Quarantined, [df9c45583b40c274e44fe3b90bf7f60a], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\profile.ini, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL10B6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1249.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1259.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL126B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1324.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL13E2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL145D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL148C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL14CA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1568.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1586.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1612.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1638.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL16EF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL16FE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL171C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1799.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL17C9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL192F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL197F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1A3A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1A86.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1B0F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1BC1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1C3C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7EE6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7EF4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7F01.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7F02.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7F63.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7F89.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7F93.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7FB9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8008.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL80D2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL80E2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8103.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8115.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8181.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8197.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL81A2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL81E7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL824F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8279.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL82A1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL32D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3390.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL33E3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL33FD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL340D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL344C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3537.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3545.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3614.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3630.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3633.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL368D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3847.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL385.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL388F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL38A0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL393B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3A43.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3AD1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3B7D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3BA2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3BDC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3CE3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3CF4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3DC5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3F17.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3F25.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4001.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4040.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL407A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL40CD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4138.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL427A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC103.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC135.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC14C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC21D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC2DA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC311.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC440.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC4BB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC670.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC6BA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC7EA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC8ED.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCB00.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCBEF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCC2B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCCC1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCEDB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCF06.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLCFAF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD0D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD14C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD1B3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL520E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5229.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL525C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL52E1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5364.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5366.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5577.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL55A8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL56A9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL56D8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL579A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL58BC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL58E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL593A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5AD0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5B3D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5BDA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5C37.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5D41.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5D66.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5E6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5EA5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEBEB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEC83.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLED13.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLED70.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEE0A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEE97.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEEA9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEF95.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEFFA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF18.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF1C0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF1D3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF1EE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF23C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF2C7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF328.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF452.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF45F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF46E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF491.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF4AA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF589.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF58E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF599.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF65F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF672.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1C7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL24B8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2DFE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3296.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4357.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL518B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5EAF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6633.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7007.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7ED4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8324.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8965.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9E10.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAB72.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB394.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB85C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC085.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD1D2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDB1A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEBE9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF682.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9F53.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9F62.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9F7F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA0E2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA137.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA163.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA185.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA186.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA271.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA334.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA3B8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA3D2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA5D4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA75.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA799.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA855.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA93A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA945.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA9E8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA9EB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLA9EC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAB6C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2545.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL254F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL259D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL25FB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2687.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2713.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2762.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2793.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL28C9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL28D8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL292.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2925.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2AAC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2AAD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2ADB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2BBC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2C01.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2C42.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2DC7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7067.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL707.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7086.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL71A0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL71AD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL71CD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7201.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL722A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL73E0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL746C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL752D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL75F0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL78BA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL78BE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL78D3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL78E8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7A47.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7A6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7A9D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7AEC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7AF1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7B1A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7BF7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7C1F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7C2E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7C3E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7C70.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7C93.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7CEF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7CF0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7D14.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7D51.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7E68.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7EAF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7EB4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL7EBF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB3C8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB407.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB428.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB4BD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB4F7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB57E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB582.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB5E0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB63B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB63C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB659.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB65F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB6D5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB6EB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB78F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB792.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB796.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB7C1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB846.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDBE6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDCBE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDDF3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDE75.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDEE1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDFF7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE099.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE0BA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE0CA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE12F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE17A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE207.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE216.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE266.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE2C7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE36E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE3F1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE46A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE488.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE4D6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE50A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE584.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE591.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE5A1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE718.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE725.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE7A4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE7A5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE8EC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE95A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE9D7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLE9F6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEA03.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEAD0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEAEA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEAFD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLEB3E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL898F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8A0D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8AA8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8AF3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8BC1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8D45.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8D90.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8E03.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8E3F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8EAA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9040.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL91AE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL91BB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9252.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL93A9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL941F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL949.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL963A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL96D6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL987C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9966.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9A9F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9B97.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9BB8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9C05.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9C17.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9C8F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9D0A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL9DFA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL43CA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL43E5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL44A3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4520.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL459E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL45F8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL460C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL472F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL47FC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL480F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL489B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4974.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4981.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4AD9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4B75.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4D59.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4E4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4F8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL4F9D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5040.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5052.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5141.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL514E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF694.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF6A3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF6BE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF705.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF71C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF73D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF750.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF81C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF987.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLF9CD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFA19.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFAAB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFAC7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFBD5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFC3A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFC4C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFC52.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFCD0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLFE8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1C9B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1CA6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1CB7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1D91.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1E51.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1EC7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1F09.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1F0B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL1FE3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2051.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL21B8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL21F3.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2216.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2222.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL22CE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL233E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2429.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2464.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL24B2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6671.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL66A4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL66CF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL66D5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6710.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL672F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL67A0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL68D2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6A0A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6A0F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6AB7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6B1C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6B38.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6B7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6C3E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6C7B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6D17.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6DB5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6DC5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6EA6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6EAE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6EB1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6F7B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD266.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD377.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD3E5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD424.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD43E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD5E8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD658.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD676.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD695.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD72.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD885.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD8AA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD8F7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD958.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD978.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD989.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLD991.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDA7A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDA98.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLDA9E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLABD9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLABE5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAC49.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAC81.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLACD6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAD82.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLADBE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAE74.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAE88.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAEAC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAF73.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAFB2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLAFF0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB034.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB049.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB064.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB0BC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB0DD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB12D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB1A5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB215.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB26B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB2C4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB30E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB32C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB32D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB352.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB36F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2E04.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2E44.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2E84.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2EC2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2F5E.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL2F89.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL300.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL304.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL305.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL306F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3077.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL308.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL30F5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL30F6.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL315F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3163.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL31BF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL31E1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL31EA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL3290.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL83A4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL83BF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL83F1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL84.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8439.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL84BC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL84EA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL85AE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL85F2.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8630.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8642.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8653.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL875C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL876B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8815.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL8892.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL88E1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL892D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL893A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB861.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB873.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB88D.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB96B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLB995.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBA1F.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBA60.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBAB0.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBAE.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBD1C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBDD1.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBE61.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBE76.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBE98.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBEBC.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBEEF.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLBFEB.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC023.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNLC04C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5F53.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL5FB9.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL602A.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL607C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL60D5.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL60F7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6186.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL61C4.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL62AA.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6327.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6339.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6379.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL63E7.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL63E8.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL64CD.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL652B.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL659C.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.SaveByClick.A, C:\ProgramData\BetterSoft\SaveByClick\DNL1.tmp\DNL6623.tmp, Quarantined, [59220499d8a35fd7e68e456f42c0f30d], 
PUP.Optional.EasyLife.A, C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "hxxp://searchy.easylifeapp.com/",), Replaced,[c9b2831af289b0866a52953315efdb25]
PUP.Optional.EasyLife.A, C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "hxxp://searchy.easylifeapp.com/" ],), Replaced,[2655c6d7ec8f32040de19335996ba45c]
PUP.Optional.Babylon.A, C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), Replaced,[3645089588f3082e39faf2d694708a76]
PUP.Optional.Babylon.A, C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0);), Replaced,[47343f5e3f3c9c9ab281cff9c341ea16]
PUP.Optional.EasyLife.A, C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://searchy.easylifeapp.com/");), Replaced,[a0dbdcc19dde2511aaa8c1070df7bf41]

Physical Sectors: 0
(No malicious items detected)


(end)
         

Ende Logs Teil 1

Alt 16.08.2014, 17:25   #2
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Logs Teil 2

