Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.09.2014, 16:59   #1
candelaver
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



Hallo TB Team,

Ich habe mit Teamviewer einer Bekannten, bei Pc Problemem zu helfen,
Die PC- Probleme sind so reichlich und vielseitig vorhanden, dass ich gar nicht weiss, wo ich anfangen soll.

1.) Windows Explorer stürzt öfters ab, so dass die Meldung des Explorers mit bis 30 Fenster eingeblendet wird und bestätigung verlangt.

2.) eine Systemwiederherstellungspunkt kann nicht erstellt werden.

3.) Diverse programme funktionieren nicht, oder frieren ein.

etc.

ich habe inzwischen, durch lesen hier im Board die standart Prozedur durchlaufen lassen und logs erstellt.

ich hoffe, dass mir/uns Jemand weiterhelfen kann und ob der PC zu retten ist. Es sind wichtige Daten vorhanden und ich will nicht, dass diese durch umkopieren, die Infizierung etc. weitergeben.

Ende Oktober besuche ich Sie und werde eine neue Festplatte einbauen und neuinstallieren, doch bis dahin, brauche ich eure Hilfe, vielleicht könnt ihr den PC retten?


1.) OTL LOGS
1.a) OTL.txt
Code:
ATTFilter
OTL logfile created on: 25.09.2014 13:46:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,47 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 62,02% Memory free
6,94 Gb Paging File | 5,78 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 499,86 Gb Total Space | 374,12 Gb Free Space | 74,85% Space Free | Partition Type: NTFS
Drive D: | 1363,05 Gb Total Space | 1218,75 Gb Free Space | 89,41% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\TeamViewer\Version9\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Users\Admin\AppData\Roaming\Hub Timer\hub.exe ()
PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Common Files\Nuance\loggerservice.exe (Nuance Communications, Inc.)
PRC - C:\Programme\T-Online\T-Online_Software_6\eMail\Mail.exe (Deutsche Telekom AG, www.t-online.de)
PRC - C:\Programme\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Nuance\PDF Professional 8\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)
PRC - C:\Programme\Brownie\BrStsWnd.exe (brother)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)
PRC - D:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Admin\AppData\LocalLow\INTERN~1\bho.dll ()
MOD - C:\Programme\T-Online\T-Online_Software_6\eMail\libexpat.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\NCH Software\ExpressZip\ezcm.dll ()
MOD - C:\Programme\T-Online\T-Online_Software_6\Notifier\libcurl.dll ()
MOD - C:\Programme\T-Online\T-Online_Software_6\Notifier\libexpat.dll ()
MOD - D:\lotus\smartctr\LDAUTO.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer9) -- C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (HubService) -- C:\Users\Admin\AppData\Roaming\Hub Timer\hub.exe ()
SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (DragonLoggerService) -- C:\Programme\Common Files\Nuance\loggerservice.exe (Nuance Communications, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 8\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (TVGOnlineUpdateSvc) -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (wStLibG) -- C:\Windows\System32\drivers\wStLibG.sys (StdLib)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (iusb3hcs) -- C:\Windows\System32\drivers\iusb3hcs.sys (Intel Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ArvoFltr) -- C:\Windows\System32\drivers\ArvoFltr.sys (ROCCAT Development, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=orgnl&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0A0A0CyDtCzytDyE0AtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StAtDyBtB0E0EyDtCtGyC0FyCtCtGyEyD0AzztGtByByCtDtGyByCyB0A0AtByB0FyEtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0EtBtBtDzztBtGtDtDzz0CtGyEtA0BzytGyC0DzzyDtGyB0D0E0C0F0CtBtDtBtCyDtA2QtN1B1L1H1Ezu1O2U1M1B&cr=1885874306&ir=
IE - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hores,org
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 96 8F 37 F7 29 CE 01  [binary data]
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = hxxp://www.bing.com/search
IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Speedial"
FF - prefs.js..browser.search.selectedEngine: "Speedial"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update.interval: 31536000
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf8:8
FF - prefs.js..extensions.enabledAddons: s3google%40translator:3.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.update: false
FF - user.js..browser.search.update.interval: 31536000
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DgnRia2: C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\cliqz@cliqz.com: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\extensions\cliqz@cliqz.com
 
[2013.11.18 20:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2014.06.15 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\Admin\extensions
[2014.08.19 08:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\Admin\extensions\staged
[2013.10.14 03:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions
[2014.09.25 13:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\svbhpvaf.default\Extensions
[2014.08.18 21:04:52 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\de-DE@dictionaries.addons.mozilla.org
[2014.01.23 19:01:13 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\youtubeunblocker@unblocker.yt
[2013.10.28 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions
[2013.10.13 15:13:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.10.13 15:21:47 | 000,000,000 | ---D | M] (Newssitter) -- C:\Users\Admin\AppData\Roaming\mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions\newssitter@seematrix.com
[2014.07.15 18:43:01 | 000,013,640 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi
[2014.08.23 09:41:23 | 000,100,161 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\Extensions\s3google@translator.xpi
[2014.09.15 16:05:27 | 000,556,429 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014.09.22 14:09:19 | 000,000,663 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\searchplugins\google-images.xml
[2014.09.22 14:09:19 | 000,002,307 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\searchplugins\google-maps.xml
[2014.09.19 12:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.09.19 12:52:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.16 10:19:04 | 000,000,000 | ---D | M] (PDF Converter) -- C:\PROGRAM FILES\NUANCE\PDF PROFESSIONAL 8\FIREFOX
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014.09.25 11:39:59 | 000,449,906 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Dragon Web Extension For Internet Explorer) - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Programme\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} - C:\Users\Admin\AppData\LocalLow\INTERN~1\bho.dll ()
O2 - BHO: (Gaaiho PDF Conversion Toolbar Helper) - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Programme\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Programme\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [PDF8 Registry Controller] C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000..\Run: [SMASH] C:\Program Files\SoftMaker Office Professional 2012\SMASH.EXE (SoftMaker Software GmbH)
O4 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 F8 FF 03  [binary data]
O8 - Extra context menu item: Mit Nuance PDF Converter 8 öffnen - C:\Program Files\Nuance\PDF Professional 8\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Mit PDF Professional 8 öffnen - C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E579D48-9EAB-40D9-94E9-1F823C368EBD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.09.25 13:39:09 | 005,579,290 | ---- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2014.09.25 13:38:01 | 001,098,240 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe
[2014.09.25 13:37:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2014.09.23 20:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2014.09.22 14:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014.09.22 14:11:45 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014.09.22 14:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.09.22 14:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014.09.22 13:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\XDMessagingv4
[2014.09.22 13:57:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Abelssoft
[2014.09.22 13:57:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Abelssoft
[2014.09.22 13:57:12 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2014.09.22 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
[2014.09.22 13:17:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2014.09.22 13:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2014.09.22 13:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
[2014.09.22 13:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus
[2014.09.22 12:56:54 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.09.22 12:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.09.22 12:56:50 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.09.22 12:56:50 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.09.22 12:56:50 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.09.22 12:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.09.19 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.09.15 13:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2014.09.15 12:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2014.09.15 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Axialis
[2014.09.11 19:22:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.09.11 19:22:24 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.09.11 19:22:24 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.09.11 19:22:24 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.09.11 19:22:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.09.11 19:22:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.09.11 19:22:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.09.11 19:22:23 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.09.11 19:22:23 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.09.11 19:22:23 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.09.11 19:22:23 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.09.11 19:22:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.09.11 19:22:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.09.11 19:22:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.09.11 19:22:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.09.11 19:22:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.09.11 19:22:23 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.09.11 19:22:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.09.11 19:22:22 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.09.11 19:22:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.09.11 19:22:22 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.09.11 19:22:21 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.09.11 19:22:21 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.09.11 19:21:47 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014.09.11 08:41:46 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014.09.11 08:41:46 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014.09.11 08:41:43 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.09.11 08:41:43 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.09.08 12:42:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\cityguide
[2014.08.31 19:50:37 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014.09.25 13:39:56 | 005,579,290 | ---- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2014.09.25 13:38:12 | 001,098,240 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe
[2014.09.25 13:37:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2014.09.25 13:18:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.09.25 13:18:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.09.25 12:47:57 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.09.25 12:07:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.09.25 11:39:59 | 000,449,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.09.25 11:35:34 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini
[2014.09.25 11:04:28 | 000,026,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.09.25 11:04:28 | 000,026,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.09.25 11:03:18 | 000,701,616 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.09.25 11:03:18 | 000,656,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.09.25 11:03:18 | 000,150,408 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.09.25 11:03:18 | 000,122,668 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.09.25 10:57:27 | 000,000,368 | ---- | M] () -- C:\Windows\Brownie.ini
[2014.09.25 10:57:10 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\YPTPNWTTU.job
[2014.09.25 10:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.09.25 10:57:00 | 2793,529,344 | -HS- | M] () -- C:\hiberfil.sys
[2014.09.25 09:23:22 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.09.24 11:02:23 | 000,002,395 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
[2014.09.22 14:49:06 | 000,442,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.09.22 14:11:47 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.09.22 13:56:33 | 000,001,456 | ---- | M] () -- C:\Users\Admin\Desktop\Goodgame Empire.lnk
[2014.09.22 13:17:44 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2014.09.22 12:57:19 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.09.19 20:14:22 | 000,003,472 | ---- | M] () -- C:\bootsqm.dat
[2014.09.15 13:43:46 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014.09.05 03:52:10 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.09.05 03:47:39 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014.09.25 12:47:57 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014.09.25 12:47:57 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.09.25 11:35:34 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2014.09.22 14:11:47 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014.09.22 14:11:47 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.09.22 13:57:12 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2014.09.22 13:56:33 | 000,001,456 | ---- | C] () -- C:\Users\Admin\Desktop\Goodgame Empire.lnk
[2014.09.22 13:17:44 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2014.09.22 12:56:51 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.09.19 20:14:22 | 000,003,472 | ---- | C] () -- C:\bootsqm.dat
[2014.09.15 12:48:48 | 000,001,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014.06.16 10:40:02 | 000,000,044 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\WB.CFG
[2014.05.17 15:11:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.05.17 15:11:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.05.17 15:11:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.05.17 15:11:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.05.17 15:11:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.09.26 11:32:03 | 000,001,704 | ---- | C] () -- C:\Program Files\Mozilla Firefoxnation-secure-search.xml
[2013.08.24 06:09:44 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.06.19 10:00:40 | 000,007,609 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2013.05.30 13:54:30 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.05.30 13:54:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.05.30 13:54:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.05.30 13:54:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2013.05.30 13:54:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.05.30 13:54:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.05.30 13:54:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.05.30 13:54:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.05.30 13:54:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.05.30 13:54:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.05.30 13:54:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.05.30 13:54:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.05.30 13:54:30 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.05.30 13:54:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.05.30 13:54:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.05.30 13:54:30 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.05.30 13:54:30 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.05.30 13:54:30 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2013.05.30 13:54:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.04.03 10:35:15 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2013.04.02 07:46:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.03.27 19:24:53 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7025.dat
[2013.03.27 13:32:45 | 000,002,395 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
[2013.03.27 09:38:24 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.03.26 23:07:07 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2013.03.26 23:06:32 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2013.03.26 23:06:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2013.03.26 21:54:51 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.03.26 21:52:16 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013.03.26 21:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013.03.26 21:51:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013.03.26 21:51:38 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013.03.26 21:51:37 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2013.03.26 21:51:10 | 000,000,368 | ---- | C] () -- C:\Windows\Brownie.ini
[2013.03.26 10:27:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.03.25 19:34:21 | 003,361,114 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013.03.25 18:33:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.24 14:44:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2012.12.10 15:10:20 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.09.27 03:14:40 | 000,634,880 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2013.09.27 03:11:55 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014.09.22 13:57:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft
[2013.09.02 08:00:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\aborange
[2013.05.29 20:16:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2013.10.29 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
[2013.03.26 23:18:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DataDesign
[2014.09.22 13:02:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Desktopicon
[2014.09.22 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
[2014.09.25 10:50:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2014.04.17 10:46:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.03.25 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER
[2014.08.19 08:29:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hub Timer
[2013.12.17 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IMSI
[2013.12.17 14:08:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IMSIDesign
[2013.03.27 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lexware
[2014.07.18 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\lingenio
[2014.08.22 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nuance
[2013.03.26 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2013.04.04 09:30:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2014.08.19 08:29:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Security Systems
[2014.04.15 14:31:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftMaker
[2014.07.05 11:50:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Systweak
[2013.03.26 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\T-Online
[2014.05.18 19:14:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2013.05.26 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2013.10.29 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TVG
[2013.10.29 16:10:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinFunktion Mathematik 21
[2013.06.13 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zeon
[2013.04.05 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.04.05 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 276 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:A303874F
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:AEC0AC81

< End of report >
         
1.b) OTL-EXTRAS.txt

Code:
ATTFilter
OTL Extras logfile created on: 25.09.2014 13:46:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,47 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 62,02% Memory free
6,94 Gb Paging File | 5,78 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 499,86 Gb Total Space | 374,12 Gb Free Space | 74,85% Space Free | Partition Type: NTFS
Drive D: | 1363,05 Gb Total Space | 1218,75 Gb Free Space | 89,41% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{165CC037-DA1D-4805-8803-ED46D80096F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CF73D49-570A-4E0A-8ED5-DECB2409F057}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BE43557-AB97-422D-8032-274F329D5B65}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5A0BAE72-FBC6-4E58-B86C-0A7784F7CB10}" = rport=138 | protocol=17 | dir=out | app=system | 
"{687E1B24-2E4E-43BA-A373-03F69E4208FF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C969AE1-C7EA-4DB1-B57B-F654FA134398}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F3ABD0F-3077-41A8-86DB-E61A93E96826}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7299A68C-9614-4AFA-9A08-22B1E07E50B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7A22A4BC-E91B-42D6-A421-7E7CC9BF14C3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{91FE2355-52DD-47C6-BFD9-34CC1E35DFB3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9919B716-6397-484E-B2DC-A35BC3779F06}" = lport=59419 | protocol=6 | dir=in | name=windows core service | 
"{C484A55B-F5EA-4DC1-BD4D-F5786CB9B1BD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CE7ABD51-6E46-4EC9-B32C-BD68219772E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2495EC3-0F0E-4B1A-A8AF-06EF62AE8868}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{D32D7A65-A05D-47E7-AE62-5B47730490AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F227A01F-7C99-4A64-B533-571165D3A717}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A87B851-0A0C-4874-8EC7-7DFE847E9443}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{18C2EB7F-C092-4011-9E2F-2C93BA13C5E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{374EC366-1629-451E-AF66-E4F5F2B050A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3CE95E87-0D78-4086-A4A5-A406926BE15F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4818EC96-8027-42D8-AB06-C51C5CB48849}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4A2E22B5-2144-47C0-9189-895CAC2EB442}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | 
"{5A0814F8-4C45-4F65-AC3B-3DB51CDFD9E5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | 
"{5FE061A5-D735-484C-91E5-FCEDB6A94DC2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | 
"{81F25F86-4009-41BF-A93B-B626C1ECAF0F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BB7E7D0B-7536-431B-BD5D-5C845B27906D}" = protocol=17 | dir=in | app=c:\program files\nuance\omnipage18\omnipage18.exe | 
"{CE5FCD7D-7FD9-49E0-AB69-FD09DC519911}" = protocol=6 | dir=in | app=c:\program files\nuance\omnipage18\ppmv.exe | 
"{D30873AB-7285-4574-983D-0A615985439E}" = protocol=6 | dir=in | app=c:\program files\nuance\omnipage18\ereg\ereg.exe | 
"{DF17A24A-C46B-499C-90BF-10D231B535D1}" = protocol=6 | dir=in | app=c:\program files\nuance\omnipage18\omnipage18.exe | 
"{E1EED0EF-22FE-434F-B248-1DC7068079D5}" = protocol=17 | dir=in | app=c:\program files\nuance\omnipage18\ereg\ereg.exe | 
"{E9994122-6D54-4E8B-8CF9-54879057E2A1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | 
"{EBCC8E14-6994-4C83-BD84-55046731B798}" = protocol=17 | dir=in | app=c:\program files\nuance\omnipage18\ppmv.exe | 
"TCP Query User{5E91D3D3-768E-43F8-AA83-DEB774DCA04F}E:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe" = protocol=6 | dir=in | app=e:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe | 
"UDP Query User{2F2068C1-ED06-44FA-A3F1-9F884429979F}E:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe" = protocol=17 | dir=in | app=e:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0351BD86-CC1A-400F-B70D-D8D858E0D5A3}" = Nuance PDF Converter Professional 8
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series" = Canon iP7200 series Printer Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{285D04E2-FCC6-4AAC-B94D-1336EDDD4EF8}" = eM Client
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2C322D9F-8734-4937-8A94-67ED371046B6}" = WinFunktion Mathematik plus 21
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33EA20FB-5389-4938-BA59-2BCD9BB68F41}" = Dragon NaturallySpeaking 13
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4C19650D-1BF8-4459-A904-06FB692B0F8E}" = DDBAC
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52DD1288-FA17-4062-8280-532C89A7E2F2}" = QuickSteuer 2014
"{536D6172-7453-7569-7465-392E38300407}" = Lotus SmartSuite - Deutsch
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68C5B650-B0B1-422F-8451-DFE6BFFB8571}" = Intel® Trusted Connect Service Client
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{7E6CA782-AA41-4E4C-A948-232B7FD82696}" = Nuance PDF Converter Professional 8 Update x86
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7FC74607-ED6E-49C3-87FA-56B50A2EE158}" = Quicken Import Export Server 2012
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BF9FDB-BD5B-407C-9CAE-3542E5164783}" = Lexware Info Service
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{90F50D38-23E4-42AA-8483-75C1D8C546AB}" = Nuance OmniPage 18
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A64DF516-9CDC-4299-BD34-2B2C80CD453B}" = Lexware online banking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 326.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}" = PHOTOfunSTUDIO 9.1 PE
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7025
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{CB719B19-BE9E-4D47-94B1-2FFE656067EE}" = TurboCAD Professional V.15
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.16
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E60036CF-1E46-4DFE-832F-5476574B30FF}" = Quicken DELUXE 2014
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD1C729D-EDD3-4142-8980-7EA36F19D500}" = Alcor Micro USB Card Reader
"7-Zip" = 7-Zip 9.24 alpha
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"CadViewer" = CadViewer 8.5.6b
"Canon iP7200 series On-screen Manual" = Canon iP7200 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"DasTelefonbuch Gelbe Seiten Map & Route" = Das Telefonbuch Gelbe Seiten Map & Route
"DirPrinter_is1" = DirPrinter - Deinstallation
"eGlyphica" = eGlyphica
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressZip" = Express Zip
"FileZilla Client" = FileZilla Client 3.8.0
"Foxy Secure" = Foxy Secure
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 32.0.2 (x86 de)" = Mozilla Firefox 32.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"office wörterbuch pro" = office wörterbuch pro
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Wecker" = PC-Wecker
"TeamViewer 9" = TeamViewer 9
"Totalcmd" = Total Commander (Remove or Repair)
"translate plus 9" = translate plus 9
"VLC media player" = VLC media player 2.1.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2014 04:46:44 | Computer Name = Admin-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.09.2014 04:46:44 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = VSS | ID = 13
Description = 
 
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = VSS | ID = 12292
Description = 
 
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.09.2014 07:36:14 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320,
 Zeitstempel: 0x53739709  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000626e0  ID des fehlerhaften
 Prozesses: 0x14dc  Startzeit der fehlerhaften Anwendung: 0x01cfd89f2788d35e  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\wuauclt.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msvcrt.dll  Berichtskennung: 2766c93b-44a8-11e4-9a29-3085a99aac51
 
Error - 25.09.2014 07:36:19 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320,
 Zeitstempel: 0x53739709  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000200  ID des fehlerhaften
 Prozesses: 0x14dc  Startzeit der fehlerhaften Anwendung: 0x01cfd89f2788d35e  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\wuauclt.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 2a6897d2-44a8-11e4-9a29-3085a99aac51
 
Error - 25.09.2014 07:36:20 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723,
 Zeitstempel: 0x52315a51  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000626e0  ID des fehlerhaften
 Prozesses: 0x67c  Startzeit der fehlerhaften Anwendung: 0x01cfd89ebc3bf76d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll  Berichtskennung: 2b514a37-44a8-11e4-9a29-3085a99aac51
 
Error - 25.09.2014 07:36:24 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723,
 Zeitstempel: 0x52315a51  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000200  ID des fehlerhaften
 Prozesses: 0x67c  Startzeit der fehlerhaften Anwendung: 0x01cfd89ebc3bf76d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 2d8d7ecc-44a8-11e4-9a29-3085a99aac51
 
[ System Events ]
Error - 20.09.2014 02:07:54 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.09.2014 08:05:38 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.09.2014 08:05:38 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.09.2014 08:05:38 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.09.2014 08:05:39 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.09.2014 09:10:10 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.09.2014 06:34:21 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 24.09.2014 06:34:21 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 24.09.2014 06:34:22 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 25.09.2014 04:56:12 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
2.)FRST-LOG

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by Admin (administrator) on ADMIN-PC on 25-09-2014 14:52:05
Running from C:\Users\Admin\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Deutsche Telekom AG, www.t-online.de) C:\Program Files\T-Online\T-Online_Software_6\eMail\Mail.exe
(Deutsche Telekom AG) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
(Deutsche Telekom AG) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
(Deutsche Telekom AG) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
(fun communications GmbH, hxxp://www.fun.de) C:\Program Files\T-Online\T-Online_Software_6\Notifier\Notifier.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Lotus Development Corporation.) D:\lotus\smartctr\smartctr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618160 2011-03-25] (brother)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PDF8 Registry Controller] => C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [SMASH] => C:\Program Files\SoftMaker Office Professional 2012\SMASH.EXE [233507 2011-11-03] (SoftMaker Software GmbH)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Policies\Explorer: [NoDrives] 0x03F8FF03
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\office wörterbuch pro.lnk
ShortcutTarget: office wörterbuch pro.lnk -> C:\Program Files\OWPro\tDictPro.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hores,org
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC968F37F729CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=orgnl&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0A0A0CyDtCzytDyE0AtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StAtDyBtB0E0EyDtCtGyC0FyCtCtGyEyD0AzztGtByByCtDtGyByCyB0A0AtByB0FyEtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0EtBtBtDzztBtGtDtDzz0CtGyEtA0BzytGyC0DzzyDtGyB0D0E0C0F0CtBtDtBtCyDtA2QtN1B1L1H1Ezu1O2U1M1B&cr=1885874306&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.bing.com/search
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Gaaiho PDF Conversion Toolbar Helper -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: about:home
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\user.js
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-08-18]
FF Extension: YouTube Unblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23]
FF Extension: Remove Google Tracking - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-07-15]
FF Extension: S3.Google Translator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\s3google@translator.xpi [2013-12-01]
FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-15]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\extensions\cliqz@cliqz.com
FF Extension: PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox [2013-06-13]