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:36 on 16/08/2014 (Koray)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by Koray (administrator) on KORAY-PC2 on 16-08-2014 09:40:10
Running from C:\Users\Koray\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2012-01-05] (Synaptics Incorporated)
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [485960 2014-08-12] ( )
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RadioRage EPM Support] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe [12872 2014-08-12] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe [55368 2014-08-12] (Mindspark)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe [61512 2014-08-12] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader 64] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe [71752 2014-08-12] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-189922631-1767686969-1414721043-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-28] ()
HKU\S-1-5-21-189922631-1767686969-1414721043-1001\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-26] (Adobe Systems Incorporated)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~3\INTELE~1\INTELE~2.DLL => C:\ProgramData\Intelewin filter\Intelewinfilter_x64.dll [4421632 2013-12-28] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
BootExecute: 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
URLSearchHook: HKCU - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {BDDD7933-D6F6-4868-B3AA-E7F8771698D7} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Toolbar BHO -> {48909954-14fb-4971-a7b3-47e7af10b38a} -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
BHO-x32: Search Assistant BHO -> {5848763c-2668-44ca-adbe-2999a6ee2858} -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\abs@avira.com [2014-08-15]
FF Extension: GrreauTSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\aeuoyuoz@uioo-zts.edu [2014-06-06]
FF Extension: ShopDorop - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\lkrrk@gbf-.com [2014-07-09]
FF Extension: GrueatSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\ueur12@v-znc.org [2014-06-06]
FF Extension: Fun2Save - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\zlqdvh@hxsryiiaiy.com [2014-07-09]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-02]
FF Extension: FastestFox - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-02]
FF Extension: Greasemonkey - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-09]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-20]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Koray\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Facebook voice input) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\diapelgchjnmbefdjoikdkplgejgeokh [2014-06-14]
CHR Extension: (Keep Last Two Tabs) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnmaiiahjldikaollhjobhchdbhfhgf [2014-06-06]
CHR Extension: (GrreauTSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeogpdbddfmhgheajckeenafmlpcamo [2014-05-25]
CHR Extension: (Papas Pizzeria) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi [2014-07-05]
CHR Extension: (GrueatSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpoomeiefmfccmjkkiccnhiadkjpadj [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (DiscountExtenasui) - C:\ProgramData\llebemnhkcdlikgjbemabmkgoeigphfg\ [2013-09-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [944424 2014-01-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-01-15] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2014-01-15] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-12-23] ()
R2 RadioRage_4jService; C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe [88648 2014-08-12] (COMPANYVERS_NAME)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] () [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-29] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S4 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 09:40 - 2014-08-16 09:40 - 00022236 _____ () C:\Users\Koray\Desktop\FRST.txt
2014-08-16 09:40 - 2014-08-16 09:40 - 00000000 ____D () C:\FRST
2014-08-16 09:39 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Desktop\FRST64.exe
2014-08-16 09:38 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Downloads\FRST64.exe
2014-08-16 09:36 - 2014-08-16 09:36 - 00000472 _____ () C:\Users\Koray\Downloads\defogger_disable.log
2014-08-16 09:36 - 2014-08-16 09:36 - 00000000 _____ () C:\Users\Koray\defogger_reenable
2014-08-16 09:36 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Desktop\Defogger.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Downloads\Defogger.exe
2014-08-16 09:20 - 2014-08-16 09:20 - 00000096 _____ () C:\Users\Koray\Downloads\wdr3_hq.m3u
2014-08-16 08:23 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 08:23 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 08:23 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 08:23 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 08:23 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 08:23 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 08:23 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 08:23 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 20:02 - 2014-08-15 20:08 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 20:01 - 2014-08-15 20:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 19:53 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 19:53 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 19:53 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 19:53 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 19:52 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 19:52 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 19:52 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 19:52 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 19:52 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 19:52 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 19:52 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 19:52 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 19:52 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 19:52 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 19:52 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 19:52 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 19:52 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 19:52 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 19:52 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 19:52 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 19:52 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 19:52 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 19:52 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 19:52 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 19:52 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 19:52 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 19:52 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 19:52 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 19:52 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 19:52 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 19:52 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 19:52 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 19:52 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 19:52 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 19:52 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 19:52 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 19:52 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 19:52 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 19:52 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 19:52 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 19:52 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 19:52 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 19:52 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 19:52 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 19:52 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 19:52 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 19:52 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 19:52 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 19:52 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 19:52 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 19:52 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 19:52 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 19:52 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 19:52 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 19:52 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 19:52 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 19:52 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 19:52 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 19:52 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 19:52 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 19:52 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 19:52 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 19:52 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 19:52 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 19:52 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 19:52 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 19:52 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 19:52 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 19:52 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 19:52 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 19:51 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 19:51 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 19:51 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 19:51 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 20:38 - 2014-08-12 20:38 - 00000000 ____D () C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv
2014-08-12 20:11 - 2014-08-12 20:11 - 00000000 ____D () C:\Program Files (x86)\RadioRage_4j
2014-08-12 20:10 - 2014-08-12 20:10 - 00652240 _____ () C:\Users\Koray\Downloads\Hotspot-Shield-649.exe
2014-08-12 18:23 - 2014-06-01 14:56 - 1357838144 _____ () C:\Users\Koray\Downloads\infotv-24_s02e23_720p.mkv
2014-08-12 18:23 - 2014-06-01 14:51 - 1393596147 _____ () C:\Users\Koray\Downloads\infotv-24_s02e22_720p.mkv
2014-08-12 18:22 - 2014-05-30 16:44 - 1408037068 _____ () C:\Users\Koray\Downloads\infotv-24_s02e21_720p.mkv
2014-08-12 18:21 - 2014-05-30 16:39 - 1389358618 _____ () C:\Users\Koray\Downloads\infotv-24_s02e20_720p.mkv
2014-08-12 18:21 - 2014-05-30 16:35 - 1391913674 _____ () C:\Users\Koray\Downloads\infotv-24_s02e19_720p.mkv
2014-08-12 18:20 - 2014-05-30 16:01 - 1381448332 _____ () C:\Users\Koray\Downloads\infotv-24_s02e18_720p.mkv
2014-08-12 18:19 - 2014-05-30 15:53 - 1399795667 _____ () C:\Users\Koray\Downloads\infotv-24_s02e17_720p.mkv
2014-08-12 18:19 - 2014-05-30 15:50 - 1391802465 _____ () C:\Users\Koray\Downloads\infotv-24_s02e16_720p.mkv
2014-08-12 18:18 - 2014-05-25 16:14 - 1401278695 _____ () C:\Users\Koray\Downloads\infotv-24_s02e15_720p.mkv
2014-07-21 20:21 - 2014-08-16 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 19:51 - 2014-01-11 13:46 - 00000100 _____ () C:\Users\Koray\Downloads\Share-Online.biz Premium.URL
2014-07-21 19:51 - 2014-01-11 13:44 - 00000049 _____ () C:\Users\Koray\Downloads\Uploaded.net Premium.URL
2014-07-21 19:50 - 2014-01-17 00:58 - 00000000 ____D () C:\Users\Koray\Downloads\Bibi Blocksberg
2014-07-21 19:36 - 2014-07-21 19:41 - 129021745 _____ () C:\Users\Koray\Downloads\Blocksberg.part6.rar
2014-07-21 19:34 - 2014-07-21 19:50 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part5.rar
2014-07-21 19:25 - 2014-07-21 19:46 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part4.rar
2014-07-21 19:07 - 2014-07-21 19:34 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part3.rar
2014-07-21 19:05 - 2014-07-21 19:36 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part1.rar
2014-07-21 19:05 - 2014-07-21 19:25 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part2.rar
2014-07-21 19:05 - 2014-07-21 19:07 - 39475914 _____ () C:\Users\Koray\Downloads\sdew.rar
2014-07-21 18:55 - 2014-08-12 20:12 - 00001080 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-07-21 18:54 - 2014-05-17 04:35 - 00044744 _____ (AnchorFree Inc.) C:\windows\system32\Drivers\hssdrv6.sys
2014-07-21 18:53 - 2014-08-12 20:12 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2014-07-21 18:53 - 2014-07-21 18:54 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-07-21 18:53 - 2014-07-21 18:53 - 07787136 _____ () C:\Users\Koray\Downloads\HSS-3.42-install-e-550-plain.exe
2014-07-21 18:53 - 2014-07-21 18:53 - 00000000 ____D () C:\Users\Koray\AppData\Roaming\Hotspot Shield
2014-07-21 18:53 - 2014-07-21 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 09:40 - 2014-08-16 09:40 - 00022236 _____ () C:\Users\Koray\Desktop\FRST.txt
2014-08-16 09:40 - 2014-08-16 09:40 - 00000000 ____D () C:\FRST
2014-08-16 09:38 - 2014-08-16 09:39 - 02100224 _____ (Farbar) C:\Users\Koray\Desktop\FRST64.exe
2014-08-16 09:38 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Downloads\FRST64.exe
2014-08-16 09:36 - 2014-08-16 09:36 - 00000472 _____ () C:\Users\Koray\Downloads\defogger_disable.log
2014-08-16 09:36 - 2014-08-16 09:36 - 00000000 _____ () C:\Users\Koray\defogger_reenable
2014-08-16 09:36 - 2012-10-26 10:14 - 00000000 ____D () C:\Users\Koray
2014-08-16 09:35 - 2014-08-16 09:36 - 00050477 _____ () C:\Users\Koray\Desktop\Defogger.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Downloads\Defogger.exe
2014-08-16 09:33 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 09:20 - 2014-08-16 09:20 - 00000096 _____ () C:\Users\Koray\Downloads\wdr3_hq.m3u
2014-08-16 09:17 - 2013-09-14 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 09:17 - 2012-03-12 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-16 09:16 - 2013-06-14 06:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-16 09:16 - 2012-03-13 06:08 - 00000000 ____D () C:\windows\ShellNew
2014-08-16 09:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-16 09:10 - 2013-09-14 22:35 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-08-16 09:09 - 2013-09-22 00:31 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program
2014-08-16 09:09 - 2012-10-28 01:33 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA
2014-08-16 09:09 - 2012-10-28 01:33 - 00003708 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core
2014-08-16 09:09 - 2012-10-28 01:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA.job
2014-08-16 09:09 - 2012-10-28 01:33 - 00001068 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core.job
2014-08-16 09:09 - 2012-03-12 14:59 - 00003214 _____ () C:\windows\System32\Tasks\advSRS5
2014-08-16 09:08 - 2013-07-09 20:20 - 00000000 ____D () C:\Program Files (x86)\BGII - SvA
2014-08-16 09:08 - 2012-10-26 10:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-16 09:08 - 2012-03-12 14:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-16 09:05 - 2014-02-08 18:40 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-08-16 09:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-16 08:59 - 2013-07-03 14:08 - 00000000 ____D () C:\Neverwinter Nights Diamond Edition
2014-08-16 08:54 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 08:54 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 08:53 - 2012-03-13 06:32 - 01136386 _____ () C:\windows\WindowsUpdate.log
2014-08-16 08:50 - 2012-03-12 14:36 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-08-16 08:48 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-16 08:48 - 2009-07-14 06:51 - 00158660 _____ () C:\windows\setupact.log
2014-08-16 08:48 - 2009-07-14 06:45 - 00421008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-16 08:46 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-16 08:40 - 2014-03-22 14:28 - 00000000 ____D () C:\Users\Koray\AppData\Local\Battle.net
2014-08-16 08:36 - 2013-08-14 22:52 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 08:32 - 2012-10-28 01:27 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 08:22 - 2014-05-09 22:28 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 22:39 - 2012-11-01 02:09 - 00000000 ____D () C:\Users\Koray\AppData\Roaming\vlc
2014-08-15 20:09 - 2014-08-15 20:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 20:08 - 2014-08-15 20:02 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 20:08 - 2012-10-26 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-15 20:08 - 2012-10-26 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-15 20:02 - 2012-10-26 10:39 - 00000000 ____D () C:\ProgramData\Avira
2014-08-15 19:37 - 2010-11-21 05:47 - 02056324 _____ () C:\windows\PFRO.log
2014-08-13 18:38 - 2012-03-12 14:36 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-08-13 18:31 - 2014-03-22 14:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-12 20:38 - 2014-08-12 20:38 - 00000000 ____D () C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv
2014-08-12 20:12 - 2014-07-21 18:55 - 00001080 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-08-12 20:12 - 2014-07-21 18:53 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2014-08-12 20:11 - 2014-08-12 20:11 - 00000000 ____D () C:\Program Files (x86)\RadioRage_4j
2014-08-12 20:10 - 2014-08-12 20:10 - 00652240 _____ () C:\Users\Koray\Downloads\Hotspot-Shield-649.exe
2014-08-12 20:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Resources
2014-08-12 18:18 - 2012-03-13 06:20 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-08-12 18:18 - 2012-03-13 06:20 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-08-12 18:18 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-10 21:47 - 2012-10-28 13:07 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-07 04:06 - 2014-08-15 19:51 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 19:51 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-06 19:44 - 2014-03-22 14:33 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-02 12:21 - 2013-06-08 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 01:41 - 2014-08-15 19:52 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 19:52 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-27 09:33 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 09:33 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 00:41 - 2013-03-13 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 21:57 - 2013-05-07 17:47 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-26 21:56 - 2012-12-27 21:24 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-26 21:56 - 2012-12-27 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-25 16:52 - 2014-08-15 19:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 19:52 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 19:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 19:52 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 19:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 19:52 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-15 19:52 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-15 19:52 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 19:52 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 19:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 19:52 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 19:52 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 19:52 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 19:52 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-15 19:52 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-15 19:52 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 19:52 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 19:52 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 19:52 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 19:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 19:52 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 19:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 19:52 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-15 19:52 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-15 19:52 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 19:52 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 19:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 19:52 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-15 19:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-15 19:52 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 19:52 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 19:52 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 19:52 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 19:52 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 19:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 19:52 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 19:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 19:52 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 19:52 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 19:52 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 19:52 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 19:52 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 19:52 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 19:52 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-15 19:52 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 19:52 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 19:52 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 19:52 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 19:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 19:52 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 19:52 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 19:52 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 19:52 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 19:52 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-21 22:47 - 2014-02-12 10:09 - 00000000 ____D () C:\Users\Koray\Downloads\Atlantis.Die.Rueckkehr.2003.GERMAN.AC3D.DL.1080p.BluRay.x264-iNFOTv
2014-07-21 22:46 - 2014-02-12 10:43 - 00000000 ____D () C:\Users\Koray\Downloads\Atlantis.Das.Geheimnis.der.verlorenen.Stadt.2001.GERMAN.AC3D.DL.1080p.BluRay.x264-iNFOTv
2014-07-21 19:50 - 2014-07-21 19:34 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part5.rar
2014-07-21 19:46 - 2014-07-21 19:25 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part4.rar
2014-07-21 19:41 - 2014-07-21 19:36 - 129021745 _____ () C:\Users\Koray\Downloads\Blocksberg.part6.rar
2014-07-21 19:36 - 2014-07-21 19:05 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part1.rar
2014-07-21 19:34 - 2014-07-21 19:07 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part3.rar
2014-07-21 19:25 - 2014-07-21 19:05 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part2.rar
2014-07-21 19:07 - 2014-07-21 19:05 - 39475914 _____ () C:\Users\Koray\Downloads\sdew.rar
2014-07-21 18:54 - 2014-07-21 18:53 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-07-21 18:53 - 2014-07-21 18:53 - 07787136 _____ () C:\Users\Koray\Downloads\HSS-3.42-install-e-550-plain.exe
2014-07-21 18:53 - 2014-07-21 18:53 - 00000000 ____D () C:\Users\Koray\AppData\Roaming\Hotspot Shield
2014-07-21 18:53 - 2014-07-21 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield

Some content of TEMP:
====================
C:\Users\Koray\AppData\Local\Temp\avgnt.exe
C:\Users\Koray\AppData\Local\Temp\ose00000.exe
C:\Users\Koray\AppData\Local\Temp\Quarantine.exe
C:\Users\Koray\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 23:03