Chrome: 
=======
CHR HomePage: Default -> C4382D7925E387B59AFCF8581998B5BCAD7B869C4BC7A6B9E28750E7C4F89C8A
CHR DefaultSearchKeyword: Default -> speedial.com
CHR DefaultSearchProvider: Default -> Speedial
CHR DefaultSearchURL: Default -> hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=orgnl&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0A0A0CyDtCzytDyE0AtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StAtDyBtB0E0EyDtCtGyC0FyCtCtGyEyD0AzztGtByByCtDtGyByCyB0A0AtByB0FyEtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0EtBtBtDzztBtGtDtDzz0CtGyEtA0BzytGyC0DzzyDtGyB0D0E0C0F0CtBtDtBtCyDtA2QtN1B1L1H1Ezu1O2U1M1B&cr=1885874306&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR CustomProfile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-17] (SUPERAntiSpyware.com)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2014-07-23] (Nuance Communications, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [12928 2009-05-06] (ROCCAT Development, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [351288 2012-12-04] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796216 2012-12-04] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
R2 PMEM; C:\Windows\system32\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-28] (StdLib)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 14:52 - 2014-09-25 14:52 - 00018741 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-09-25 14:51 - 2014-09-25 14:52 - 00000000 ____D () C:\FRST
2014-09-25 14:24 - 2014-09-25 14:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Sun
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-25 14:23 - 2014-09-25 14:25 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\install_flash_player_15_plugin.exe
2014-09-25 14:16 - 2014-09-25 14:21 - 29421992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-7u67-windows-i586.exe
2014-09-25 13:51 - 2014-09-25 13:51 - 00093766 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-09-25 13:51 - 2014-09-25 13:51 - 00056162 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-09-25 13:39 - 2014-09-25 13:39 - 05579290 _____ (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-09-25 13:38 - 2014-09-25 13:38 - 01098240 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-09-25 13:37 - 2014-09-25 13:37 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-09-25 12:47 - 2014-09-25 12:47 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-25 12:47 - 2014-09-25 12:47 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-25 11:39 - 2014-05-17 15:15 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140925-113959.backup
2014-09-25 11:35 - 2014-09-25 11:35 - 00000110 _____ () C:\Windows\wininit.ini
2014-09-25 10:23 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller(1).zip
2014-09-25 10:22 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip
2014-09-23 20:40 - 2014-09-23 20:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-09-22 14:37 - 2014-09-22 14:55 - 00004158 _____ () C:\Windows\IE11_main.log
2014-09-22 14:25 - 2014-09-22 14:30 - 37059280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-09-22 14:11 - 2014-09-25 11:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-22 14:11 - 2014-09-22 14:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2014-09-22 14:11 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-22 13:57 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-22 13:57 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-09-22 13:56 - 2014-09-22 13:56 - 00001456 _____ () C:\Users\Admin\Desktop\Goodgame Empire.lnk
2014-09-22 13:56 - 2014-09-22 13:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 13:55 - 2014-09-22 13:55 - 01101648 _____ () C:\Users\Admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-09-22 13:17 - 2014-09-22 13:17 - 00002007 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Calculator Plus
2014-09-22 12:56 - 2014-09-25 09:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 12:56 - 2014-09-22 12:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-22 12:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 20:14 - 2014-09-19 20:14 - 00003472 ____N () C:\bootsqm.dat
2014-09-19 12:52 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-15 13:44 - 2014-09-25 10:57 - 00002744 _____ () C:\Windows\setupact.log
2014-09-15 13:44 - 2014-09-25 10:56 - 00031720 _____ () C:\Windows\PFRO.log
2014-09-15 13:44 - 2014-09-15 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-15 13:11 - 2014-09-15 13:11 - 00000000 ____D () C:\ProgramData\Corel
2014-09-15 12:09 - 2014-09-15 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Axialis
2014-09-15 12:09 - 2014-09-15 12:09 - 00000000 ____D () C:\Program Files\My Company Name
2014-09-11 19:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 08:41 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 08:41 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 08:41 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 08:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 12:42 - 2014-09-08 12:42 - 00000000 ____D () C:\Users\Admin\cityguide
2014-08-31 19:50 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 19:50 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 14:52 - 2014-09-25 14:52 - 00018741 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-09-25 14:52 - 2014-09-25 14:51 - 00000000 ____D () C:\FRST
2014-09-25 14:49 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:49 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:33 - 2013-03-26 23:10 - 00000000 ____D () C:\Program Files\Java
2014-09-25 14:32 - 2014-09-19 12:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 14:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-25 14:27 - 2013-03-26 11:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 14:27 - 2013-03-26 11:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 14:27 - 2013-03-26 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 14:25 - 2014-09-25 14:23 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\install_flash_player_15_plugin.exe
2014-09-25 14:24 - 2014-09-25 14:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Sun
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-25 14:24 - 2013-03-26 23:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 14:21 - 2014-09-25 14:16 - 29421992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-7u67-windows-i586.exe
2014-09-25 14:18 - 2013-03-26 09:56 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 13:51 - 2014-09-25 13:51 - 00093766 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-09-25 13:51 - 2014-09-25 13:51 - 00056162 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-09-25 13:39 - 2014-09-25 13:39 - 05579290 _____ (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-09-25 13:38 - 2014-09-25 13:38 - 01098240 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-09-25 13:37 - 2014-09-25 13:37 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-09-25 13:36 - 2013-03-25 16:51 - 02037007 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 12:47 - 2014-09-25 12:47 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-25 12:47 - 2014-09-25 12:47 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-25 12:07 - 2013-03-26 09:56 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 11:36 - 2014-09-22 14:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-25 11:35 - 2014-09-25 11:35 - 00000110 _____ () C:\Windows\wininit.ini
2014-09-25 11:03 - 2013-03-25 17:03 - 01627394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 10:57 - 2014-09-15 13:44 - 00002744 _____ () C:\Windows\setupact.log
2014-09-25 10:57 - 2014-05-17 11:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-25 10:57 - 2014-02-10 17:46 - 00000300 _____ () C:\Windows\Tasks\YPTPNWTTU.job
2014-09-25 10:57 - 2013-03-26 21:51 - 00000368 _____ () C:\Windows\Brownie.ini
2014-09-25 10:57 - 2013-03-25 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 10:57 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:56 - 2014-09-15 13:44 - 00031720 _____ () C:\Windows\PFRO.log
2014-09-25 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-09-25 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-25 10:50 - 2014-07-18 13:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2014-09-25 10:23 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller(1).zip
2014-09-25 10:23 - 2014-09-25 10:22 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip
2014-09-25 09:23 - 2014-09-22 12:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 12:43 - 2013-03-27 12:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 11:02 - 2013-03-27 13:32 - 00002395 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2014-09-23 20:40 - 2014-09-23 20:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-09-23 20:38 - 2013-12-28 13:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nero
2014-09-22 15:10 - 2014-08-16 11:56 - 00000000 ____D () C:\Program Files\Unlocker
2014-09-22 14:55 - 2014-09-22 14:37 - 00004158 _____ () C:\Windows\IE11_main.log
2014-09-22 14:50 - 2013-03-25 19:33 - 00127912 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 14:49 - 2009-07-14 06:33 - 00442920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 14:45 - 2013-03-26 09:56 - 00000000 ____D () C:\Program Files\Google
2014-09-22 14:30 - 2014-09-22 14:25 - 37059280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-09-22 14:15 - 2014-09-22 14:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2014-09-22 14:11 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-22 13:56 - 2014-09-22 13:56 - 00001456 _____ () C:\Users\Admin\Desktop\Goodgame Empire.lnk
2014-09-22 13:56 - 2014-09-22 13:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 13:55 - 2014-09-22 13:55 - 01101648 _____ () C:\Users\Admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-09-22 13:17 - 2014-09-22 13:17 - 00002007 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Calculator Plus
2014-09-22 13:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-22 13:02 - 2014-08-16 11:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Desktopicon
2014-09-22 12:57 - 2014-09-22 12:56 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 12:57 - 2014-09-22 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 12:57 - 2014-09-22 12:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-22 09:45 - 2013-04-03 21:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-09-19 20:14 - 2014-09-19 20:14 - 00003472 ____N () C:\bootsqm.dat
2014-09-19 19:17 - 2013-11-18 20:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-15 13:44 - 2014-09-15 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-15 13:43 - 2014-04-22 12:50 - 00327680 _____ () C:\Windows\system32\Ikeext.etl
2014-09-15 13:12 - 2013-03-26 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
2014-09-15 13:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-15 13:11 - 2014-09-15 13:11 - 00000000 ____D () C:\ProgramData\Corel
2014-09-15 12:40 - 2014-08-21 20:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-09-15 12:10 - 2014-09-15 12:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Axialis
2014-09-15 12:09 - 2014-09-15 12:09 - 00000000 ____D () C:\Program Files\My Company Name
2014-09-13 19:25 - 2013-04-30 11:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-09-12 12:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:21 - 2014-08-21 20:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 19:21 - 2014-08-14 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 19:15 - 2014-08-22 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:15 - 2013-03-25 21:08 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 18:23 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\Admin\Documents\SoftMaker
2014-09-08 12:42 - 2014-09-08 12:42 - 00000000 ____D () C:\Users\Admin\cityguide
2014-09-08 12:42 - 2013-03-25 17:02 - 00000000 ____D () C:\Users\Admin
2014-09-05 03:52 - 2014-09-11 08:41 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 08:41 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {dffda71b-955a-11e2-a4db-94c68b5bf63b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {dffda71d-955a-11e2-a4db-94c68b5bf63b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {dffda71b-955a-11e2-a4db-94c68b5bf63b}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {dffda71d-955a-11e2-a4db-94c68b5bf63b}
device                  ramdisk=[C:]\Recovery\dffda71d-955a-11e2-a4db-94c68b5bf63b\Winre.wim,{dffda71e-955a-11e2-a4db-94c68b5bf63b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\dffda71d-955a-11e2-a4db-94c68b5bf63b\Winre.wim,{dffda71e-955a-11e2-a4db-94c68b5bf63b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {dffda71b-955a-11e2-a4db-94c68b5bf63b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {dffda71e-955a-11e2-a4db-94c68b5bf63b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\dffda71d-955a-11e2-a4db-94c68b5bf63b\boot.sdi



LastRegBack: 2014-09-16 13:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 25.09.2014, 17:14   #2
candelaver
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