==================== End Of Log ============================
         
--- --- ---


Additional FRST:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by Koray at 2014-08-16 09:40:53
Running from C:\Users\Koray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
calibre (HKLM-x32\...\{0B11C568-7E39-4105-B26F-F0E84A0E1C46}) (Version: 1.9.0 - Kovid Goyal)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4813b - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.4813b - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4207 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4207 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3706.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3706.52 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.47 - Samsung)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.03 - Ubisoft)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.63.3.WIN.FullTilt.EU - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Geneforge 1 (HKLM-x32\...\Steam App 200960) (Version:  - Spiderweb Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4501.1952 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotspot Shield 3.32 (HKLM-x32\...\HotspotShield) (Version: 3.32 - AnchorFree Inc.)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
King Arthur - The Role-playing Wargame (HKLM-x32\...\Steam App 24400) (Version:  - Neocore Games)
Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version:  - Ironhide Game Studio)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Magic: The Gathering – Tactics (HKLM-x32\...\Steam App 201190) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mars: War Logs (HKLM-x32\...\Steam App 232750) (Version:  - Spiders)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM-x32\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version:  - )
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{A86C7338-BE18-4770-AA25-138513D89B0D}) (Version: 1.1 - )
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.1111 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pandora: First Contact (HKLM-x32\...\Steam App 287580) (Version:  - Proxy Studios)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RadioRage Internet Explorer Toolbar (HKLM-x32\...\RadioRage_4jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
S Agent (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.2 - Samsung)
SaveByClick (HKLM\...\{9849AA36-D81F-47D4-A53F-903D43AA88C0}) (Version: 1.0 - SaveByClick) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SW Update (HKLM-x32\...\{90FC0842-61FC-4E1B-B96C-207F798C374F}) (Version: 2.1.2 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.40.0 - Synaptics Incorporated)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Elder Scrolls V - Skyrim (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TPG MTA Client 2010 (HKLM\...\{8E88A516-3611-4CAC-BA3C-249C7CBDDD79}) (Version: 3.0.1.7 - The Project Group GmbH)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.1 - )
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version:  - )
Ys I (HKLM-x32\...\Steam App 223810) (Version:  - Nihon Falcom)
Ys II (HKLM-x32\...\Steam App 223870) (Version:  - Nihon Falcom)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-08-2014 08:04:38 Geplanter Prüfpunkt
10-08-2014 16:00:13 Geplanter Prüfpunkt
16-08-2014 06:19:41 Windows Update
16-08-2014 07:02:15 Removed Street Fighter X Tekken
16-08-2014 07:05:28 Konfiguriert Dynasty Warriors 6
16-08-2014 07:09:41 TuneUp Utilities 2014 wird entfernt
16-08-2014 07:10:15 Removed TuneUp Utilities 2014 (en-US)
16-08-2014 07:15:30 Removed Microsoft Project Professional 2013
16-08-2014 07:15:40 PRJPRO

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DEEE33D-24DD-4EBC-8BD8-647913BF195C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-12-19] (SEC)
Task: {1F7615DE-3DCB-4CDE-AFA3-9835DCD3C9F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {2107B118-A1C4-4C0A-80C0-576417473C1B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {2BC27100-6FAA-4D52-B08C-4693EE8AE2E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {37092E36-A8AB-49BA-808A-A119F209868F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3E4E67A9-5486-4499-A292-FF3D3E03BF50} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-25] (Samsung Electronics CO., LTD.)
Task: {4F567DFB-121E-4097-9B99-639636F53BC2} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {7479C151-9FAD-4AC8-A651-06B0AC54DEC2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {77688060-EF09-423E-9FBE-56F863A7B3CF} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {81316694-DAB7-4653-9C7B-0BC2F7387668} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {865F321A-4DB7-4C3E-B252-5B77ED92B1F5} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-12-08] (SAMSUNG Electronics)
Task: {891E00C2-5EE6-454A-B1DC-6602E1BD3B38} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {B04CE76A-E87F-4534-BB48-AF22EC9BD6EE} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-28] (Samsung Electronics CO., LTD.)
Task: {B9BC9E63-94F9-43DC-B483-4FD7F489123D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {C7453717-806A-44A4-92DE-113B4DA3CDEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {C7C89124-6E34-459A-B18B-C97852B257DC} - System32\Tasks\Google Updater and Installer => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {CED0355C-BD6B-46F0-8173-922AAD2BBAB6} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {E309560E-6FD3-42CB-941A-35EEC451E981} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {E3B5F879-3667-4FAB-964E-FF4254620300} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {E76B2F66-B35D-41C6-A07A-6358173C92D4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {FB409B8D-827B-4DF4-85CE-98E76633F915} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core.job => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA.job => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2014-01-15 01:29 - 2014-01-15 01:29 - 00555304 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2012-12-23 23:39 - 2012-12-23 23:39 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-03-12 15:47 - 2009-11-30 17:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-29 10:59 - 2012-02-13 16:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-03-12 14:38 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-06 04:29 - 2012-01-05 10:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-12 14:36 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-01-15 01:23 - 2014-01-15 01:23 - 00937768 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-01-15 01:30 - 2014-01-15 01:30 - 00514344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2012-10-29 10:59 - 2011-02-17 02:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-10-29 10:59 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-08-15 20:02 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Koray\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-07-21 20:21 - 2014-07-21 20:22 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-26 21:56 - 2014-07-26 21:56 - 17029808 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2012-03-12 14:36 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Koray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                         
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EPSON Stylus DX4400 Series => C:\windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\windows\TEMP\E_S6641.tmp" /EF "HKCU"
MSCONFIG\startupreg: Google Update => "C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: SecureGuard Driver
Description: SecureGuard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Phoenix
Service: SGDrv
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2014 09:36:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/16/2014 09:10:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17239, Zeitstempel: 0x53d22ad9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005339d
ID des fehlerhaften Prozesses: 0x1594
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (08/16/2014 08:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 08:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17207, Zeitstempel: 0x53a20d78
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005339d
ID des fehlerhaften Prozesses: 0x123c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (08/16/2014 08:11:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 08:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17207, Zeitstempel: 0x53a20d78
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005339d
ID des fehlerhaften Prozesses: 0x15e0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (08/15/2014 07:39:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 08:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17207, Zeitstempel: 0x53a20d78
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005339d
ID des fehlerhaften Prozesses: 0x1bec
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (08/12/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17207, Zeitstempel: 0x53a20d78
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005339d
ID des fehlerhaften Prozesses: 0x197c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (08/12/2014 08:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17207, Zeitstempel: 0x53a20d78
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005339d
ID des fehlerhaften Prozesses: 0x7d8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3


System errors:
=============
Error: (08/16/2014 08:51:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/16/2014 08:51:20 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/16/2014 08:51:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/16/2014 08:13:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/16/2014 08:13:19 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/16/2014 08:13:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/15/2014 07:40:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/15/2014 07:40:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/15/2014 07:40:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/13/2014 06:29:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (08/16/2014 09:36:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Koray\Downloads\esetsmartinstaller_deu.exe

Error: (08/16/2014 09:10:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1723953d22ad9ntdll.dll6.1.7601.18247521eaf24c0000005000000000005339d159401cfb92120b31251C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll5fccf893-2514-11e4-87ad-c4850839309f

Error: (08/16/2014 08:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 08:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1720753a20d78ntdll.dll6.1.7601.18247521eaf24c0000005000000000005339d123c01cfb91d24ad6c93C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll660ce3ca-2510-11e4-8147-c4850839309f

Error: (08/16/2014 08:11:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 08:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1720753a20d78ntdll.dll6.1.7601.18247521eaf24c0000005000000000005339d15e001cfb8b33068ae5eC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll6edd08a4-24a6-11e4-85a0-c4850839309f

Error: (08/15/2014 07:39:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 08:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1720753a20d78ntdll.dll6.1.7601.18247521eaf24c0000005000000000005339d1bec01cfb65d33f00929C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll724c9555-2250-11e4-bc48-c4850839309f

Error: (08/12/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1720753a20d78ntdll.dll6.1.7601.18247521eaf24c0000005000000000005339d197c01cfb65a68b46bd6C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlla77c8ca6-224d-11e4-bc48-c4850839309f

Error: (08/12/2014 08:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1720753a20d78ntdll.dll6.1.7601.18247521eaf24c0000005000000000005339d7d801cfb659b5f56d01C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllf4b1cdd5-224c-11e4-bc48-c4850839309f


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8089.43 MB
Available physical RAM: 5151.01 MB
Total Pagefile: 16177.03 MB
Available Pagefile: 13064.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.43 GB) (Free:334.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8D8AB3F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=27)

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-16 16:50:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Koray\AppData\Local\Temp\fglorpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1100] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076ae1465 2 bytes [AE, 76]
.text    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1100] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000076ae14bb 2 bytes [AE, 76]
.text    ...                                                                                                                            * 2
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                        00000000729a1a22 2 bytes [9A, 72]
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                        00000000729a1ad0 2 bytes [9A, 72]
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                        00000000729a1b08 2 bytes [9A, 72]
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                        00000000729a1bba 2 bytes [9A, 72]
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                        00000000729a1bda 2 bytes [9A, 72]
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076ae1465 2 bytes [AE, 76]
.text    C:\windows\SysWOW64\PnkBstrA.exe[1444] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000076ae14bb 2 bytes [AE, 76]
.text    ...                                                                                                                            * 2
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076ae1465 2 bytes [AE, 76]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076ae14bb 2 bytes [AE, 76]
.text    ...                                                                                                                            * 2
.text    C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[4260] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076ae1465 2 bytes [AE, 76]
.text    C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe[4260] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000076ae14bb 2 bytes [AE, 76]
.text    ...                                                                                                                            * 2
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4480] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69       0000000076ae1465 2 bytes [AE, 76]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4480] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155      0000000076ae14bb 2 bytes [AE, 76]
.text    ...                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1432] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076ae1465 2 bytes [AE, 76]
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1432] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000076ae14bb 2 bytes [AE, 76]
.text    ...                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3732:3748]                                                         0000000074d97587
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3732:3752]                                                         0000000069367712
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3732:3788]                                                         0000000076f42e65
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3732:4388]                                                         0000000076f43e85
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3732:5288]                                                         0000000076f43e85
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3732:3048]                                                         0000000076f43e85
---- Processes - GMER 2.1 ----

Library  Ì÷Õà]H (*** suspicious ***) @ C:\windows\Explorer.EXE [796]                                                                   000007fef3050000
Library  Ì÷Õà]H (*** suspicious ***) @ C:\windows\Explorer.EXE [796]                                                                   000007fef1a50000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\448500035e34                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\448500047521                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4850839309f                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\448500035e34 (not active ControlSet)                                
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\448500047521 (not active ControlSet)                                
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4850839309f (not active ControlSet)                                

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________


Alt 19.08.2014, 10:05   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Hi und

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
__________________

Alt 19.08.2014, 20:12   #4
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Hallo cosinus,
danke für deine Hilfe. Ich habe die von dir vorgeschlagenen Schritte durchgeführt.
Hier die Ergebnisse:

Code:
ATTFilter
# AdwCleaner v3.307 - Bericht erstellt am 19/08/2014 um 20:45:07
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Koray - KORAY-PC2
# Gestartet von : C:\Users\Koray\Desktop\adwcleaner_3.307.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : hshld
[#] Dienst Gelöscht : hsstrayservice
Dienst Gelöscht : hsswd
Dienst Gelöscht : RadioRage_4jService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\hotspot shield
Ordner Gelöscht : C:\ProgramData\ShoopDerop
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gelöscht : C:\Program Files (x86)\hotspot shield
Ordner Gelöscht : C:\Program Files (x86)\RadioRage_4j
Ordner Gelöscht : C:\Users\Koray\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\Koray\AppData\LocalLow\RadioRage_4j
Ordner Gelöscht : C:\Users\Koray\AppData\Roaming\hotspot shield
Datei Gelöscht : C:\windows\System32\GroupPolicy\Machine\Registry.pol
Datei Gelöscht : C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioRage EPM Support]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioRage_4j Browser Plugin Loader]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioRage_4j Browser Plugin Loader 64]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6562E272-88E1-4DFF-8FF8-FE1A05323D36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78BA36C9-6036-482B-B48D-ECCA6F964B84}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\RadioRage_4j
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RadioRage_4j
Schlüssel Gelöscht : HKLM\SOFTWARE\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\RadioRage_4j
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Internet Explorer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ Datei : C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.2Wj92qhVmuR4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Zeile gelöscht : user_pref("extensions.3_KWD2a.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Zeile gelöscht : user_pref("extensions.Oj46qW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Zeile gelöscht : user_pref("extensions.xtL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]