2.a) FRST-ADDITIONAL.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by Admin at 2014-09-25 14:52:26
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.24 alpha (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 3.10.142.72249 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 3.10.142.72249 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Brother MFL-Pro Suite DCP-7025 (HKLM\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CadViewer 8.5.6b (HKLM\...\CadViewer) (Version: 8.5.6b - Tailor Made Software)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Das Telefonbuch Gelbe Seiten Map & Route (HKLM\...\DasTelefonbuch Gelbe Seiten Map & Route) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DDBAC (HKLM\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirPrinter - Deinstallation (HKLM\...\DirPrinter_is1) (Version: 8.70 - Mathias Gerlach [aborange.de])
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
eGlyphica (HKLM\...\eGlyphica) (Version:  - )
eM Client (Version: 3.5.12101.0 - SoftMaker Software GmbH) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Express Zip (HKLM\...\ExpressZip) (Version:  - NCH Software)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (Version: 7.1.13900.47.0 - Nero AG) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lexware Info Service (HKLM\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
LightScribe System Software (HKLM\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Lotus SmartSuite - Deutsch (HKLM\...\{536D6172-7453-7569-7465-392E38300407}) (Version: 9.8.0 - Lotus Development Corporation)
LUMIX Map Tool (HKLM\...\InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}) (Version: 1.1.0 - Panasonic Corporation)
LUMIX Map Tool (Version: 1.1.0 - Panasonic Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.2.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 10.5.10300 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nuance OmniPage 18 (HKLM\...\{90F50D38-23E4-42AA-8483-75C1D8C546AB}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM\...\{0351BD86-CC1A-400F-B70D-D8D858E0D5A3}) (Version: 8.10.3214 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
office wörterbuch pro (HKLM\...\office wörterbuch pro) (Version:  - Lingenio GmbH)
Philips Flat Panel Adjust (HKLM\...\{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}) (Version:  - )
PHOTOfunSTUDIO 9.1 PE (HKLM\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation)
Quicken 2012 (HKLM\...\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}) (Version: 19.36.00.0165 - Haufe-Lexware GmbH & Co.KG)
Quicken DELUXE 2014 (HKLM\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server 2012 (HKLM\...\{7FC74607-ED6E-49C3-87FA-56B50A2EE158}) (Version: 19.30.00.0134 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SoftMaker Office Professional 2012 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.1301 - SoftMaker Software GmbH)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tinypic 3.16 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.16 - E. Fiedler)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
translate plus 9 (HKLM\...\translate plus 9) (Version: 9 - Lingenio GmbH, Heidelberg)
TurboCAD Professional V.15 (HKLM\...\{CB719B19-BE9E-4D47-94B1-2FFE656067EE}) (Version: 15.1.1 - IMSI Design)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinFunktion Mathematik plus 21 (HKLM\...\{2C322D9F-8734-4937-8A94-67ED371046B6}) (Version: 21.00.0000 - bhv Publishing GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{016D58C4-CF57-48A8-89CB-B8D9537DA2CC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\FoundationPlan.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{02689F7F-4026-4D10-BD25-E577709C4C2E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Bolt3D.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B4CA0}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B7456}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\Presentations.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{03457507-D762-4025-8284-E9D3C8DBBD12}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\SectionToPathTie.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{06221C84-52D5-4A4E-A337-2BF8951D4B59}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Fillet3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0B91E172-6025-4EBD-A0A2-34552C05F100}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TextBox.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0D818D11-C218-4799-AE9D-FCD1811B978A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\OffsetPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{14F2A484-4F52-4DB5-9EC4-E97E92131E58}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Nut3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ScetchTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{1CC3991A-01EF-4337-AA69-2818FFA4C869}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\DatumRef.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2017F29F-68F4-11D5-B9BF-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\SpiralTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ObjectTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2C6D5BE5-4817-41C9-B28E-77CB857919D1}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\Fillet3D_Tie.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2F015029-FB7C-11D1-B8AC-000021452DB6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\InsSmObj.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{399254F2-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{399254F3-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{443E0383-3F0F-4ABF-93B8-885915F56C6F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\JointPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{45232FA2-65A2-11D2-8C4A-00403338C504}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\RRectA.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\SmartHatch.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{4A2B29CC-5A9B-4B51-9A0A-F63DA8A72C78}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Conn.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{4A5C2474-D597-48D4-A14A-3A13BC663BB9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\DatumTarget.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{5153A083-1A0E-4146-8DBB-50982700BF7E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\ScheduleIntoBlock.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{53BDCB5D-E113-4E5B-9B40-3B4D2B07DC28}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\BoltNut.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TCImage.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCImageTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{607CAF95-75AC-4C59-9E18-574DC62DB509}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Fillet3D_Tool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{642011BD-CFB0-4927-9C00-70BADAA0B5B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCToler.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A3A61A2-D373-4B31-8164-263601C79016}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCRougness.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\ImsigxPS15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\RevisionCloud.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{71CA2F31-B56D-4CAC-BA97-EDB14712A14A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\InsertExternalSymbol.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{71E21C97-83FB-4242-8997-A52627FFEFF9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCWeldSm.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{75F17666-0783-4450-A649-2B434C1EBB34}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\PickInside.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\DimensionTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7724BB36-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Rrect.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7724BB46-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\MfcSplin.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{784DEF17-17F1-4335-8B3C-7E4C2D2DF6A2}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\texture.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8188189D-6F33-48f2-B54B-936205216521}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\DCMMarkTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{869A07B5-AA8A-4504-B701-754FBAECC26D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\MarkerHouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{89E2E072-2AF3-414A-B2C5-CD75CB6B44DD}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\ToolTextAlong.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8a087491-5264-11d4-95F6-00A0CC3CCA14}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8FBFFBB2-64D0-4318-BD07-561CC8EE2084}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\AutoDimHouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ViewportTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{92454481-8DB8-4C5D-9F8F-1897A30E49C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Nut.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{99D040C9-BC79-44E2-BEC1-DE3636FA0320}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\ChainPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{ABEE7F9B-1215-4878-8F01-F0BAF4F211F7}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Pipe_Tool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\PalTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C1F35EEC-4BD8-4C2C-8BCF-6066EA37B6C3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\PlaneParameters.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C347BEE4-90D9-4641-A5BC-8B8982846576}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\SectOnPathTool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C47C48C1-0F15-41BA-AE68-23AB59A005F9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Welding.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C5AA19CF-2F1A-42A3-886F-682FDAEF585A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Hole.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCTrnTools.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{CA182404-11E8-4796-B378-C105225C2931}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TextAlong.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{CD092BC1-5EC8-4AC9-9F2C-DAAE1FA85B4A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\CurveTextTie.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D2446BEB-A633-4653-8BB7-F9F77DEAE2ED}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\WindowHouse.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D4BEEB62-37D5-4FD3-8EAB-5B972F37EFB3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Thread3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\CompoundProfileTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D8ADC55B-2CF1-45BC-8426-2685E150E89B}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Roundrect.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E06FAB40-6649-11D1-8090-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\BasicMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E06FAB41-6649-11D1-8090-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\BasicMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E5151088-1C1D-47B9-887A-FCFEA8700C95}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCmark.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E830E884-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\FPBridgeTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E830E887-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\FPBridgeTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E89833D1-0A9B-4EA2-B8E6-372353FFC763}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\GearContour.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{EC2CD23E-C474-476B-AA44-7C4C0D023D97}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Gear.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F2567097-FBF4-4394-AC80-6EF0DA719E0F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Cable.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F335199D-8E62-42E3-9F40-8A2459EA5576}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Screw.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F5125F6F-A84D-4830-AD78-A13E03B64185}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\BPMngr.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F6B5662B-3540-4923-937A-3BC8D9CAE568}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\doorhouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F6F41304-02C7-43B1-99DE-FDC3DBFA3C56}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\NorthDirection.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F792E5D4-834F-4BE5-9BA1-7397781858D2}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCFile.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{FF6C0583-D8E3-43D5-BA0F-C7E3B48AF741}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\CoordText.dll (IMSI)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-25 11:39 - 00449906 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DEFEBC0-3531-490E-960F-5D0C05077193} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {2A69DACE-19E8-4EDB-882A-35BC64D28B74} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {32EE17D5-5D99-4407-8A23-0FDC52D29BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {553E93F7-414E-4C31-83EA-275EA0C75684} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Task: {66E0184F-7CDA-45F9-9B18-617B0C22E76E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {67119E79-4948-43ED-B906-00E313203165} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: {6A5714B3-F27E-43D3-8C49-93B3323B0D57} - System32\Tasks\YPTPNWTTU => Rundll32.exe "C:\Windows\system32\djoinj.dll",QAFQR
Task: {75BAB807-71F2-43B0-89F5-AD3BA417B57A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7A5B94AF-4F56-4126-AE3A-8C848B426274} - System32\Tasks\{4F959E81-8C1D-4DCE-A2A3-3C8041FDA9F8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {8BABF4E0-C505-4147-A3A0-ED8A17EFEF76} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {9B5F08AC-DB5D-4878-B41B-3F6656C69BB3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ADA89144-585E-4EE5-A522-B899272C44BC} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
Task: {D45B5DCD-A3AC-46B7-A591-276B8A19AB5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {DB48DFC8-AA54-48BF-9E95-052CBDF23402} - System32\Tasks\{54B31717-8D0D-48CA-B69F-68FF16C0D0E2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {DD7B0623-53EC-437F-A779-CA643E28DD0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {EBBEEA6D-DAF5-4C8F-A09A-5A47DECF4475} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\YPTPNWTTU.job => C:\Windows\system32\djoinj.dll

==================== Loaded Modules (whitelisted) =============

2013-03-25 19:34 - 2013-09-12 08:28 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-08-19 08:28 - 2014-07-30 13:07 - 02243072 _____ () C:\Users\Admin\AppData\LocalLow\Internet Explorer BHO\bho.dll
2014-09-22 14:11 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-22 14:11 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-25 20:37 - 2013-04-25 20:37 - 00082944 _____ () C:\Program Files\NCH Software\ExpressZip\ezcm.dll
2013-03-26 23:06 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2014-09-22 14:11 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-22 14:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-22 14:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-22 16:05 - 2014-07-09 08:48 - 00143360 _____ () C:\Program Files\T-Online\T-Online_Software_6\eMail\LIBEXPAT.dll
2014-04-22 16:05 - 2005-07-20 12:34 - 00700497 _____ () C:\Program Files\T-Online\T-Online_Software_6\Notifier\libcurl.dll
2014-04-22 16:05 - 2004-04-16 15:45 - 00143360 _____ () C:\Program Files\T-Online\T-Online_Software_6\Notifier\libexpat.dll
2013-03-25 19:33 - 2013-01-23 23:57 - 01199576 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2002-07-23 19:36 - 2002-07-23 19:36 - 00012288 _____ () D:\lotus\smartctr\ldauto.dll
2014-09-19 12:52 - 2014-09-19 12:52 - 03734640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bupService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TVGOnlineUpdateSvc => 2
MSCONFIG\Services: Update ResultsAlpha => 2
MSCONFIG\Services: Util ResultsAlpha => 2
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk => C:\Windows\pss\Lotus SmartCenter.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 01:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723, Zeitstempel: 0x52315a51
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000200
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (09/25/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723, Zeitstempel: 0x52315a51
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626e0
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (09/25/2014 01:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320, Zeitstempel: 0x53739709
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000200
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xwuauclt.exe0
Pfad der fehlerhaften Anwendung: wuauclt.exe1
Pfad des fehlerhaften Moduls: wuauclt.exe2
Berichtskennung: wuauclt.exe3

Error: (09/25/2014 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320, Zeitstempel: 0x53739709
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626e0
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xwuauclt.exe0
Pfad der fehlerhaften Anwendung: wuauclt.exe1
Pfad des fehlerhaften Moduls: wuauclt.exe2
Berichtskennung: wuauclt.exe3

Error: (09/25/2014 10:47:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe ; Beschreibung = Revo Uninstaller's restore point - TuneUp Utilities 2013; Fehler = 0x80042302).

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/25/2014 10:46:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe ; Beschreibung = Revo Uninstaller's restore point - TuneUp Utilities 2013; Fehler = 0x80042302).

Error: (09/25/2014 10:46:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.


System errors:
=============
Error: (09/25/2014 10:56:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/24/2014 00:34:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (09/24/2014 00:34:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (09/24/2014 00:34:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (09/22/2014 03:10:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/22/2014 02:05:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (09/22/2014 02:05:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (09/22/2014 02:05:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (09/22/2014 02:05:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{B6C292BC-7C88-41EE-8B54-8EC92617E599}

Error: (09/20/2014 08:07:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (09/25/2014 01:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.272352315a51unknown0.0.0.000000000c00000050000020067c01cfd89ebc3bf76dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeunknown2d8d7ecc-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.272352315a51msvcrt.dll7.0.7601.177444eeaf722c0000005000626e067c01cfd89ebc3bf76dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\msvcrt.dll2b514a37-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wuauclt.exe7.6.7600.32053739709unknown0.0.0.000000000c00000050000020014dc01cfd89f2788d35eC:\Windows\system32\wuauclt.exeunknown2a6897d2-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wuauclt.exe7.6.7600.32053739709msvcrt.dll7.0.7601.177444eeaf722c0000005000626e014dc01cfd89f2788d35eC:\Windows\system32\wuauclt.exeC:\Windows\system32\msvcrt.dll2766c93b-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 10:47:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe Revo Uninstaller's restore point - TuneUp Utilities 20130x80042302

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/25/2014 10:46:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe Revo Uninstaller's restore point - TuneUp Utilities 20130x80042302

Error: (09/25/2014 10:46:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 48%
Total physical RAM: 3552.16 MB
Available physical RAM: 1822.12 MB
Total Pagefile: 7102.6 MB
Available Pagefile: 5362.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:499.86 GB) (Free:431.12 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1363.05 GB) (Free:1218.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5FB4569E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=499.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1363.1 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
3.)ESET-SCANLOG.txt
Code:
ATTFilter
C:\$RECYCLE.BIN\S-1-5-21-1720512716-2150718686-1536730020-1000\$RUO4OHF.exe	Win32/SearchPlugin.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir	Win32/BrowseFox.C evtl. unerwünschte Anwendung
C:\Users\Admin\AppData\Local\temp\D9723D12-BAB0-7891-80C1-E5D2206A503E\Latest\IEHelper.dll	Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung
C:\Users\Admin\AppData\Local\temp\ECA6FE74-BAB0-7891-BE63-A5453EDA674B\Latest\IEHelper.dll	Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung
C:\Users\Admin\Downloads\PC_Wecker_by_IP-MAN_v4.00_CB-DL-Manager.exe	Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung
C:\Users\Admin\Downloads\ReimageRepair.exe	Win32/SearchPlugin.A evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 1.zip	Variante von Win32/Complitly.A evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 13.zip	Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 14.zip	Variante von Win32/FirseriaInstaller.F evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 2.zip	Win32/Conduit.SearchProtect.K evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 3.zip	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 40.zip	Win32/Ponmocup.AA Trojaner
         
[B]4.) Combofix-LOG
In Bezug auf ähnliche bzw. gleiche Funde zu Ponmocup.aa Trojan, habe ich COMBIFIX, wie dort eingesetzt.[/B