-\\ Google Chrome v

[ Datei : C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7842 octets] - [09/07/2014 19:33:29]
AdwCleaner[R1].txt - [1050 octets] - [09/07/2014 19:40:34]
AdwCleaner[R2].txt - [13891 octets] - [19/08/2014 20:43:21]
AdwCleaner[S0].txt - [7817 octets] - [09/07/2014 19:34:31]
AdwCleaner[S1].txt - [1112 octets] - [09/07/2014 19:41:39]
AdwCleaner[S2].txt - [13611 octets] - [19/08/2014 20:45:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [13672 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Koray on 19.08.2014 at 20:55:31,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\radiorage search scope monitor



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Koray\AppData\Roaming\mozilla\firefox\profiles\3amg5ddl.default\prefs.js

user_pref("extensions.2Wj92qhVmuR4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com
user_pref("extensions.3_KWD2a.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-
user_pref("extensions.Oj46qW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1
user_pref("extensions.xtL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u
Emptied folder: C:\Users\Koray\AppData\Roaming\mozilla\firefox\profiles\3amg5ddl.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.08.2014 at 21:00:17,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Koray (administrator) on KORAY-PC2 on 19-08-2014 21:02:16
Running from C:\Users\Koray\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2012-01-05] (Synaptics Incorporated)
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => "C:\PROGRA~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~3\INTELE~1\INTELE~2.DLL => C:\ProgramData\Intelewin filter\Intelewinfilter_x64.dll [4421632 2013-12-28] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
BootExecute: 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {BDDD7933-D6F6-4868-B3AA-E7F8771698D7} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\abs@avira.com [2014-08-18]
FF Extension: GrreauTSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\aeuoyuoz@uioo-zts.edu [2014-06-06]
FF Extension: ShopDorop - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\lkrrk@gbf-.com [2014-07-09]
FF Extension: GrueatSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\ueur12@v-znc.org [2014-06-06]
FF Extension: Fun2Save - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\zlqdvh@hxsryiiaiy.com [2014-07-09]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-02]
FF Extension: FastestFox - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-02]
FF Extension: Greasemonkey - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-09]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-08-16]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-20]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "https://www.google.de/"
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Koray\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Facebook voice input) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\diapelgchjnmbefdjoikdkplgejgeokh [2014-06-14]
CHR Extension: (Keep Last Two Tabs) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnmaiiahjldikaollhjobhchdbhfhgf [2014-06-06]
CHR Extension: (GrreauTSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeogpdbddfmhgheajckeenafmlpcamo [2014-05-25]
CHR Extension: (Papas Pizzeria) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi [2014-07-05]
CHR Extension: (GrueatSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpoomeiefmfccmjkkiccnhiadkjpadj [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (DiscountExtenasui) - C:\ProgramData\llebemnhkcdlikgjbemabmkgoeigphfg\ [2013-09-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-12-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] () [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-29] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S4 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 21:02 - 2014-08-19 21:02 - 00020085 _____ () C:\Users\Koray\Desktop\FRST.txt
2014-08-19 21:02 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\Koray\Desktop\FRST-OlderVersion
2014-08-19 21:01 - 2014-08-19 21:01 - 00008850 _____ () C:\Users\Koray\Desktop\Help.odt
2014-08-19 21:00 - 2014-08-19 21:00 - 00001831 _____ () C:\Users\Koray\Desktop\JRT.txt
2014-08-19 20:51 - 2014-08-19 20:51 - 01101648 _____ () C:\Users\Koray\Desktop\Junkware Removal Tool - CHIP-Installer.exe
2014-08-19 20:47 - 2014-08-19 20:47 - 00013849 _____ () C:\Users\Koray\Desktop\AdwCleaner[S2].txt
2014-08-19 20:42 - 2014-08-19 20:42 - 01361671 _____ () C:\Users\Koray\Desktop\adwcleaner_3.307.exe
2014-08-16 17:33 - 2014-08-16 17:33 - 00108471 _____ () C:\Users\Koray\Desktop\Malwarebytes Anti Malware.txt
2014-08-16 17:30 - 2014-08-16 17:30 - 00019298 _____ () C:\Users\Koray\Desktop\Quarantine Antivir.txt
2014-08-16 16:50 - 2014-08-16 16:50 - 00006457 _____ () C:\Users\Koray\Desktop\Gmer.log
2014-08-16 09:50 - 2014-08-16 09:50 - 00380416 _____ () C:\Users\Koray\Desktop\Gmer-19357.exe
2014-08-16 09:40 - 2014-08-19 21:02 - 00000000 ____D () C:\FRST
2014-08-16 09:40 - 2014-08-16 09:41 - 00055681 _____ () C:\Users\Koray\Desktop\16_8_2014 Addition.txt
2014-08-16 09:40 - 2014-08-16 09:41 - 00053421 _____ () C:\Users\Koray\Desktop\16_8_2014 FRST.txt
2014-08-16 09:39 - 2014-08-19 21:02 - 02101760 _____ (Farbar) C:\Users\Koray\Desktop\FRST64.exe
2014-08-16 09:38 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Downloads\FRST64.exe
2014-08-16 09:36 - 2014-08-16 09:36 - 00000472 _____ () C:\Users\Koray\Desktop\defogger_disable.log
2014-08-16 09:36 - 2014-08-16 09:36 - 00000000 _____ () C:\Users\Koray\defogger_reenable
2014-08-16 09:36 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Desktop\Defogger.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Downloads\Defogger.exe
2014-08-16 09:33 - 2014-08-16 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 09:20 - 2014-08-16 09:20 - 00000096 _____ () C:\Users\Koray\Downloads\wdr3_hq.m3u
2014-08-16 08:23 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 08:23 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 08:23 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 08:23 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 08:23 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 08:23 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 08:23 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 08:23 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 20:02 - 2014-08-15 20:08 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 20:01 - 2014-08-15 20:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 19:53 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 19:53 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 19:53 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 19:53 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 19:52 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 19:52 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 19:52 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 19:52 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 19:52 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 19:52 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 19:52 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 19:52 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 19:52 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 19:52 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 19:52 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 19:52 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 19:52 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 19:52 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 19:52 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 19:52 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 19:52 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 19:52 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 19:52 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 19:52 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 19:52 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 19:52 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 19:52 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 19:52 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 19:52 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 19:52 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 19:52 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 19:52 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 19:52 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 19:52 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 19:52 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 19:52 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 19:52 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 19:52 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 19:52 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 19:52 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 19:52 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 19:52 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 19:52 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 19:52 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 19:52 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 19:52 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 19:52 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 19:52 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 19:52 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 19:52 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 19:52 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 19:52 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 19:52 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 19:52 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 19:52 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 19:52 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 19:52 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 19:52 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 19:52 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 19:52 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 19:52 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 19:52 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 19:52 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 19:52 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 19:52 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 19:52 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 19:52 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 19:52 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 19:52 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 19:52 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 19:51 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 19:51 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 19:51 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 19:51 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 20:38 - 2014-08-12 20:38 - 00000000 ____D () C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv
2014-08-12 20:10 - 2014-08-12 20:10 - 00652240 _____ () C:\Users\Koray\Downloads\Hotspot-Shield-649.exe
2014-08-12 18:23 - 2014-06-01 14:56 - 1357838144 _____ () C:\Users\Koray\Downloads\infotv-24_s02e23_720p.mkv
2014-08-12 18:23 - 2014-06-01 14:51 - 1393596147 _____ () C:\Users\Koray\Downloads\infotv-24_s02e22_720p.mkv
2014-08-12 18:22 - 2014-05-30 16:44 - 1408037068 _____ () C:\Users\Koray\Downloads\infotv-24_s02e21_720p.mkv
2014-08-12 18:21 - 2014-05-30 16:39 - 1389358618 _____ () C:\Users\Koray\Downloads\infotv-24_s02e20_720p.mkv
2014-08-12 18:21 - 2014-05-30 16:35 - 1391913674 _____ () C:\Users\Koray\Downloads\infotv-24_s02e19_720p.mkv
2014-08-12 18:20 - 2014-05-30 16:01 - 1381448332 _____ () C:\Users\Koray\Downloads\infotv-24_s02e18_720p.mkv
2014-08-12 18:19 - 2014-05-30 15:53 - 1399795667 _____ () C:\Users\Koray\Downloads\infotv-24_s02e17_720p.mkv
2014-07-21 19:51 - 2014-01-11 13:46 - 00000100 _____ () C:\Users\Koray\Downloads\Share-Online.biz Premium.URL
2014-07-21 19:51 - 2014-01-11 13:44 - 00000049 _____ () C:\Users\Koray\Downloads\Uploaded.net Premium.URL
2014-07-21 19:50 - 2014-01-17 00:58 - 00000000 ____D () C:\Users\Koray\Downloads\Bibi Blocksberg
2014-07-21 19:36 - 2014-07-21 19:41 - 129021745 _____ () C:\Users\Koray\Downloads\Blocksberg.part6.rar
2014-07-21 19:34 - 2014-07-21 19:50 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part5.rar
2014-07-21 19:25 - 2014-07-21 19:46 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part4.rar
2014-07-21 19:07 - 2014-07-21 19:34 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part3.rar
2014-07-21 19:05 - 2014-07-21 19:36 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part1.rar
2014-07-21 19:05 - 2014-07-21 19:25 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part2.rar
2014-07-21 19:05 - 2014-07-21 19:07 - 39475914 _____ () C:\Users\Koray\Downloads\sdew.rar
2014-07-21 18:55 - 2014-08-18 13:19 - 00001008 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-07-21 18:54 - 2014-05-17 04:35 - 00044744 _____ (AnchorFree Inc.) C:\windows\system32\Drivers\hssdrv6.sys
2014-07-21 18:53 - 2014-07-21 18:53 - 07787136 _____ () C:\Users\Koray\Downloads\HSS-3.42-install-e-550-plain.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 21:03 - 2014-08-19 21:02 - 00020085 _____ () C:\Users\Koray\Desktop\FRST.txt
2014-08-19 21:02 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\Koray\Desktop\FRST-OlderVersion
2014-08-19 21:02 - 2014-08-16 09:40 - 00000000 ____D () C:\FRST
2014-08-19 21:02 - 2014-08-16 09:39 - 02101760 _____ (Farbar) C:\Users\Koray\Desktop\FRST64.exe
2014-08-19 21:01 - 2014-08-19 21:01 - 00008850 _____ () C:\Users\Koray\Desktop\Help.odt
2014-08-19 21:00 - 2014-08-19 21:00 - 00001831 _____ () C:\Users\Koray\Desktop\JRT.txt
2014-08-19 20:55 - 2009-07-14 06:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:55 - 2009-07-14 06:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:51 - 2014-08-19 20:51 - 01101648 _____ () C:\Users\Koray\Desktop\Junkware Removal Tool - CHIP-Installer.exe
2014-08-19 20:48 - 2012-10-28 01:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA.job
2014-08-19 20:47 - 2014-08-19 20:47 - 00013849 _____ () C:\Users\Koray\Desktop\AdwCleaner[S2].txt
2014-08-19 20:46 - 2012-03-12 14:36 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-08-19 20:46 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-19 20:46 - 2009-07-14 06:51 - 00158940 _____ () C:\windows\setupact.log
2014-08-19 20:45 - 2014-07-09 19:33 - 00000000 ____D () C:\AdwCleaner
2014-08-19 20:45 - 2012-03-13 06:32 - 01212367 _____ () C:\windows\WindowsUpdate.log
2014-08-19 20:45 - 2010-11-21 05:47 - 02058152 _____ () C:\windows\PFRO.log
2014-08-19 20:42 - 2014-08-19 20:42 - 01361671 _____ () C:\Users\Koray\Desktop\adwcleaner_3.307.exe
2014-08-19 20:32 - 2009-07-14 06:45 - 00421008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-18 21:41 - 2012-11-01 02:09 - 00000000 ____D () C:\Users\Koray\AppData\Roaming\vlc
2014-08-18 20:26 - 2012-10-26 10:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-18 18:46 - 2014-03-22 14:28 - 00000000 ____D () C:\Users\Koray\AppData\Local\Battle.net
2014-08-18 18:46 - 2012-03-12 14:36 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-08-18 13:19 - 2014-07-21 18:55 - 00001008 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-08-18 10:09 - 2013-06-08 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-18 10:09 - 2012-10-28 01:33 - 00001068 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core.job
2014-08-16 17:33 - 2014-08-16 17:33 - 00108471 _____ () C:\Users\Koray\Desktop\Malwarebytes Anti Malware.txt
2014-08-16 17:31 - 2014-07-09 18:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 17:30 - 2014-08-16 17:30 - 00019298 _____ () C:\Users\Koray\Desktop\Quarantine Antivir.txt
2014-08-16 16:50 - 2014-08-16 16:50 - 00006457 _____ () C:\Users\Koray\Desktop\Gmer.log
2014-08-16 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-16 09:50 - 2014-08-16 09:50 - 00380416 _____ () C:\Users\Koray\Desktop\Gmer-19357.exe
2014-08-16 09:41 - 2014-08-16 09:40 - 00055681 _____ () C:\Users\Koray\Desktop\16_8_2014 Addition.txt
2014-08-16 09:41 - 2014-08-16 09:40 - 00053421 _____ () C:\Users\Koray\Desktop\16_8_2014 FRST.txt
2014-08-16 09:38 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Downloads\FRST64.exe
2014-08-16 09:36 - 2014-08-16 09:36 - 00000472 _____ () C:\Users\Koray\Desktop\defogger_disable.log
2014-08-16 09:36 - 2014-08-16 09:36 - 00000000 _____ () C:\Users\Koray\defogger_reenable
2014-08-16 09:36 - 2012-10-26 10:14 - 00000000 ____D () C:\Users\Koray
2014-08-16 09:35 - 2014-08-16 09:36 - 00050477 _____ () C:\Users\Koray\Desktop\Defogger.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Downloads\Defogger.exe
2014-08-16 09:33 - 2014-08-16 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 09:20 - 2014-08-16 09:20 - 00000096 _____ () C:\Users\Koray\Downloads\wdr3_hq.m3u
2014-08-16 09:17 - 2013-09-14 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 09:17 - 2012-03-12 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-16 09:16 - 2013-06-14 06:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-16 09:16 - 2012-03-13 06:08 - 00000000 ____D () C:\windows\ShellNew
2014-08-16 09:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-16 09:10 - 2013-09-14 22:35 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-08-16 09:09 - 2013-09-22 00:31 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program
2014-08-16 09:09 - 2012-10-28 01:33 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA
2014-08-16 09:09 - 2012-10-28 01:33 - 00003708 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core
2014-08-16 09:09 - 2012-03-12 14:59 - 00003214 _____ () C:\windows\System32\Tasks\advSRS5
2014-08-16 09:08 - 2013-07-09 20:20 - 00000000 ____D () C:\Program Files (x86)\BGII - SvA
2014-08-16 09:08 - 2012-03-12 14:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-16 09:05 - 2014-02-08 18:40 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-08-16 09:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-16 08:59 - 2013-07-03 14:08 - 00000000 ____D () C:\Neverwinter Nights Diamond Edition
2014-08-16 08:46 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-16 08:36 - 2013-08-14 22:52 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 08:32 - 2012-10-28 01:27 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 08:22 - 2014-05-09 22:28 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 20:09 - 2014-08-15 20:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 20:08 - 2014-08-15 20:02 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 20:08 - 2012-10-26 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-15 20:08 - 2012-10-26 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-15 20:02 - 2012-10-26 10:39 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 18:31 - 2014-03-22 14:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-12 20:38 - 2014-08-12 20:38 - 00000000 ____D () C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv
2014-08-12 20:10 - 2014-08-12 20:10 - 00652240 _____ () C:\Users\Koray\Downloads\Hotspot-Shield-649.exe
2014-08-12 20:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Resources
2014-08-12 18:18 - 2012-03-13 06:20 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-08-12 18:18 - 2012-03-13 06:20 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-08-12 18:18 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-10 21:47 - 2012-10-28 13:07 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-07 04:06 - 2014-08-15 19:51 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 19:51 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-06 19:44 - 2014-03-22 14:33 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-01 01:41 - 2014-08-15 19:52 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 19:52 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-27 09:33 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 09:33 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 00:41 - 2013-03-13 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 21:57 - 2013-05-07 17:47 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-26 21:56 - 2012-12-27 21:24 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-26 21:56 - 2012-12-27 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-25 16:52 - 2014-08-15 19:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 19:52 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 19:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 19:52 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 19:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 19:52 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-15 19:52 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-15 19:52 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 19:52 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 19:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 19:52 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 19:52 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 19:52 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 19:52 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-15 19:52 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-15 19:52 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 19:52 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 19:52 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 19:52 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 19:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 19:52 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 19:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 19:52 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-15 19:52 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-15 19:52 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 19:52 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 19:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 19:52 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-15 19:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-15 19:52 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 19:52 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 19:52 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 19:52 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 19:52 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 19:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 19:52 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 19:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 19:52 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 19:52 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 19:52 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 19:52 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 19:52 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 19:52 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 19:52 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-15 19:52 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 19:52 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 19:52 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 19:52 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 19:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 19:52 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 19:52 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 19:52 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 19:52 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 19:52 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-21 22:47 - 2014-02-12 10:09 - 00000000 ____D () C:\Users\Koray\Downloads\Atlantis.Die.Rueckkehr.2003.GERMAN.AC3D.DL.1080p.BluRay.x264-iNFOTv
2014-07-21 22:46 - 2014-02-12 10:43 - 00000000 ____D () C:\Users\Koray\Downloads\Atlantis.Das.Geheimnis.der.verlorenen.Stadt.2001.GERMAN.AC3D.DL.1080p.BluRay.x264-iNFOTv
2014-07-21 19:50 - 2014-07-21 19:34 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part5.rar
2014-07-21 19:46 - 2014-07-21 19:25 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part4.rar
2014-07-21 19:41 - 2014-07-21 19:36 - 129021745 _____ () C:\Users\Koray\Downloads\Blocksberg.part6.rar
2014-07-21 19:36 - 2014-07-21 19:05 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part1.rar
2014-07-21 19:34 - 2014-07-21 19:07 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part3.rar
2014-07-21 19:25 - 2014-07-21 19:05 - 524288000 _____ () C:\Users\Koray\Downloads\Blocksberg.part2.rar
2014-07-21 19:07 - 2014-07-21 19:05 - 39475914 _____ () C:\Users\Koray\Downloads\sdew.rar
2014-07-21 18:53 - 2014-07-21 18:53 - 07787136 _____ () C:\Users\Koray\Downloads\HSS-3.42-install-e-550-plain.exe

Some content of TEMP:
====================
C:\Users\Koray\AppData\Local\Temp\avgnt.exe
C:\Users\Koray\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 09:40

==================== End Of Log ============================
         
--- --- ---

Alt 19.08.2014, 22:21   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.08.2014, 16:16   #6
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Hallo cosinus,

da hab ich wohl net aufgepasst

hier der angeforderte Scan:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Koray at 2014-08-20 13:32:36
Running from C:\Users\Koray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
calibre (HKLM-x32\...\{0B11C568-7E39-4105-B26F-F0E84A0E1C46}) (Version: 1.9.0 - Kovid Goyal)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4813b - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.4813b - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4207 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4207 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3706.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3706.52 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.47 - Samsung)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.03 - Ubisoft)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.63.3.WIN.FullTilt.EU - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Geneforge 1 (HKLM-x32\...\Steam App 200960) (Version:  - Spiderweb Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4501.1952 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
King Arthur - The Role-playing Wargame (HKLM-x32\...\Steam App 24400) (Version:  - Neocore Games)
Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version:  - Ironhide Game Studio)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Magic: The Gathering – Tactics (HKLM-x32\...\Steam App 201190) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mars: War Logs (HKLM-x32\...\Steam App 232750) (Version:  - Spiders)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM-x32\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version:  - )
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{A86C7338-BE18-4770-AA25-138513D89B0D}) (Version: 1.1 - )
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.1111 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pandora: First Contact (HKLM-x32\...\Steam App 287580) (Version:  - Proxy Studios)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
S Agent (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.2 - Samsung)
SaveByClick (HKLM\...\{9849AA36-D81F-47D4-A53F-903D43AA88C0}) (Version: 1.0 - SaveByClick) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SW Update (HKLM-x32\...\{90FC0842-61FC-4E1B-B96C-207F798C374F}) (Version: 2.1.2 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.40.0 - Synaptics Incorporated)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Elder Scrolls V - Skyrim (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TPG MTA Client 2010 (HKLM\...\{8E88A516-3611-4CAC-BA3C-249C7CBDDD79}) (Version: 3.0.1.7 - The Project Group GmbH)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.1 - )
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version:  - )
Ys I (HKLM-x32\...\Steam App 223810) (Version:  - Nihon Falcom)
Ys II (HKLM-x32\...\Steam App 223870) (Version:  - Nihon Falcom)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-08-2014 08:40:00 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DEEE33D-24DD-4EBC-8BD8-647913BF195C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-12-19] (SEC)
Task: {1F7615DE-3DCB-4CDE-AFA3-9835DCD3C9F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {2107B118-A1C4-4C0A-80C0-576417473C1B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {2BC27100-6FAA-4D52-B08C-4693EE8AE2E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {37092E36-A8AB-49BA-808A-A119F209868F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3E4E67A9-5486-4499-A292-FF3D3E03BF50} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-25] (Samsung Electronics CO., LTD.)
Task: {4F567DFB-121E-4097-9B99-639636F53BC2} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {7479C151-9FAD-4AC8-A651-06B0AC54DEC2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {77688060-EF09-423E-9FBE-56F863A7B3CF} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {81316694-DAB7-4653-9C7B-0BC2F7387668} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {865F321A-4DB7-4C3E-B252-5B77ED92B1F5} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-12-08] (SAMSUNG Electronics)
Task: {891E00C2-5EE6-454A-B1DC-6602E1BD3B38} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {B04CE76A-E87F-4534-BB48-AF22EC9BD6EE} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-28] (Samsung Electronics CO., LTD.)
Task: {B9BC9E63-94F9-43DC-B483-4FD7F489123D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {C7453717-806A-44A4-92DE-113B4DA3CDEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {C7C89124-6E34-459A-B18B-C97852B257DC} - System32\Tasks\Google Updater and Installer => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {CED0355C-BD6B-46F0-8173-922AAD2BBAB6} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {E309560E-6FD3-42CB-941A-35EEC451E981} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {E3B5F879-3667-4FAB-964E-FF4254620300} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {E76B2F66-B35D-41C6-A07A-6358173C92D4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {FB409B8D-827B-4DF4-85CE-98E76633F915} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core.job => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA.job => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-03-12 14:38 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-12 14:36 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-12-23 23:39 - 2012-12-23 23:39 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-03-12 15:47 - 2009-11-30 17:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-29 10:59 - 2012-02-13 16:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-02-06 04:29 - 2012-01-05 10:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-29 10:59 - 2011-02-17 02:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-10-29 10:59 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-08-15 20:02 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Koray\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2012-03-12 14:59 - 2011-09-08 12:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-12 14:36 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-05 21:44 - 2013-12-04 04:47 - 00702416 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 21:44 - 2013-12-04 04:47 - 00099792 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 21:44 - 2013-12-04 04:48 - 04055504 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 21:44 - 2013-12-04 04:48 - 00399312 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 21:44 - 2013-12-04 04:47 - 01619408 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 21:44 - 2013-12-04 04:48 - 13586896 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Koray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                         
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EPSON Stylus DX4400 Series => C:\windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\windows\TEMP\E_S6641.tmp" /EF "HKCU"
MSCONFIG\startupreg: Google Update => "C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: SecureGuard Driver
Description: SecureGuard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Phoenix
Service: SGDrv
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 26%
Total physical RAM: 8089.43 MB
Available physical RAM: 5983.48 MB
Total Pagefile: 16177.03 MB
Available Pagefile: 13692.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.43 GB) (Free:340.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8D8AB3F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=27)