Code:
ATTFilter
ComboFix 14-09-22.01 - Admin 25.09.2014  15:13:27.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3552.2281 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Desktopicon
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-25 bis 2014-09-25  ))))))))))))))))))))))))))))))
.
.
2014-09-25 13:17 . 2014-09-25 13:17	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2014-09-25 13:17 . 2014-09-25 13:17	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-09-25 13:17 . 2014-09-25 13:17	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-09-25 13:17 . 2014-09-25 13:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-25 12:51 . 2014-09-25 12:52	--------	d-----w-	C:\FRST
2014-09-25 12:24 . 2014-09-25 12:24	--------	d-----w-	c:\program files\Common Files\Java
2014-09-25 12:24 . 2014-09-25 12:24	--------	d-----w-	c:\programdata\Oracle
2014-09-25 12:24 . 2014-09-25 12:24	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-09-23 18:40 . 2014-09-23 18:40	--------	d-----w-	c:\programdata\LightScribe
2014-09-22 12:11 . 2014-09-25 13:10	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-09-22 12:11 . 2014-09-25 13:10	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-09-22 11:57 . 2014-09-22 11:57	--------	d-----w-	c:\users\Admin\AppData\Local\Abelssoft
2014-09-22 11:57 . 2014-09-22 11:57	--------	d-----w-	c:\users\Admin\AppData\Roaming\Abelssoft
2014-09-22 11:57 . 2014-09-22 11:57	--------	d-----w-	c:\programdata\XDMessagingv4
2014-09-22 11:57 . 2011-05-13 10:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2014-09-22 11:57 . 2011-03-25 18:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
2014-09-22 11:56 . 2014-09-22 11:56	--------	d-----w-	c:\users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 11:17 . 2014-09-22 11:17	--------	d-----w-	c:\program files\Common Files\LightScribe
2014-09-22 11:16 . 2014-09-22 11:16	--------	d-----w-	c:\program files\Microsoft Calculator Plus
2014-09-22 10:56 . 2014-09-25 07:23	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-22 10:56 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-22 10:56 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-22 10:56 . 2014-05-12 05:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-22 10:56 . 2014-09-22 10:57	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-09-15 11:11 . 2014-09-15 11:11	--------	d-----w-	c:\programdata\Corel
2014-09-15 10:09 . 2014-09-15 10:10	--------	d-----w-	c:\users\Admin\AppData\Local\Axialis
2014-09-15 10:09 . 2014-09-15 10:09	--------	d-----w-	c:\program files\My Company Name
2014-09-11 17:21 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-11 06:42 . 2014-07-07 01:40	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-11 06:42 . 2014-07-07 01:40	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-09-11 06:41 . 2014-08-01 11:35	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-11 06:41 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-11 06:41 . 2014-09-05 01:52	445952	----a-w-	c:\windows\system32\aepdu.dll
2014-09-11 06:41 . 2014-09-05 01:47	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-09-08 10:42 . 2014-09-08 10:42	--------	d-----w-	c:\users\Admin\cityguide
2014-08-31 17:50 . 2014-08-23 01:46	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-31 17:50 . 2014-08-23 00:42	2352640	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 12:27 . 2013-03-26 09:40	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 12:27 . 2013-03-26 09:40	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 02:46 . 2014-08-21 21:18	2048	----a-w-	c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-21 21:58	654336	----a-w-	c:\windows\system32\rpcrt4.dll
2014-06-30 22:14 . 2014-08-21 19:28	8856	----a-w-	c:\windows\system32\icardres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{609C0837-8DD3-4F9B-AAC5-446F36BC0353}]
2014-07-23 14:54	613952	----a-w-	c:\program files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMASH"="c:\program files\SoftMaker Office Professional 2012\SMASH.EXE" [2011-11-03 233507]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-09-16 6690072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2012-07-02 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2011-03-25 3618160]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856]
"PDF8 Registry Controller"="c:\program files\Nuance\PDF Professional 8\RegistryController.exe" [2012-10-23 178576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-26 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
office wörterbuch pro.lnk - c:\program files\OWPro\tDictPro.exe [2014-7-18 438272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
backup=c:\windows\pss\Lotus SmartCenter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"=c:\programdata\FLEXnet\Connect\11\ISUSPM.exe -scheduler
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking13\Ereg.ini"
"Nuance PDF Converter Professional 8-reminder"="c:\program files\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"CanonQuickMenu"=c:\program files\Canon\Quick Menu\CNQMMAIN.EXE /logon
"OmniPage Preload"=c:\program files\Nuance\OmniPage18\OmniPage.exe /preload
"PDFProHook"="c:\program files\Nuance\PDF Professional 8\pdfpro8hook.exe"
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
.
R3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [2009-05-06 12928]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 627744]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R4 TVGOnlineUpdateSvc;TVG OnlineUpdate-Service;c:\program files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [2010-12-14 398128]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-04-28 42272]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 wStLibG;wStLibG;c:\windows\system32\drivers\wStLibG.sys [2014-03-28 52928]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-17 142648]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2012-03-19 514128]
S2 DragonLoggerService;Dragon Logger service;c:\program files\Common Files\Nuance\loggerservice.exe [2014-07-23 137280]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2014-07-23 339008]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-12-10 583680]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-01-23 169432]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-09-11 414496]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 28144]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-12-04 351288]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-12-04 796216]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2013-01-23 56432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 13:40	453736	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-26 12:27]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 07:56]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 07:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.hores,org
uDefault_Search_URL = hxxp://www.google.com
mStart Page = www.google.com
mSearch Bar = hxxp://www.google.com
IE: Mit Nuance PDF Converter 8 öffnen - c:\program files\Nuance\PDF Professional 8\cnvres_ger.dll /100
IE: Mit PDF Professional 8 öffnen - c:\program files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\
FF - prefs.js: browser.search.selectedEngine - Speedial
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: security.mixed_content.block_active_content - false
FF - user.js: security.mixed_content.block_display_content - false
FF - user.js: app.update.staging.enabled - true
FF - user.js: app.update.interval - 31536000
FF - user.js: app.update.idletime - 31536000
FF - user.js: browser.search.update - false
FF - user.js: browser.search.update.interval - 31536000
FF - user.js: app.update.channel - default
FF - user.js: extensions.getAddons.cache.enabled - false
FF - user.js: app.update.download.backgroundInterval - 31536000
FF - user.js: browser.safebrowsing.appRepURL - 
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-25  15:17:50
ComboFix-quarantined-files.txt  2014-09-25 13:17
ComboFix2.txt  2014-05-17 13:16
.
Vor Suchlauf: 13 Verzeichnis(se), 463.318.568.960 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 463.267.160.064 Bytes frei
.
- - End Of File - - E8CC7651549F78DC40BCE16272D32A22
A36C5E4F47E84449FF07ED3517B43A31
         
__________________


Alt 25.09.2014, 18:13   #3
M-K-D-B
/// TB-Ausbilder
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Klar kann man den PC retten, "Ponmocup" ist vergleichsweise einfach zu entfernen. Da ist auch noch Einiges an Adware drauf, das entfernen wir auch gleich noch.


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {6A5714B3-F27E-43D3-8C49-93B3323B0D57} - System32\Tasks\YPTPNWTTU => Rundll32.exe "C:\Windows\system32\djoinj.dll",QAFQR
Task: C:\Windows\Tasks\YPTPNWTTU.job => C:\Windows\system32\djoinj.dll
C:\Windows\system32\djoinj.dll
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.
__________________
__________________

Geändert von M-K-D-B (25.09.2014 um 18:19 Uhr)

Alt 26.09.2014, 11:31   #4
candelaver
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



1.)FRST - FIXLOG
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-09-2014 01
Ran by Admin at 2014-09-25 19:34:52 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {6A5714B3-F27E-43D3-8C49-93B3323B0D57} - System32\Tasks\YPTPNWTTU => Rundll32.exe "C:\Windows\system32\djoinj.dll",QAFQR
Task: C:\Windows\Tasks\YPTPNWTTU.job => C:\Windows\system32\djoinj.dll
C:\Windows\system32\djoinj.dll
end
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A5714B3-F27E-43D3-8C49-93B3323B0D57}" => Key not found.
C:\Windows\System32\Tasks\YPTPNWTTU not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YPTPNWTTU" => Key not found.
C:\Windows\Tasks\YPTPNWTTU.job not found.
"C:\Windows\system32\djoinj.dll" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
2.)ADWCLEANER LOG

Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 19:50:06
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Internet Explorer BHO
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\Admin\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\user.js
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\prefs.js ]


[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd

*************************

AdwCleaner[R0].txt - [9028 octets] - [15/05/2014 12:50:15]
AdwCleaner[R1].txt - [2760 octets] - [25/09/2014 19:46:33]
AdwCleaner[S0].txt - [6458 octets] - [15/05/2014 12:51:07]
AdwCleaner[S1].txt - [2681 octets] - [25/09/2014 19:50:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2741 octets] ##########
         
3.) MBAM-LOG
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.09.2014
Suchlauf-Zeit: 20:07:11
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.25.09
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346266
Verstrichene Zeit: 5 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
ZOEK-LOG
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 26-09-2014
Tool run by Admin on 26.09.2014 at 10:26:34,32.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

26.09.2014 10:28:11 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1720512716-2150718686-1536730020-1000\Software\Mozilla\Firefox\Extensions\cliqz@cliqz.com deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer\prefs.js:
user_pref("browser.newtab.url", "");

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\prefs.js:
user_pref("browser.search.selectedEngine", "Speedial");

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename", "Speedial");
user_pref("browser.search.selectedEngine", "Speedial");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\prefs.js:

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer\prefs.js:
user_pref("browser.startup.homepage", );

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1028_.backup

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1028_.backup

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1028_.backup

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1028_.backup

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer
- Undetermined - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.1.12
- PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox
- PDF Converter - %ProfilePath%\extensions\nuance@pdf8
- Newssitter - News Sidebar und Feed Reader RSS - %ProfilePath%\extensions\newssitter@seematrix.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\Admin
- Undetermined - %ProfilePath%\extensions\staged

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default
- PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox
- PDF Converter - %ProfilePath%\extensions\nuance@pdf8
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- YouTube Unblocker - %ProfilePath%\extensions\youtubeunblocker@unblocker.yt
- Remove Google Tracking - %ProfilePath%\extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default
DFC9460CC37E5C414DC4680B10C19E7A	- C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll -	Shockwave Flash
14D06C3796CE3F6BA8F43CDF3AD65D76	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B	- C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -	Java Deployment Toolkit 7.0.670.1
005EBE4A4E6E9C9A7967F6C3F413C1DF	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
421CB2C1010522B3BF7C00725520B844	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
92F6DAA7027F121F6FFC70ED4D0F361F	- C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll -	Dragon NaturallySpeaking Plugin
FB5621842FDABF9F8359775573498FBC	- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll -	Google Update
893BF7D2261C56C24F813405D9D018E0	- C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -	Silverlight Plug-In
24B57188208F9326F2AF8B2EAD6967A7	- C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -	QuickTime Plug-in 7.7.3
79015395CD86C12A7BF696F14C04191C	- C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -	QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.3
C1FD5EE5FD1F65CE223A5C3AE846DDF6	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.3
0CA4180B21C6B728578F3B0433BB740E	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
5B92CB0A3EEE50F6B9AE036B4F9B0F0C	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
69A1B3AA556C3A47D4D0BF7DBE233853	- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -	NVIDIA 3D Vision
A369F6B5C9482F82CEC07E1F5AB01464	- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -	NVIDIA 3D VISION
584D2AC33EE1467572F9C8A1A36AB781	- C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll -	Gaaiho Doc
584D2AC33EE1467572F9C8A1A36AB781	- C:\Program Files\Nuance\PDF Professional 8\Bin\nppdf.dll -	Gaaiho Doc
3239619A441E23A20EC923DF92FF2D70	- C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll -	CANON iMAGE GATEWAY Album Plugin Utility for IJ
8DA2ED6B04EA33F2EAE8BA883F903729	- C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -	Microsoft® Silverlight


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Default_Page_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="hxxp://www.google.com"
"Start Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Start Page"="hxxp://www.google.com"
"Start Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=0 58056 bytes)

==== EOF on 26.09.2014 at 10:30:06,50 ======================
         
FRST-LOG

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by Admin (administrator) on ADMIN-PC on 26-09-2014 10:34:48
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618160 2011-03-25] (brother)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PDF8 Registry Controller] => C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165552 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [SMASH] => C:\Program Files\SoftMaker Office Professional 2012\SMASH.EXE [233507 2011-11-03] (SoftMaker Software GmbH)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\office wörterbuch pro.lnk
ShortcutTarget: office wörterbuch pro.lnk -> C:\Program Files\OWPro\tDictPro.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC968F37F729CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Gaaiho PDF Conversion Toolbar Helper -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-08-18]
FF Extension: YouTube Unblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23]
FF Extension: Remove Google Tracking - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-07-15]
FF Extension: S3.Google Translator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\s3google@translator.xpi [2013-12-01]
FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-15]
FF Extension: PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox [2013-06-13]

Chrome: 
=======
CHR CustomProfile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-17] (SUPERAntiSpyware.com)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2014-07-23] (Nuance Communications, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
S4 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [12928 2009-05-06] (ROCCAT Development, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [351288 2012-12-04] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796216 2012-12-04] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
R2 PMEM; C:\Windows\system32\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-28] (StdLib)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 10:34 - 2014-09-26 10:34 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-09-26 10:32 - 2014-09-26 10:32 - 00013110 _____ () C:\Users\Admin\Desktop\zoek-results.txt
2014-09-26 10:28 - 2014-09-26 10:30 - 00013110 _____ () C:\zoek-results.log
2014-09-26 10:26 - 2014-09-26 10:28 - 00000000 ____D () C:\zoek_backup
2014-09-26 10:22 - 2014-09-26 10:22 - 01290752 _____ () C:\Users\Admin\Desktop\zoek.exe
2014-09-26 10:15 - 2014-09-26 10:15 - 00001159 _____ () C:\neu_mbam.txt
2014-09-26 09:31 - 2014-09-26 09:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\Western_Digital_Technolog
2014-09-26 09:31 - 2014-09-26 09:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\Western Digital
2014-09-26 09:30 - 2014-09-26 09:46 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2014-09-26 09:30 - 2014-09-26 09:30 - 00001144 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2014-09-26 09:29 - 2014-09-26 09:42 - 00023452 _____ () C:\Windows\DPINST.LOG
2014-09-26 09:29 - 2014-09-26 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-09-26 09:29 - 2014-09-26 09:30 - 00000000 ____D () C:\Program Files\Western Digital
2014-09-26 09:29 - 2014-09-26 09:30 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-09-26 09:27 - 2014-09-26 09:31 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-25 19:43 - 2014-09-25 19:44 - 01373475 _____ () C:\Users\Admin\Desktop\AdwCleaner.exe
2014-09-25 19:33 - 2014-09-26 10:34 - 01100288 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-09-25 19:27 - 2014-09-25 19:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 19:12 - 2014-09-22 22:00 - 01024790 _____ (Thisisu) C:\Users\Admin\Desktop\JRT_NEW.exe
2014-09-25 19:09 - 2014-09-25 19:09 - 00001270 _____ () C:\Users\Admin\Desktop\02_eset.txt
2014-09-25 17:30 - 2014-09-25 17:30 - 00015246 _____ () C:\Users\Admin\Desktop\combofix.txt
2014-09-25 15:17 - 2014-09-25 15:17 - 00015246 _____ () C:\ComboFix.txt
2014-09-25 15:00 - 2014-09-25 13:34 - 00001687 _____ () C:\Users\Admin\Desktop\01_Eset_Onlinescan.txt
2014-09-25 14:52 - 2014-09-26 10:35 - 00016105 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-09-25 14:52 - 2014-09-25 14:52 - 00064433 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-09-25 14:51 - 2014-09-26 10:34 - 00000000 ____D () C:\FRST
2014-09-25 14:24 - 2014-09-25 14:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Sun
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-25 14:23 - 2014-09-25 14:25 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\install_flash_player_15_plugin.exe
2014-09-25 14:16 - 2014-09-25 14:21 - 29421992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-7u67-windows-i586.exe
2014-09-25 13:51 - 2014-09-25 13:51 - 00093766 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-09-25 13:51 - 2014-09-25 13:51 - 00056162 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-09-25 13:39 - 2014-09-25 13:39 - 05579290 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-09-25 13:37 - 2014-09-25 13:37 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-09-25 12:47 - 2014-09-25 12:47 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-25 12:47 - 2014-09-25 12:47 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-25 11:39 - 2014-05-17 15:15 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140925-113959.backup
2014-09-25 10:23 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller(1).zip
2014-09-25 10:22 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip
2014-09-25 09:59 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:40 - 2014-09-23 20:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-09-22 14:37 - 2014-09-22 14:55 - 00004158 _____ () C:\Windows\IE11_main.log
2014-09-22 14:25 - 2014-09-22 14:30 - 37059280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-09-22 14:11 - 2014-09-25 19:39 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2014-09-25 15:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-22 13:57 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-22 13:57 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-09-22 13:56 - 2014-09-22 13:56 - 00001456 _____ () C:\Users\Admin\Desktop\Goodgame Empire.lnk
2014-09-22 13:56 - 2014-09-22 13:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 13:55 - 2014-09-22 13:55 - 01101648 _____ () C:\Users\Admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-09-22 13:17 - 2014-09-22 13:17 - 00002007 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Calculator Plus
2014-09-22 12:56 - 2014-09-26 10:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 12:56 - 2014-09-22 12:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-22 12:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 13:44 - 2014-09-26 09:46 - 00002968 _____ () C:\Windows\setupact.log
2014-09-15 13:44 - 2014-09-25 19:51 - 00036984 _____ () C:\Windows\PFRO.log
2014-09-15 13:44 - 2014-09-15 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-15 13:11 - 2014-09-15 13:11 - 00000000 ____D () C:\ProgramData\Corel
2014-09-15 12:09 - 2014-09-15 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Axialis
2014-09-15 12:09 - 2014-09-15 12:09 - 00000000 ____D () C:\Program Files\My Company Name
2014-09-11 19:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 08:41 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 08:41 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 08:41 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 08:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 12:42 - 2014-09-08 12:42 - 00000000 ____D () C:\Users\Admin\cityguide
2014-08-31 19:50 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 19:50 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 10:18 - 2013-03-26 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 10:18 - 2013-03-26 09:56 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 09:53 - 2013-03-25 17:03 - 01627394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 09:53 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 09:53 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 09:50 - 2013-03-25 16:51 - 01228690 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 09:46 - 2014-05-17 11:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-26 09:46 - 2013-03-26 21:51 - 00000368 _____ () C:\Windows\Brownie.ini
2014-09-26 09:46 - 2013-03-26 09:56 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 09:46 - 2013-03-25 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-26 09:46 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 09:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-25 23:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-25 19:50 - 2014-05-15 12:50 - 00000000 ____D () C:\AdwCleaner
2014-09-25 19:39 - 2013-11-18 20:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 15:17 - 2014-05-17 15:11 - 00000000 ____D () C:\Qoobox
2014-09-25 15:17 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-25 14:33 - 2013-03-26 23:10 - 00000000 ____D () C:\Program Files\Java
2014-09-25 14:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-25 14:27 - 2013-03-26 11:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 14:27 - 2013-03-26 11:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 14:24 - 2013-03-26 23:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-09-25 10:50 - 2014-07-18 13:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2014-09-24 12:43 - 2013-03-27 12:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 11:02 - 2013-03-27 13:32 - 00002395 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2014-09-23 20:38 - 2013-12-28 13:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nero
2014-09-22 15:10 - 2014-08-16 11:56 - 00000000 ____D () C:\Program Files\Unlocker
2014-09-22 14:50 - 2013-03-25 19:33 - 00127912 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 14:49 - 2009-07-14 06:33 - 00442920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 14:45 - 2013-03-26 09:56 - 00000000 ____D () C:\Program Files\Google
2014-09-22 13:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-22 09:45 - 2013-04-03 21:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-09-15 13:43 - 2014-04-22 12:50 - 00327680 _____ () C:\Windows\system32\Ikeext.etl
2014-09-15 13:12 - 2013-03-26 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
2014-09-15 13:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-15 12:40 - 2014-08-21 20:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-09-13 19:25 - 2013-04-30 11:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-09-12 12:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:21 - 2014-08-21 20:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 19:21 - 2014-08-14 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 19:15 - 2014-08-22 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:15 - 2013-03-25 21:08 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 18:23 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\Admin\Documents\SoftMaker
2014-09-08 12:42 - 2013-03-25 17:02 - 00000000 ____D () C:\Users\Admin

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST-ADDITIONAL
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Admin at 2014-09-26 10:35:12
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.24 alpha (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 3.10.142.72249 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 3.10.142.72249 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Brother MFL-Pro Suite DCP-7025 (HKLM\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CadViewer 8.5.6b (HKLM\...\CadViewer) (Version: 8.5.6b - Tailor Made Software)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Das Telefonbuch Gelbe Seiten Map & Route (HKLM\...\DasTelefonbuch Gelbe Seiten Map & Route) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DDBAC (HKLM\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirPrinter - Deinstallation (HKLM\...\DirPrinter_is1) (Version: 8.70 - Mathias Gerlach [aborange.de])
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
eGlyphica (HKLM\...\eGlyphica) (Version:  - )
eM Client (Version: 3.5.12101.0 - SoftMaker Software GmbH) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Express Zip (HKLM\...\ExpressZip) (Version:  - NCH Software)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (Version: 7.1.13900.47.0 - Nero AG) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lexware Info Service (HKLM\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
LightScribe System Software (HKLM\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Lotus SmartSuite - Deutsch (HKLM\...\{536D6172-7453-7569-7465-392E38300407}) (Version: 9.8.0 - Lotus Development Corporation)
LUMIX Map Tool (HKLM\...\InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}) (Version: 1.1.0 - Panasonic Corporation)
LUMIX Map Tool (Version: 1.1.0 - Panasonic Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.2.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 10.5.10300 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nuance OmniPage 18 (HKLM\...\{90F50D38-23E4-42AA-8483-75C1D8C546AB}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM\...\{0351BD86-CC1A-400F-B70D-D8D858E0D5A3}) (Version: 8.10.3214 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
office wörterbuch pro (HKLM\...\office wörterbuch pro) (Version:  - Lingenio GmbH)
Philips Flat Panel Adjust (HKLM\...\{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}) (Version:  - )
PHOTOfunSTUDIO 9.1 PE (HKLM\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation)
Quicken 2012 (HKLM\...\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}) (Version: 19.36.00.0165 - Haufe-Lexware GmbH & Co.KG)
Quicken DELUXE 2014 (HKLM\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server 2012 (HKLM\...\{7FC74607-ED6E-49C3-87FA-56B50A2EE158}) (Version: 19.30.00.0134 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SoftMaker Office Professional 2012 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.1301 - SoftMaker Software GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tinypic 3.16 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.16 - E. Fiedler)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
translate plus 9 (HKLM\...\translate plus 9) (Version: 9 - Lingenio GmbH, Heidelberg)
TurboCAD Professional V.15 (HKLM\...\{CB719B19-BE9E-4D47-94B1-2FFE656067EE}) (Version: 15.1.1 - IMSI Design)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM\...\{59E0381C-1047-45A3-B68A-57F586EAF3C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{D338102B-BA1C-4CCA-B870-8690FA0F0433}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5FEF2583-382C-4795-947F-CE54E3F0E16A}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
WinFunktion Mathematik plus 21 (HKLM\...\{2C322D9F-8734-4937-8A94-67ED371046B6}) (Version: 21.00.0000 - bhv Publishing GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{016D58C4-CF57-48A8-89CB-B8D9537DA2CC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\FoundationPlan.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{02689F7F-4026-4D10-BD25-E577709C4C2E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Bolt3D.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B4CA0}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B7456}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\Presentations.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{03457507-D762-4025-8284-E9D3C8DBBD12}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\SectionToPathTie.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{06221C84-52D5-4A4E-A337-2BF8951D4B59}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Fillet3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0B91E172-6025-4EBD-A0A2-34552C05F100}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TextBox.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0D818D11-C218-4799-AE9D-FCD1811B978A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\OffsetPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{14F2A484-4F52-4DB5-9EC4-E97E92131E58}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Nut3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ScetchTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{1CC3991A-01EF-4337-AA69-2818FFA4C869}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\DatumRef.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2017F29F-68F4-11D5-B9BF-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\SpiralTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ObjectTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2C6D5BE5-4817-41C9-B28E-77CB857919D1}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\Fillet3D_Tie.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2F015029-FB7C-11D1-B8AC-000021452DB6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\InsSmObj.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{399254F2-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{399254F3-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{443E0383-3F0F-4ABF-93B8-885915F56C6F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\JointPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{45232FA2-65A2-11D2-8C4A-00403338C504}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\RRectA.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\SmartHatch.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{4A2B29CC-5A9B-4B51-9A0A-F63DA8A72C78}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Conn.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{4A5C2474-D597-48D4-A14A-3A13BC663BB9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\DatumTarget.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{5153A083-1A0E-4146-8DBB-50982700BF7E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\ScheduleIntoBlock.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{53BDCB5D-E113-4E5B-9B40-3B4D2B07DC28}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\BoltNut.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TCImage.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCImageTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{607CAF95-75AC-4C59-9E18-574DC62DB509}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Fillet3D_Tool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{642011BD-CFB0-4927-9C00-70BADAA0B5B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCToler.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A3A61A2-D373-4B31-8164-263601C79016}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCRougness.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\ImsigxPS15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\RevisionCloud.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{71CA2F31-B56D-4CAC-BA97-EDB14712A14A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\InsertExternalSymbol.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{71E21C97-83FB-4242-8997-A52627FFEFF9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCWeldSm.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{75F17666-0783-4450-A649-2B434C1EBB34}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\PickInside.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\DimensionTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7724BB36-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Rrect.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7724BB46-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\MfcSplin.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{784DEF17-17F1-4335-8B3C-7E4C2D2DF6A2}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\texture.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8188189D-6F33-48f2-B54B-936205216521}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\DCMMarkTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{869A07B5-AA8A-4504-B701-754FBAECC26D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\MarkerHouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{89E2E072-2AF3-414A-B2C5-CD75CB6B44DD}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\ToolTextAlong.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8a087491-5264-11d4-95F6-00A0CC3CCA14}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8FBFFBB2-64D0-4318-BD07-561CC8EE2084}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\AutoDimHouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ViewportTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{92454481-8DB8-4C5D-9F8F-1897A30E49C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Nut.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{99D040C9-BC79-44E2-BEC1-DE3636FA0320}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\ChainPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{ABEE7F9B-1215-4878-8F01-F0BAF4F211F7}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Pipe_Tool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\PalTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C1F35EEC-4BD8-4C2C-8BCF-6066EA37B6C3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\PlaneParameters.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C347BEE4-90D9-4641-A5BC-8B8982846576}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\SectOnPathTool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C47C48C1-0F15-41BA-AE68-23AB59A005F9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Welding.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C5AA19CF-2F1A-42A3-886F-682FDAEF585A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Hole.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCTrnTools.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{CA182404-11E8-4796-B378-C105225C2931}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TextAlong.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{CD092BC1-5EC8-4AC9-9F2C-DAAE1FA85B4A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\CurveTextTie.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D2446BEB-A633-4653-8BB7-F9F77DEAE2ED}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\WindowHouse.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D4BEEB62-37D5-4FD3-8EAB-5B972F37EFB3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Thread3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\CompoundProfileTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D8ADC55B-2CF1-45BC-8426-2685E150E89B}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Roundrect.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E06FAB40-6649-11D1-8090-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\BasicMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E06FAB41-6649-11D1-8090-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\BasicMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E5151088-1C1D-47B9-887A-FCFEA8700C95}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCmark.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E830E884-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\FPBridgeTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E830E887-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\FPBridgeTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E89833D1-0A9B-4EA2-B8E6-372353FFC763}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\GearContour.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{EC2CD23E-C474-476B-AA44-7C4C0D023D97}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Gear.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F2567097-FBF4-4394-AC80-6EF0DA719E0F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Cable.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F335199D-8E62-42E3-9F40-8A2459EA5576}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Screw.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F5125F6F-A84D-4830-AD78-A13E03B64185}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\BPMngr.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F6B5662B-3540-4923-937A-3BC8D9CAE568}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\doorhouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F6F41304-02C7-43B1-99DE-FDC3DBFA3C56}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\NorthDirection.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F792E5D4-834F-4BE5-9BA1-7397781858D2}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCFile.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{FF6C0583-D8E3-43D5-BA0F-C7E3B48AF741}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\CoordText.dll (IMSI)