==================== End Of Log ============================
         

Alt 21.08.2014, 10:51   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => "C:\PROGRA~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe"
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: GrreauTSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\aeuoyuoz@uioo-zts.edu [2014-06-06]
FF Extension: ShopDorop - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\lkrrk@gbf-.com [2014-07-09]
FF Extension: GrueatSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\ueur12@v-znc.org [2014-06-06]
FF Extension: Fun2Save - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\zlqdvh@hxsryiiaiy.com [2014-07-09]
CHR Extension: (GrreauTSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeogpdbddfmhgheajckeenafmlpcamo [2014-05-25]
CHR Extension: (Papas Pizzeria) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi [2014-07-05]
CHR Extension: (GrueatSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpoomeiefmfccmjkkiccnhiadkjpadj [2014-05-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv
C:\Users\Koray\Downloads\Hotspot-Shield-649.exe
C:\Users\Koray\Downloads\Share-Online.biz Premium.URL
C:\Users\Koray\Downloads\Uploaded.net Premium.URL
C:\Users\Koray\Downloads\sdew.rar
C:\PROGRA~2\RADIOR~1
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.08.2014, 18:22   #8
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Hallo cosinus,
hier wie gewünscht:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Koray at 2014-08-21 19:20:35 Run:1
Running from C:\Users\Koray\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => "C:\PROGRA~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe"
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Plugin: @MICROSOFT.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: GrreauTSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\EXTENSIONS\aeuoyuoz@uioo-zts.edu [2014-06-06]
FF Extension: ShopDorop - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\EXTENSIONS\lkrrk@gbf-.com [2014-07-09]
FF Extension: GrueatSave4U - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\ueur12@v-znc.org [2014-06-06]
FF Extension: Fun2Save - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\zlqdvh@hxsryiiaiy.com [2014-07-09]
CHR Extension: (GrreauTSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeogpdbddfmhgheajckeenafmlpcamo [2014-05-25]
CHR Extension: (Papas Pizzeria) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi [2014-07-05]
CHR Extension: (GrueatSave4U) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpoomeiefmfccmjkkiccnhiadkjpadj [2014-05-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv
C:\Users\Koray\Downloads\Hotspot-Shield-649.exe
C:\Users\Koray\Downloads\Share-Online.biz Premium.URL
C:\Users\Koray\Downloads\Uploaded.net Premium.URL
C:\Users\Koray\Downloads\sdew.rar
C:\PROGRA~2\RADIOR~1
         
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RadioRage Home Page Guard 64 bit => value deleted successfully.
"HKCR\PROTOCOLS\Filter\AutorunsDisabled" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Filter\AutorunsDisabled" => Key not found.
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); => Error: No automatic fix found for this entry.
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@MICROSOFT.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\EXTENSIONS\aeuoyuoz@uioo-zts.edu => Moved successfully.
C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\EXTENSIONS\lkrrk@gbf-.com => Moved successfully.
C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\ueur12@v-znc.org => Moved successfully.
C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\zlqdvh@hxsryiiaiy.com => Moved successfully.
C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeogpdbddfmhgheajckeenafmlpcamo => Moved successfully.
C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi => Moved successfully.
C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpoomeiefmfccmjkkiccnhiadkjpadj => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Koray\Downloads\24.S02E11.GERMAN.DUBBED.720p.WebHD.h264-iNFOTv => Moved successfully.
C:\Users\Koray\Downloads\Hotspot-Shield-649.exe => Moved successfully.
C:\Users\Koray\Downloads\Share-Online.biz Premium.URL => Moved successfully.
C:\Users\Koray\Downloads\Uploaded.net Premium.URL => Moved successfully.
C:\Users\Koray\Downloads\sdew.rar => Moved successfully.
"C:\PROGRA~2\RADIOR~1" => File/Directory not found.

==== End of Fixlog ====
         
Danke nochmals für die Hilfe!

Alt 21.08.2014, 19:40   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.08.2014, 21:10   #10
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Nabend
einmal frische Logs:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Koray (administrator) on KORAY-PC2 on 21-08-2014 22:08:19
Running from C:\Users\Koray\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Koray\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2012-01-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-189922631-1767686969-1414721043-1001\...\Run: [Google Update] => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-28] (Google Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~3\INTELE~1\INTELE~2.DLL => C:\ProgramData\Intelewin filter\Intelewinfilter_x64.dll [4421632 2013-12-28] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
BootExecute: 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {BDDD7933-D6F6-4868-B3AA-E7F8771698D7} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\abs@avira.com [2014-08-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-02]
FF Extension: FastestFox - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-02]
FF Extension: Greasemonkey - C:\Users\Koray\AppData\Roaming\Mozilla\Firefox\Profiles\3amg5ddl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-09]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-08-16]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-20]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Koray\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Facebook voice input) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\diapelgchjnmbefdjoikdkplgejgeokh [2014-06-14]
CHR Extension: (Keep Last Two Tabs) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnmaiiahjldikaollhjobhchdbhfhgf [2014-06-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (DiscountExtenasui) - C:\ProgramData\llebemnhkcdlikgjbemabmkgoeigphfg\ [2013-09-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-12-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] () [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-29] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S4 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 13:32 - 2014-08-20 13:33 - 00044220 _____ () C:\Users\Koray\Desktop\Addition.txt
2014-08-19 21:02 - 2014-08-21 22:08 - 00018470 _____ () C:\Users\Koray\Desktop\FRST.txt
2014-08-19 21:02 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\Koray\Desktop\FRST-OlderVersion
2014-08-19 21:01 - 2014-08-19 21:01 - 00008850 _____ () C:\Users\Koray\Desktop\Help.odt
2014-08-19 21:00 - 2014-08-19 21:00 - 00001831 _____ () C:\Users\Koray\Desktop\JRT.txt
2014-08-19 20:51 - 2014-08-19 20:51 - 01101648 _____ () C:\Users\Koray\Desktop\Junkware Removal Tool - CHIP-Installer.exe
2014-08-19 20:47 - 2014-08-19 20:47 - 00013849 _____ () C:\Users\Koray\Desktop\AdwCleaner[S2].txt
2014-08-19 20:42 - 2014-08-19 20:42 - 01361671 _____ () C:\Users\Koray\Desktop\adwcleaner_3.307.exe
2014-08-16 17:33 - 2014-08-16 17:33 - 00108471 _____ () C:\Users\Koray\Desktop\Malwarebytes Anti Malware.txt
2014-08-16 17:30 - 2014-08-16 17:30 - 00019298 _____ () C:\Users\Koray\Desktop\Quarantine Antivir.txt
2014-08-16 16:50 - 2014-08-16 16:50 - 00006457 _____ () C:\Users\Koray\Desktop\Gmer.log
2014-08-16 09:50 - 2014-08-16 09:50 - 00380416 _____ () C:\Users\Koray\Desktop\Gmer-19357.exe
2014-08-16 09:40 - 2014-08-21 22:08 - 00000000 ____D () C:\FRST
2014-08-16 09:40 - 2014-08-16 09:41 - 00055681 _____ () C:\Users\Koray\Desktop\16_8_2014 Addition.txt
2014-08-16 09:40 - 2014-08-16 09:41 - 00053421 _____ () C:\Users\Koray\Desktop\16_8_2014 FRST.txt
2014-08-16 09:39 - 2014-08-19 21:02 - 02101760 _____ (Farbar) C:\Users\Koray\Desktop\FRST64.exe
2014-08-16 09:38 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Downloads\FRST64.exe
2014-08-16 09:36 - 2014-08-16 09:36 - 00000472 _____ () C:\Users\Koray\Desktop\defogger_disable.log
2014-08-16 09:36 - 2014-08-16 09:36 - 00000000 _____ () C:\Users\Koray\defogger_reenable
2014-08-16 09:36 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Desktop\Defogger.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Downloads\Defogger.exe
2014-08-16 09:33 - 2014-08-16 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 09:20 - 2014-08-16 09:20 - 00000096 _____ () C:\Users\Koray\Downloads\wdr3_hq.m3u
2014-08-16 08:23 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 08:23 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 08:23 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 08:23 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 08:23 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 08:23 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 08:23 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 08:23 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 20:02 - 2014-08-15 20:08 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 20:01 - 2014-08-15 20:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 19:53 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 19:53 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 19:53 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 19:53 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 19:53 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 19:53 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 19:52 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 19:52 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 19:52 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 19:52 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 19:52 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 19:52 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 19:52 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 19:52 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 19:52 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 19:52 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 19:52 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 19:52 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 19:52 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 19:52 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 19:52 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 19:52 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 19:52 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 19:52 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 19:52 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 19:52 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 19:52 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 19:52 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 19:52 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 19:52 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 19:52 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 19:52 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 19:52 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 19:52 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 19:52 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 19:52 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 19:52 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 19:52 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 19:52 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 19:52 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 19:52 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 19:52 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 19:52 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 19:52 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 19:52 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 19:52 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 19:52 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 19:52 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 19:52 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 19:52 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 19:52 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 19:52 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 19:52 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 19:52 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 19:52 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 19:52 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 19:52 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 19:52 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 19:52 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 19:52 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 19:52 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 19:52 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 19:52 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 19:52 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 19:52 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 19:52 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 19:52 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 19:52 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 19:52 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 19:52 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 19:52 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 19:52 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 19:52 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 19:51 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 19:51 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 19:51 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 19:51 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 18:23 - 2014-06-01 14:56 - 1357838144 _____ () C:\Users\Koray\Downloads\infotv-24_s02e23_720p.mkv
2014-08-12 18:23 - 2014-06-01 14:51 - 1393596147 _____ () C:\Users\Koray\Downloads\infotv-24_s02e22_720p.mkv
2014-08-12 18:22 - 2014-05-30 16:44 - 1408037068 _____ () C:\Users\Koray\Downloads\infotv-24_s02e21_720p.mkv
2014-08-12 18:21 - 2014-05-30 16:39 - 1389358618 _____ () C:\Users\Koray\Downloads\infotv-24_s02e20_720p.mkv
2014-08-12 18:21 - 2014-05-30 16:35 - 1391913674 _____ () C:\Users\Koray\Downloads\infotv-24_s02e19_720p.mkv
2014-08-12 18:20 - 2014-05-30 16:01 - 1381448332 _____ () C:\Users\Koray\Downloads\infotv-24_s02e18_720p.mkv
2014-08-12 18:19 - 2014-05-30 15:53 - 1399795667 _____ () C:\Users\Koray\Downloads\infotv-24_s02e17_720p.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 22:08 - 2014-08-19 21:02 - 00018470 _____ () C:\Users\Koray\Desktop\FRST.txt
2014-08-21 22:08 - 2014-08-16 09:40 - 00000000 ____D () C:\FRST
2014-08-21 22:04 - 2014-03-22 14:28 - 00000000 ____D () C:\Users\Koray\AppData\Local\Battle.net
2014-08-21 21:33 - 2012-10-28 01:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA.job
2014-08-21 20:34 - 2012-03-13 06:32 - 01224066 _____ () C:\windows\WindowsUpdate.log
2014-08-21 19:34 - 2012-10-28 01:34 - 00002357 _____ () C:\Users\Koray\Desktop\Google Chrome.lnk
2014-08-21 19:33 - 2012-10-28 01:33 - 00001068 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core.job
2014-08-21 19:28 - 2012-10-28 01:33 - 00004094 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA
2014-08-21 19:28 - 2012-10-28 01:33 - 00003698 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core
2014-08-21 19:14 - 2012-03-12 14:36 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-08-20 13:33 - 2014-08-20 13:32 - 00044220 _____ () C:\Users\Koray\Desktop\Addition.txt
2014-08-19 21:18 - 2014-03-22 14:33 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-19 21:02 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\Koray\Desktop\FRST-OlderVersion
2014-08-19 21:02 - 2014-08-16 09:39 - 02101760 _____ (Farbar) C:\Users\Koray\Desktop\FRST64.exe
2014-08-19 21:01 - 2014-08-19 21:01 - 00008850 _____ () C:\Users\Koray\Desktop\Help.odt
2014-08-19 21:00 - 2014-08-19 21:00 - 00001831 _____ () C:\Users\Koray\Desktop\JRT.txt
2014-08-19 20:55 - 2009-07-14 06:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:55 - 2009-07-14 06:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:51 - 2014-08-19 20:51 - 01101648 _____ () C:\Users\Koray\Desktop\Junkware Removal Tool - CHIP-Installer.exe
2014-08-19 20:47 - 2014-08-19 20:47 - 00013849 _____ () C:\Users\Koray\Desktop\AdwCleaner[S2].txt
2014-08-19 20:46 - 2012-03-12 14:36 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-08-19 20:46 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-19 20:46 - 2009-07-14 06:51 - 00158940 _____ () C:\windows\setupact.log
2014-08-19 20:45 - 2014-07-09 19:33 - 00000000 ____D () C:\AdwCleaner
2014-08-19 20:45 - 2010-11-21 05:47 - 02058152 _____ () C:\windows\PFRO.log
2014-08-19 20:42 - 2014-08-19 20:42 - 01361671 _____ () C:\Users\Koray\Desktop\adwcleaner_3.307.exe
2014-08-19 20:32 - 2009-07-14 06:45 - 00421008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-18 21:41 - 2012-11-01 02:09 - 00000000 ____D () C:\Users\Koray\AppData\Roaming\vlc
2014-08-18 20:26 - 2012-10-26 10:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-18 13:19 - 2014-07-21 18:55 - 00001008 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-08-18 10:09 - 2013-06-08 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-16 17:33 - 2014-08-16 17:33 - 00108471 _____ () C:\Users\Koray\Desktop\Malwarebytes Anti Malware.txt
2014-08-16 17:31 - 2014-07-09 18:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 17:30 - 2014-08-16 17:30 - 00019298 _____ () C:\Users\Koray\Desktop\Quarantine Antivir.txt
2014-08-16 16:50 - 2014-08-16 16:50 - 00006457 _____ () C:\Users\Koray\Desktop\Gmer.log
2014-08-16 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-16 09:50 - 2014-08-16 09:50 - 00380416 _____ () C:\Users\Koray\Desktop\Gmer-19357.exe
2014-08-16 09:41 - 2014-08-16 09:40 - 00055681 _____ () C:\Users\Koray\Desktop\16_8_2014 Addition.txt
2014-08-16 09:41 - 2014-08-16 09:40 - 00053421 _____ () C:\Users\Koray\Desktop\16_8_2014 FRST.txt
2014-08-16 09:38 - 2014-08-16 09:38 - 02100224 _____ (Farbar) C:\Users\Koray\Downloads\FRST64.exe
2014-08-16 09:36 - 2014-08-16 09:36 - 00000472 _____ () C:\Users\Koray\Desktop\defogger_disable.log
2014-08-16 09:36 - 2014-08-16 09:36 - 00000000 _____ () C:\Users\Koray\defogger_reenable
2014-08-16 09:36 - 2012-10-26 10:14 - 00000000 ____D () C:\Users\Koray
2014-08-16 09:35 - 2014-08-16 09:36 - 00050477 _____ () C:\Users\Koray\Desktop\Defogger.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00050477 _____ () C:\Users\Koray\Downloads\Defogger.exe
2014-08-16 09:33 - 2014-08-16 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 09:20 - 2014-08-16 09:20 - 00000096 _____ () C:\Users\Koray\Downloads\wdr3_hq.m3u
2014-08-16 09:17 - 2013-09-14 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 09:17 - 2012-03-12 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-16 09:16 - 2013-06-14 06:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-16 09:16 - 2012-03-13 06:08 - 00000000 ____D () C:\windows\ShellNew
2014-08-16 09:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-16 09:10 - 2013-09-14 22:35 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-08-16 09:09 - 2013-09-22 00:31 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program
2014-08-16 09:09 - 2012-03-12 14:59 - 00003214 _____ () C:\windows\System32\Tasks\advSRS5
2014-08-16 09:08 - 2013-07-09 20:20 - 00000000 ____D () C:\Program Files (x86)\BGII - SvA
2014-08-16 09:08 - 2012-03-12 14:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-16 09:05 - 2014-02-08 18:40 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-08-16 09:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-16 08:59 - 2013-07-03 14:08 - 00000000 ____D () C:\Neverwinter Nights Diamond Edition
2014-08-16 08:46 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-16 08:36 - 2013-08-14 22:52 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 08:32 - 2012-10-28 01:27 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 08:22 - 2014-05-09 22:28 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 20:09 - 2014-08-15 20:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 20:08 - 2014-08-15 20:02 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 20:08 - 2012-10-26 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-15 20:08 - 2012-10-26 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-15 20:02 - 2012-10-26 10:39 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 18:31 - 2014-03-22 14:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-12 20:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Resources
2014-08-12 18:18 - 2012-03-13 06:20 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-08-12 18:18 - 2012-03-13 06:20 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-08-12 18:18 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-10 21:47 - 2012-10-28 13:07 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-07 04:06 - 2014-08-15 19:51 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 19:51 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-01 01:41 - 2014-08-15 19:52 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 19:52 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-27 09:33 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 09:33 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 00:41 - 2013-03-13 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 21:57 - 2013-05-07 17:47 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-26 21:56 - 2012-12-27 21:24 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-26 21:56 - 2012-12-27 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-25 16:52 - 2014-08-15 19:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 19:52 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 19:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 19:52 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 19:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 19:52 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-15 19:52 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-15 19:52 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 19:52 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 19:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 19:52 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 19:52 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 19:52 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 19:52 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-15 19:52 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-15 19:52 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 19:52 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 19:52 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 19:52 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 19:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 19:52 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 19:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 19:52 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-15 19:52 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-15 19:52 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 19:52 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 19:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 19:52 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-15 19:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-15 19:52 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 19:52 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 19:52 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 19:52 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 19:52 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 19:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 19:52 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 19:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 19:52 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 19:52 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 19:52 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 19:52 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 19:52 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 19:52 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 19:52 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-15 19:52 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 19:52 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 19:52 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 19:52 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 19:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 19:52 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 19:52 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 19:52 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 19:52 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 19:52 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\Koray\AppData\Local\Temp\avgnt.exe
C:\Users\Koray\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 09:40