==================== Restore Points  =========================

26-09-2014 08:28:03 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-25 15:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2A69DACE-19E8-4EDB-882A-35BC64D28B74} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {32EE17D5-5D99-4407-8A23-0FDC52D29BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {553E93F7-414E-4C31-83EA-275EA0C75684} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Task: {66E0184F-7CDA-45F9-9B18-617B0C22E76E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {67119E79-4948-43ED-B906-00E313203165} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: {7A5B94AF-4F56-4126-AE3A-8C848B426274} - System32\Tasks\{4F959E81-8C1D-4DCE-A2A3-3C8041FDA9F8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {8BABF4E0-C505-4147-A3A0-ED8A17EFEF76} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {9B5F08AC-DB5D-4878-B41B-3F6656C69BB3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ADA89144-585E-4EE5-A522-B899272C44BC} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
Task: {D45B5DCD-A3AC-46B7-A591-276B8A19AB5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {DB48DFC8-AA54-48BF-9E95-052CBDF23402} - System32\Tasks\{54B31717-8D0D-48CA-B69F-68FF16C0D0E2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {EBBEEA6D-DAF5-4C8F-A09A-5A47DECF4475} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-25 19:34 - 2013-09-12 08:28 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-03-26 23:06 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2012-05-23 16:00 - 2012-05-23 16:00 - 02408448 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2012-05-23 16:00 - 2012-05-23 16:00 - 08626176 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2012-05-23 16:00 - 2012-05-23 16:00 - 00212992 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-25 19:33 - 2013-01-23 23:57 - 01199576 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bupService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TVGOnlineUpdateSvc => 2
MSCONFIG\Services: Update ResultsAlpha => 2
MSCONFIG\Services: Util ResultsAlpha => 2
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk => C:\Windows\pss\Lotus SmartCenter.lnk.CommonStartup

========================= Accounts: ==========================

Admin (S-1-5-21-1720512716-2150718686-1536730020-1000 - Enabled - Status: OK) => C:\Users\Admin
Administrator (S-1-5-21-1720512716-2150718686-1536730020-500 - Disabled - Status: Degraded)
Gast (S-1-5-21-1720512716-2150718686-1536730020-501 - Disabled - Status: Degraded)
UpdatusUser (S-1-5-21-1720512716-2150718686-1536730020-1001 - Enabled - Status: OK) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDDriveService.exe, Version: 2.2.0.19, Zeitstempel: 0x51ddd13a
Name des fehlerhaften Moduls: WDDriveService.exe, Version: 2.2.0.19, Zeitstempel: 0x51ddd13a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fe0c
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xWDDriveService.exe0
Pfad der fehlerhaften Anwendung: WDDriveService.exe1
Pfad des fehlerhaften Moduls: WDDriveService.exe2
Berichtskennung: WDDriveService.exe3

Error: (09/25/2014 05:35:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/09/25 17:35:32.552]: [00002448]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/25/2014 03:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: tv_w32.dll, Version: 9.0.32494.0, Zeitstempel: 0x541334c5
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00007c8a
ID des fehlerhaften Prozesses: 0x6d0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (09/25/2014 01:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723, Zeitstempel: 0x52315a51
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000200
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (09/25/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723, Zeitstempel: 0x52315a51
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626e0
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (09/25/2014 01:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320, Zeitstempel: 0x53739709
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000200
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xwuauclt.exe0
Pfad der fehlerhaften Anwendung: wuauclt.exe1
Pfad des fehlerhaften Moduls: wuauclt.exe2
Berichtskennung: wuauclt.exe3

Error: (09/25/2014 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320, Zeitstempel: 0x53739709
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626e0
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xwuauclt.exe0
Pfad der fehlerhaften Anwendung: wuauclt.exe1
Pfad des fehlerhaften Moduls: wuauclt.exe2
Berichtskennung: wuauclt.exe3

Error: (09/25/2014 10:47:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe ; Beschreibung = Revo Uninstaller's restore point - TuneUp Utilities 2013; Fehler = 0x80042302).

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


System errors:
=============
Error: (09/26/2014 09:43:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "cyberJack PC/SC COM Service " wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Indexdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2014 07:34:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (09/26/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDDriveService.exe2.2.0.1951ddd13aWDDriveService.exe2.2.0.1951ddd13ac00000050002fe0c93801cfd95ba5d9edaaC:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exeC:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exec45cffd0-4550-11e4-b05c-3085a99aac51

Error: (09/25/2014 05:35:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/09/25 17:35:32.552]: [00002448]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/25/2014 03:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7tv_w32.dll9.0.32494.0541334c5c00000fd00007c8a6d001cfd89eb091732fC:\Windows\Explorer.EXEC:\Program Files\TeamViewer\Version9\tv_w32.dllc5e14cb9-44b4-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.272352315a51unknown0.0.0.000000000c00000050000020067c01cfd89ebc3bf76dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeunknown2d8d7ecc-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.272352315a51msvcrt.dll7.0.7601.177444eeaf722c0000005000626e067c01cfd89ebc3bf76dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\msvcrt.dll2b514a37-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wuauclt.exe7.6.7600.32053739709unknown0.0.0.000000000c00000050000020014dc01cfd89f2788d35eC:\Windows\system32\wuauclt.exeunknown2a6897d2-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wuauclt.exe7.6.7600.32053739709msvcrt.dll7.0.7601.177444eeaf722c0000005000626e014dc01cfd89f2788d35eC:\Windows\system32\wuauclt.exeC:\Windows\system32\msvcrt.dll2766c93b-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 10:47:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe Revo Uninstaller's restore point - TuneUp Utilities 20130x80042302

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 31%
Total physical RAM: 3552.16 MB
Available physical RAM: 2424.88 MB
Total Pagefile: 7102.6 MB
Available Pagefile: 6082.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:499.86 GB) (Free:428.48 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1363.05 GB) (Free:1219.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5FB4569E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=499.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1363.1 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Erstes Zwischenergebnis,

Eset onlinescan läuft gerade und liegt in den letzten Zügen.
HDD C: ist sauber

HDD D: in den erstellten Backups, befinden sich die Plagegeister
die kann ich zwar komplett löschen, aber ich greife dir da nicht vor
ich poste gleich den ESET LOG

Es lässt sich feststellen, dass in einem Grafikprogramm, z.B. neue Datei einfaches Qaudrat zeichen, linien stärke und farbe sind nicht veränderbar. Denke an Reparatur bzw. Neuinstallation des Programmes.

mal abwarten

ESET LOG
Code:
ATTFilter
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 1.zip	Variante von Win32/Complitly.A evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 13.zip	Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 14.zip	Variante von Win32/FirseriaInstaller.F evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 2.zip	Win32/Conduit.SearchProtect.K evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 3.zip	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 40.zip	Win32/Ponmocup.AA Trojaner
         

Alt 26.09.2014, 12:27   #5
M-K-D-B
/// TB-Ausbilder
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



Wir entfernen die letzten Reste und kontrollieren nochmal alles.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-28] (StdLib)
C:\Windows\System32\drivers\wStLibG.sys
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 1.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 13.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 14.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 2.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 3.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 40.zip
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.09.2014, 13:25   #6
candelaver
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



FIXLOG
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2014
Ran by Admin at 2014-09-26 14:05:41 Run:2
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-28] (StdLib)
C:\Windows\System32\drivers\wStLibG.sys
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 1.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 13.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 14.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 2.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 3.zip
D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 40.zip
EmptyTemp:
end
*****************

Processes closed successfully.
wStLibG => Service stopped successfully.
wStLibG => Service deleted successfully.
C:\Windows\System32\drivers\wStLibG.sys => Moved successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.
C:\ProgramData\TEMP => ":AEC0AC81" ADS removed successfully.
"D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 1.zip" => File/Directory not found.
"D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 13.zip" => File/Directory not found.
"D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 14.zip" => File/Directory not found.
"D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 2.zip" => File/Directory not found.
"D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 3.zip" => File/Directory not found.
"D:\ADMIN-PC\Backup Set 2014-05-04 190000\Backup Files 2014-05-04 190000\Backup files 40.zip" => File/Directory not found.
EmptyTemp: => Removed 275 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
Die infizierten Backups hat der Eset vorhin entfernt

Checkup LOG

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 7.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Java 7 Update 67  
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST LOG

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by Admin (administrator) on ADMIN-PC on 26-09-2014 14:22:11
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-26] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC968F37F729CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Gaaiho PDF Conversion Toolbar Helper -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-08-18]
FF Extension: YouTube Unblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23]
FF Extension: Remove Google Tracking - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-07-15]
FF Extension: S3.Google Translator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\s3google@translator.xpi [2013-12-01]
FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-26]
FF Extension: PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox [2013-06-13]