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Koray at 2014-08-21 22:08:51
Running from C:\Users\Koray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
calibre (HKLM-x32\...\{0B11C568-7E39-4105-B26F-F0E84A0E1C46}) (Version: 1.9.0 - Kovid Goyal)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4813b - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.4813b - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4207 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4207 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3706.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3706.52 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.47 - Samsung)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.03 - Ubisoft)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.63.3.WIN.FullTilt.EU - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Geneforge 1 (HKLM-x32\...\Steam App 200960) (Version:  - Spiderweb Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4501.1952 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
King Arthur - The Role-playing Wargame (HKLM-x32\...\Steam App 24400) (Version:  - Neocore Games)
Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version:  - Ironhide Game Studio)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Magic: The Gathering – Tactics (HKLM-x32\...\Steam App 201190) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mars: War Logs (HKLM-x32\...\Steam App 232750) (Version:  - Spiders)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM-x32\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version:  - )
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{A86C7338-BE18-4770-AA25-138513D89B0D}) (Version: 1.1 - )
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.1111 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pandora: First Contact (HKLM-x32\...\Steam App 287580) (Version:  - Proxy Studios)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
S Agent (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.2 - Samsung)
SaveByClick (HKLM\...\{9849AA36-D81F-47D4-A53F-903D43AA88C0}) (Version: 1.0 - SaveByClick) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SW Update (HKLM-x32\...\{90FC0842-61FC-4E1B-B96C-207F798C374F}) (Version: 2.1.2 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.40.0 - Synaptics Incorporated)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Elder Scrolls V - Skyrim (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TPG MTA Client 2010 (HKLM\...\{8E88A516-3611-4CAC-BA3C-249C7CBDDD79}) (Version: 3.0.1.7 - The Project Group GmbH)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.1 - )
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version:  - )
Ys I (HKLM-x32\...\Steam App 223810) (Version:  - Nihon Falcom)
Ys II (HKLM-x32\...\Steam App 223870) (Version:  - Nihon Falcom)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-189922631-1767686969-1414721043-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-189922631-1767686969-1414721043-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Koray\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

18-08-2014 08:40:00 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DEEE33D-24DD-4EBC-8BD8-647913BF195C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-12-19] (SEC)
Task: {1F7615DE-3DCB-4CDE-AFA3-9835DCD3C9F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {2107B118-A1C4-4C0A-80C0-576417473C1B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {2BC27100-6FAA-4D52-B08C-4693EE8AE2E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {37092E36-A8AB-49BA-808A-A119F209868F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3E4E67A9-5486-4499-A292-FF3D3E03BF50} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-25] (Samsung Electronics CO., LTD.)
Task: {4F567DFB-121E-4097-9B99-639636F53BC2} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {7479C151-9FAD-4AC8-A651-06B0AC54DEC2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {77688060-EF09-423E-9FBE-56F863A7B3CF} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {81316694-DAB7-4653-9C7B-0BC2F7387668} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {865F321A-4DB7-4C3E-B252-5B77ED92B1F5} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-12-08] (SAMSUNG Electronics)
Task: {891E00C2-5EE6-454A-B1DC-6602E1BD3B38} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {B04CE76A-E87F-4534-BB48-AF22EC9BD6EE} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-28] (Samsung Electronics CO., LTD.)
Task: {B9BC9E63-94F9-43DC-B483-4FD7F489123D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {C7453717-806A-44A4-92DE-113B4DA3CDEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {C7C89124-6E34-459A-B18B-C97852B257DC} - System32\Tasks\Google Updater and Installer => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {CED0355C-BD6B-46F0-8173-922AAD2BBAB6} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {E309560E-6FD3-42CB-941A-35EEC451E981} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {E3B5F879-3667-4FAB-964E-FF4254620300} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {E76B2F66-B35D-41C6-A07A-6358173C92D4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {FB409B8D-827B-4DF4-85CE-98E76633F915} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001Core.job => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189922631-1767686969-1414721043-1001UA.job => C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-03-12 14:38 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-12 14:36 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-12-23 23:39 - 2012-12-23 23:39 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-03-12 15:47 - 2009-11-30 17:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-29 10:59 - 2012-02-13 16:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-02-06 04:29 - 2012-01-05 10:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-29 10:59 - 2011-02-17 02:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-10-29 10:59 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-08-15 20:02 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Koray\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2012-03-12 14:59 - 2011-09-08 12:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-12 14:36 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-07-24 00:57 - 2013-07-24 00:57 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2014-08-21 19:34 - 2014-08-07 05:20 - 00718152 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-21 19:34 - 2014-08-07 05:20 - 00126280 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-21 19:34 - 2014-08-07 05:20 - 08537928 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-21 19:34 - 2014-08-07 05:20 - 00353096 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-21 19:34 - 2014-08-07 05:20 - 01732936 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-21 19:34 - 2014-08-07 05:20 - 14669128 _____ () C:\Users\Koray\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Koray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                         
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EPSON Stylus DX4400 Series => C:\windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\windows\TEMP\E_S6641.tmp" /EF "HKCU"
MSCONFIG\startupreg: Google Update => "C:\Users\Koray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: SecureGuard Driver
Description: SecureGuard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Phoenix
Service: SGDrv
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 08:26:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/21/2014 07:14:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (08/21/2014 08:26:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 24%
Total physical RAM: 8089.43 MB
Available physical RAM: 6117.09 MB
Total Pagefile: 16177.03 MB
Available Pagefile: 13371.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.43 GB) (Free:339.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8D8AB3F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=27)

==================== End Of Log ============================
         
Schönen Abend noch!

Alt 21.08.2014, 21:20   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.08.2014, 08:00   #12
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Guten Morgen,
hier die Früchte der Scans:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.08.2014
Suchlauf-Zeit: 06:09:39
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.22.01
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Koray

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346434
Verstrichene Zeit: 11 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.MindSpark.A, HKU\S-1-5-21-189922631-1767686969-1414721043-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RadioRage_4j, Löschen bei Neustart, [029774553b4030064ee96a8f936f08f8], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.Superfish.A, C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [0099a227e09b49edce79c3390df5d32d], 
PUP.Optional.Superfish.A, C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [aced4d7ca6d589ad94b3f00ca55dfc04], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=28bb21a5d50ca44eb494206ac39b971f
# engine=19100
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-09 09:47:40
# local_time=2014-07-09 11:47:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 19080 270365750 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 31423375 156572310 0 0
# scanned=346859
# found=9
# cleaned=0
# scan_time=7777
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=A5EFE223F62A38306C5343D20730A888DB161016 ft=1 fh=c71c00110e84d24f vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Intelewin filter\Intelewinfilter_x64.dll"
sh=A5EFE223F62A38306C5343D20730A888DB161016 ft=1 fh=c71c00110e84d24f vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Intelewin filter\Intelewinfilter_x64.dll"
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koray\Downloads\PDFCreator-1_6_2_setup.exe"
sh=80B86F2B7E604FC94778C110DD25641204D8209D ft=1 fh=88381e48320a06f7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll"
sh=80B86F2B7E604FC94778C110DD25641204D8209D ft=1 fh=88381e48320a06f7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll"
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=28bb21a5d50ca44eb494206ac39b971f
# engine=19778
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-22 06:46:48
# local_time=2014-08-22 08:46:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9623 274113298 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35170923 160319858 0 0
# scanned=358179
# found=50
# cleaned=0
# scan_time=6399
sh=08EEA8C5839D81CF4FE8C4D7C304F84757C4B99B ft=1 fh=41dc015150d2b8d9 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jauxstb.dll.vir"
sh=8872824DA370A893AF27EDA5914C81B016FDE10D ft=1 fh=7df6b6eaf73c436e vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jauxstb64.dll.vir"
sh=352E15324D870431C6A80AEFA1B3826AF5F8AD7B ft=1 fh=d498158229edd61d vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll.vir"
sh=2DB76E64C44398F284BB9607477FFAB286C822A5 ft=1 fh=a15fd42821542f57 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe.vir"
sh=3E702CCA69804CDADE4A916C4666099B252CEC46 ft=1 fh=3ff9f90724b61074 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbprtct.dll.vir"
sh=242016E4DB00A6326CB726E517BD8C44C0D9AF4F ft=1 fh=5585cde8f9518639 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe.vir"
sh=BD3BA77A76482B8432E852B6C12718DFD8A805E8 ft=1 fh=d0f2a63db6645c6c vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe.vir"
sh=43057F202484834CAED5265AF9ADBD5C1C00C47C ft=1 fh=cbe7b8075d97fef6 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll.vir"
sh=E22F1101BCDB847DDA207076C20847EE7BA14783 ft=1 fh=6dacd07894aac7d3 vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub64.dll.vir"
sh=6F8E675C0259BDB7CEEADA861381E8655E3882FD ft=1 fh=0c2cde178f5cb3ea vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdatact.dll.vir"
sh=D14FF0D978C0818F3219AB303258B61961E24B5B ft=1 fh=95d16e31093cddf4 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdlghk.dll.vir"
sh=BFF74D4CF269E36527CE43A484298A7797D85DDB ft=1 fh=e0568f6273d6b1f6 vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdlghk64.dll.vir"
sh=4B8694F7BFF75DDF2A99D67136B9FCAA8BCBF818 ft=1 fh=54e43688a7d5acff vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jfeedmg.dll.vir"
sh=8000F7F069170BA3962B6D1DE97641CB8E8795E6 ft=1 fh=41956871b2c6a631 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhtmlmu.dll.vir"
sh=56E4F2B4EC1A6E8836C2541D66E710DABCA48FB3 ft=1 fh=bc873fb5e0ff5b6a vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhttpct.dll.vir"
sh=7318474377B8A97C09E8B4E76BC84CD967F41425 ft=1 fh=2cc6ec5e6a8fb481 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jidle.dll.vir"
sh=B17E3F03EDE4F7710DD0678C170FEFC0457ACF7D ft=1 fh=03d8ea72626c5942 vn="Win32/Toolbar.MyWebSearch.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jieovr.dll.vir"
sh=0BFBBF33F74B6E9187D80CDD84DD49997DE10DBC ft=1 fh=7e5ba4990ad2843d vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmlbtn.dll.vir"
sh=AD9FAD90CC49091BBEA91AA9829BA7C7DE57A080 ft=1 fh=333fc276c8268012 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jPlugin.dll.vir"
sh=E591A3DBC8B508F86149B610BDD39DF799C101FA ft=1 fh=e63430e62a50e4d1 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jradio.dll.vir"
sh=5A7521CEEC575EF85C8E191C4331DF8888B3A22B ft=1 fh=890daf73d694e35c vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jregiet.dll.vir"
sh=80650AAB853B1ACEBE666EC834BE9AE519116254 ft=1 fh=88f6e6dcc31aacd1 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jscript.dll.vir"
sh=1A401BBE5BA7C679A6B56A2F335D8AF67A063C4A ft=1 fh=22f921539bef2c08 vn="möglicherweise Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jskin.dll.vir"
sh=C2989D1054DEF8375543745EB246AC09139DBB99 ft=1 fh=9502a7177dbba1c1 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll.vir"
sh=DF8005C51D4EE75E9C3CEE21A96FDCA75EF2E71B ft=1 fh=24159591b5465636 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jsrchmr.dll.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jtpinst.dll.vir"
sh=F76EBFB49A14135188A858A9A19ADE33D841FAD9 ft=1 fh=fd6523e46258979f vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe.vir"
sh=385877E899E02E0F9C551D5B3293270C5FEB9D6B ft=1 fh=fc49323ed3498cd9 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=3C2251BC6DBC556B960D82FC7211B6005A613A8A ft=1 fh=e2babb33b836a3b5 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\ASSISTMONITOR.DLL.vir"
sh=E9C0F7642BFDCA4F304679F44A2351765D25D7E3 ft=1 fh=df272951a00ae964 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\ASSISTMONITOR64.DLL.vir"
sh=5B52C97808B05C61C42C660EF788C6E30E9956D1 ft=1 fh=3bd8668ff345b3ba vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CREXT.DLL.vir"
sh=C0F1C1AD7E3E71F00D10961BF88368998314C8B5 ft=1 fh=1104306037fac477 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CrExtP4j.exe.vir"
sh=2C88C56E84FB90C27DA50DF87011A98C77362B19 ft=1 fh=054dd36e0a8ce909 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\Hpg64.dll.vir"
sh=AFDF3F69BEB1CDE4A5AA1D9EE5BEFD8A5DE808D7 ft=1 fh=6f20f9ce0b4866ad vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EPMSUP.DLL.vir"
sh=ACBBE4D6CB48DD5CF142D79FDFEECBD7F9E9854E ft=1 fh=c0c375ff197f91b8 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTEX.DLL.vir"
sh=BB1DF373EBE307C63271B72B7905E86FBF58D2CB ft=1 fh=16b6d8b2476550db vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL.vir"
sh=0C27996F6F6194AA4EE5DA4031A78B9E304B05E3 ft=1 fh=44a79e41ea9fa8ee vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8HTML.DLL.vir"
sh=88A01244271EF4EE3E78DDCEAF4287D4B053ED9A ft=1 fh=6b89c95ed44a94f1 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8TICKER.DLL.vir"
sh=AB85089131865A0535CD21A15D60C00AA7C425A2 ft=1 fh=13b78041014ac185 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\VERIFY.DLL.vir"
sh=AC297627AB9AB7AD194EC4E3CDE50D2A42F9A4FA ft=1 fh=609aefa527ec4346 vn="Win32/Toolbar.MyWebSearch.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=A5EFE223F62A38306C5343D20730A888DB161016 ft=1 fh=c71c00110e84d24f vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Intelewin filter\Intelewinfilter_x64.dll"
sh=A5EFE223F62A38306C5343D20730A888DB161016 ft=1 fh=c71c00110e84d24f vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Intelewin filter\Intelewinfilter_x64.dll"
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koray\Downloads\PDFCreator-1_6_2_setup.exe"
sh=80B86F2B7E604FC94778C110DD25641204D8209D ft=1 fh=88381e48320a06f7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll"
sh=80B86F2B7E604FC94778C110DD25641204D8209D ft=1 fh=88381e48320a06f7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll"
         

Alt 22.08.2014, 08:58   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Ein paar hysterische Funde von ESET. Dass Avira die Ask-Toolbar hat ist lange bekannt. Ansonsten viele Funden in schon längst vom adwCleaner isolierten Dateien.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\Intelewin filter
C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.08.2014, 09:02   #14
Thunder3311
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



Hier das Log

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Koray at 2014-08-22 10:02:04 Run:2
Running from C:\Users\Koray\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\Intelewin filter
C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
         
*****************

C:\ProgramData\Intelewin filter => Moved successfully.
C:\Users\Koray\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll => Moved successfully.

==== End of Fixlog ====
         

Alt 22.08.2014, 09:07   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Standard

Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht



TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht
adware/adware.gen, adware/adware.gen2, adware/adware.gen7, adware/installcore.gen, adware/lollipop.1.5, adware/multiplug.ajad, adware/multiplug.bfk, adware/multiplug.ci, adware/multiplug.yu, adware/rogue.495616.73, adware/rogue.497664.97, pup.optional.babylon.a, pup.optional.easylife.a, pup.optional.installcore.a, pup.optional.multiplug, pup.optional.multiplug.a, pup.optional.opencandy.a, pup.optional.savebyclick.a, pup.optional.sprotector.a, pup.optional.superfish.a, pup.optional.sweetim, pup.optional.sweetim.a, pup.optional.sweetpacks, tr/bprotector.gen2



Ähnliche Themen: Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht


  1. Trotz Internetverbindung können Webseiten nicht angezeigt werden
    Alles rund um Windows - 04.08.2015 (4)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr
    Log-Analyse und Auswertung - 03.06.2015 (3)
  3. Windows 7: Gerätemanager und WLan funktioniert nicht; Updates können nicht getätigt werden
    Log-Analyse und Auswertung - 24.02.2015 (28)
  4. Win8.1: SpeedCheck-Werbebanner können nicht entfernt werden
    Log-Analyse und Auswertung - 09.01.2015 (11)
  5. Windows 7, Firefox-Browser: Spyware/Trojaner/Hijacker können trotz Anti-Malware und Adwcleaner nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (13)
  6. Spybot findet Bedrohungen, die nicht entfernt werden können
    Plagegeister aller Art und deren Bekämpfung - 01.01.2014 (14)
  7. XP: Windows Updates nicht möglich, andere Downloads können nicht abgeschlossen werden
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (42)
  8. Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (40)
  9. Ordner können nicht gelöscht werden, Programme werden nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (2)
  10. Verschlüsselungstrojaner wurde entfernt aber die Dateien können nicht geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (5)
  11. Dienste in Windows XP können nicht mehr aktiviert werden
    Alles rund um Windows - 03.09.2010 (8)
  12. Browser startet verdächtige Websites, Schutz-Programme können nicht ausgeführt werden
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (6)
  13. Automatische Windows-Updates können nicht aktiviert werden
    Log-Analyse und Auswertung - 01.01.2009 (3)
  14. Automatische Windows Updates können nicht aktiviert werden!
    Log-Analyse und Auswertung - 03.06.2008 (11)
  15. Googel und andere große Seiten können im IE nicht angezeigt werden...
    Log-Analyse und Auswertung - 05.05.2007 (5)
  16. antivir,firewall, werden brechen ab bzw können nicht installiert werden!!
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2005 (13)
  17. Einige Internetseiten können nicht angezeigt werden.
    Alles rund um Windows - 13.03.2005 (6)

Zum Thema Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht - Hallo zusammen, ich habe seit geraumer Zeit das Problem, dass meine Browser (Chrome, Firefox, IE) verschiedene Probleme aufweisen: Chrome(vormals primär genutzt): - es sind Addons installiert die ich nicht entfernen - Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht...
Archiv
Du betrachtest: Windows 7: Werbewebseiten werden ungefragt angezeigt. Addons von Chrome und Firefoc können nicht entfernt werden. IE startet nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.