Chrome: 
=======
CHR CustomProfile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-17] (SUPERAntiSpyware.com)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2014-07-23] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
S4 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [12928 2009-05-06] (ROCCAT Development, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [351288 2012-12-04] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796216 2012-12-04] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-26] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
R2 PMEM; C:\Windows\system32\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 14:17 - 2014-09-26 14:17 - 00854417 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-09-26 13:00 - 2014-09-26 13:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ESET
2014-09-26 13:00 - 2014-09-26 13:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\ESET
2014-09-26 13:00 - 2014-09-26 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-26 13:00 - 2014-09-26 13:00 - 00000000 ____D () C:\ProgramData\ESET
2014-09-26 12:34 - 2014-09-26 12:34 - 01595776 _____ (ESET) C:\Users\Admin\Downloads\eset_smart_security_live_installer_.exe
2014-09-26 12:27 - 2014-09-26 12:27 - 00000895 _____ () C:\Users\Admin\Desktop\Eset3.txt
2014-09-26 10:34 - 2014-09-26 10:34 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-09-26 10:32 - 2014-09-26 10:32 - 00013110 _____ () C:\Users\Admin\Desktop\zoek-results.txt
2014-09-26 10:28 - 2014-09-26 10:30 - 00013110 _____ () C:\zoek-results.log
2014-09-26 10:26 - 2014-09-26 10:28 - 00000000 ____D () C:\zoek_backup
2014-09-26 10:22 - 2014-09-26 10:22 - 01290752 _____ () C:\Users\Admin\Desktop\zoek.exe
2014-09-26 10:15 - 2014-09-26 10:15 - 00001159 _____ () C:\neu_mbam.txt
2014-09-26 09:31 - 2014-09-26 09:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\Western_Digital_Technolog
2014-09-26 09:31 - 2014-09-26 09:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\Western Digital
2014-09-26 09:30 - 2014-09-26 14:10 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2014-09-26 09:30 - 2014-09-26 09:30 - 00001144 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2014-09-26 09:29 - 2014-09-26 09:42 - 00023452 _____ () C:\Windows\DPINST.LOG
2014-09-26 09:29 - 2014-09-26 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-09-26 09:29 - 2014-09-26 09:30 - 00000000 ____D () C:\Program Files\Western Digital
2014-09-26 09:29 - 2014-09-26 09:30 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-09-26 09:27 - 2014-09-26 09:31 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-25 19:33 - 2014-09-26 10:34 - 01100288 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-09-25 19:27 - 2014-09-25 19:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 19:12 - 2014-09-22 22:00 - 01024790 _____ (Thisisu) C:\Users\Admin\Desktop\JRT_NEW.exe
2014-09-25 19:09 - 2014-09-25 19:09 - 00001270 _____ () C:\Users\Admin\Desktop\02_eset.txt
2014-09-25 17:30 - 2014-09-25 17:30 - 00015246 _____ () C:\Users\Admin\Desktop\combofix.txt
2014-09-25 15:17 - 2014-09-25 15:17 - 00015246 _____ () C:\ComboFix.txt
2014-09-25 15:00 - 2014-09-25 13:34 - 00001687 _____ () C:\Users\Admin\Desktop\01_Eset_Onlinescan.txt
2014-09-25 14:52 - 2014-09-26 14:22 - 00014578 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-09-25 14:52 - 2014-09-26 10:35 - 00062757 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-09-25 14:51 - 2014-09-26 14:22 - 00000000 ____D () C:\FRST
2014-09-25 14:24 - 2014-09-25 14:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Sun
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-25 14:23 - 2014-09-25 14:25 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\install_flash_player_15_plugin.exe
2014-09-25 14:16 - 2014-09-25 14:21 - 29421992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-7u67-windows-i586.exe
2014-09-25 13:51 - 2014-09-25 13:51 - 00093766 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-09-25 13:51 - 2014-09-25 13:51 - 00056162 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-09-25 13:39 - 2014-09-25 13:39 - 05579290 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-09-25 13:37 - 2014-09-25 13:37 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-09-25 12:47 - 2014-09-25 12:47 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-25 12:47 - 2014-09-25 12:47 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-25 11:39 - 2014-05-17 15:15 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140925-113959.backup
2014-09-25 10:23 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller(1).zip
2014-09-25 10:22 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip
2014-09-25 09:59 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:40 - 2014-09-23 20:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-09-22 14:37 - 2014-09-22 14:55 - 00004158 _____ () C:\Windows\IE11_main.log
2014-09-22 14:25 - 2014-09-22 14:30 - 37059280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-09-22 14:11 - 2014-09-25 19:39 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2014-09-25 15:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-22 13:57 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-22 13:57 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-09-22 13:56 - 2014-09-22 13:56 - 00001456 _____ () C:\Users\Admin\Desktop\Goodgame Empire.lnk
2014-09-22 13:56 - 2014-09-22 13:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 13:55 - 2014-09-22 13:55 - 01101648 _____ () C:\Users\Admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-09-22 13:17 - 2014-09-22 13:17 - 00002007 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Calculator Plus
2014-09-22 12:56 - 2014-09-26 10:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 12:56 - 2014-09-22 12:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-22 12:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 13:44 - 2014-09-26 14:10 - 00003024 _____ () C:\Windows\setupact.log
2014-09-15 13:44 - 2014-09-26 14:09 - 00039296 _____ () C:\Windows\PFRO.log
2014-09-15 13:44 - 2014-09-15 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-15 13:11 - 2014-09-15 13:11 - 00000000 ____D () C:\ProgramData\Corel
2014-09-15 12:09 - 2014-09-15 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Axialis
2014-09-15 12:09 - 2014-09-15 12:09 - 00000000 ____D () C:\Program Files\My Company Name
2014-09-11 19:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 08:41 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 08:41 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 08:41 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 08:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 12:42 - 2014-09-08 12:42 - 00000000 ____D () C:\Users\Admin\cityguide
2014-08-31 19:50 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 19:50 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 14:18 - 2013-03-26 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 14:18 - 2013-03-26 09:56 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 14:17 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 14:17 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 14:16 - 2013-03-25 17:03 - 01627394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 14:10 - 2014-04-22 12:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-26 14:10 - 2013-03-26 09:56 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 14:10 - 2013-03-25 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-26 14:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 14:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-26 14:09 - 2013-03-25 16:51 - 01262253 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 13:00 - 2014-05-13 18:39 - 00000000 ____D () C:\Program Files\ESET
2014-09-26 11:43 - 2013-04-19 09:25 - 00000000 ____D () C:\Windows\pss
2014-09-26 09:46 - 2014-05-17 11:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-26 09:46 - 2013-03-26 21:51 - 00000368 _____ () C:\Windows\Brownie.ini
2014-09-25 23:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-25 19:39 - 2013-11-18 20:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 15:17 - 2014-05-17 15:11 - 00000000 ____D () C:\Qoobox
2014-09-25 15:17 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-25 14:33 - 2013-03-26 23:10 - 00000000 ____D () C:\Program Files\Java
2014-09-25 14:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-25 14:27 - 2013-03-26 11:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 14:27 - 2013-03-26 11:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 14:24 - 2013-03-26 23:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-09-25 10:50 - 2014-07-18 13:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2014-09-24 12:43 - 2013-03-27 12:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 11:02 - 2013-03-27 13:32 - 00002395 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2014-09-23 20:38 - 2013-12-28 13:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nero
2014-09-22 15:10 - 2014-08-16 11:56 - 00000000 ____D () C:\Program Files\Unlocker
2014-09-22 14:50 - 2013-03-25 19:33 - 00127912 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 14:49 - 2009-07-14 06:33 - 00442920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 14:45 - 2013-03-26 09:56 - 00000000 ____D () C:\Program Files\Google
2014-09-22 13:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-22 09:45 - 2013-04-03 21:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-09-15 13:12 - 2013-03-26 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
2014-09-15 13:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-15 12:40 - 2014-08-21 20:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-09-13 19:25 - 2013-04-30 11:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-09-12 12:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:21 - 2014-08-21 20:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 19:21 - 2014-08-14 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 19:15 - 2014-08-22 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:15 - 2013-03-25 21:08 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 18:23 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\Admin\Documents\SoftMaker
2014-09-08 12:42 - 2013-03-25 17:02 - 00000000 ____D () C:\Users\Admin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

ADDITIONAL FRST
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Admin at 2014-09-26 14:22:44
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.24 alpha (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 3.10.142.72249 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 3.10.142.72249 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Brother MFL-Pro Suite DCP-7025 (HKLM\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CadViewer 8.5.6b (HKLM\...\CadViewer) (Version: 8.5.6b - Tailor Made Software)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Das Telefonbuch Gelbe Seiten Map & Route (HKLM\...\DasTelefonbuch Gelbe Seiten Map & Route) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DDBAC (HKLM\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirPrinter - Deinstallation (HKLM\...\DirPrinter_is1) (Version: 8.70 - Mathias Gerlach [aborange.de])
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
eGlyphica (HKLM\...\eGlyphica) (Version:  - )
eM Client (Version: 3.5.12101.0 - SoftMaker Software GmbH) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{171F1D47-1647-427D-8980-ADCE7100F9A7}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Express Zip (HKLM\...\ExpressZip) (Version:  - NCH Software)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (Version: 7.1.13900.47.0 - Nero AG) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lexware Info Service (HKLM\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
LightScribe System Software (HKLM\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Lotus SmartSuite - Deutsch (HKLM\...\{536D6172-7453-7569-7465-392E38300407}) (Version: 9.8.0 - Lotus Development Corporation)
LUMIX Map Tool (HKLM\...\InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}) (Version: 1.1.0 - Panasonic Corporation)
LUMIX Map Tool (Version: 1.1.0 - Panasonic Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.2.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 10.5.10300 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nuance OmniPage 18 (HKLM\...\{90F50D38-23E4-42AA-8483-75C1D8C546AB}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM\...\{0351BD86-CC1A-400F-B70D-D8D858E0D5A3}) (Version: 8.10.3214 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
office wörterbuch pro (HKLM\...\office wörterbuch pro) (Version:  - Lingenio GmbH)
Philips Flat Panel Adjust (HKLM\...\{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}) (Version:  - )
PHOTOfunSTUDIO 9.1 PE (HKLM\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation)
Quicken 2012 (HKLM\...\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}) (Version: 19.36.00.0165 - Haufe-Lexware GmbH & Co.KG)
Quicken DELUXE 2014 (HKLM\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server 2012 (HKLM\...\{7FC74607-ED6E-49C3-87FA-56B50A2EE158}) (Version: 19.30.00.0134 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SoftMaker Office Professional 2012 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.1301 - SoftMaker Software GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tinypic 3.16 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.16 - E. Fiedler)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
translate plus 9 (HKLM\...\translate plus 9) (Version: 9 - Lingenio GmbH, Heidelberg)
TurboCAD Professional V.15 (HKLM\...\{CB719B19-BE9E-4D47-94B1-2FFE656067EE}) (Version: 15.1.1 - IMSI Design)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM\...\{59E0381C-1047-45A3-B68A-57F586EAF3C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{D338102B-BA1C-4CCA-B870-8690FA0F0433}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5FEF2583-382C-4795-947F-CE54E3F0E16A}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
WinFunktion Mathematik plus 21 (HKLM\...\{2C322D9F-8734-4937-8A94-67ED371046B6}) (Version: 21.00.0000 - bhv Publishing GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{016D58C4-CF57-48A8-89CB-B8D9537DA2CC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\FoundationPlan.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{02689F7F-4026-4D10-BD25-E577709C4C2E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Bolt3D.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B4CA0}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B7456}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\Presentations.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{03457507-D762-4025-8284-E9D3C8DBBD12}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\SectionToPathTie.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{06221C84-52D5-4A4E-A337-2BF8951D4B59}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Fillet3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0B91E172-6025-4EBD-A0A2-34552C05F100}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TextBox.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{0D818D11-C218-4799-AE9D-FCD1811B978A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\OffsetPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{14F2A484-4F52-4DB5-9EC4-E97E92131E58}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Nut3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ScetchTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{1CC3991A-01EF-4337-AA69-2818FFA4C869}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\DatumRef.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2017F29F-68F4-11D5-B9BF-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\SpiralTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ObjectTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2C6D5BE5-4817-41C9-B28E-77CB857919D1}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\Fillet3D_Tie.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{2F015029-FB7C-11D1-B8AC-000021452DB6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\InsSmObj.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{399254F2-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{399254F3-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{443E0383-3F0F-4ABF-93B8-885915F56C6F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\JointPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{45232FA2-65A2-11D2-8C4A-00403338C504}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\RRectA.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\SmartHatch.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{4A2B29CC-5A9B-4B51-9A0A-F63DA8A72C78}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Conn.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{4A5C2474-D597-48D4-A14A-3A13BC663BB9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\DatumTarget.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{5153A083-1A0E-4146-8DBB-50982700BF7E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\ScheduleIntoBlock.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{53BDCB5D-E113-4E5B-9B40-3B4D2B07DC28}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\BoltNut.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TCImage.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCImageTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{607CAF95-75AC-4C59-9E18-574DC62DB509}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Fillet3D_Tool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{642011BD-CFB0-4927-9C00-70BADAA0B5B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCToler.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A3A61A2-D373-4B31-8164-263601C79016}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCRougness.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Tcw15.exe (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\ImsigxPS15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\IMSIGX15.dll (IMSI/Design LLC.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\gxext15.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\RevisionCloud.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{71CA2F31-B56D-4CAC-BA97-EDB14712A14A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\InsertExternalSymbol.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{71E21C97-83FB-4242-8997-A52627FFEFF9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCWeldSm.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{75F17666-0783-4450-A649-2B434C1EBB34}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\PickInside.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\DimensionTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7724BB36-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Rrect.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{7724BB46-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\MfcSplin.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{784DEF17-17F1-4335-8B3C-7E4C2D2DF6A2}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\texture.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8188189D-6F33-48f2-B54B-936205216521}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\DCMMarkTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{869A07B5-AA8A-4504-B701-754FBAECC26D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\MarkerHouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{89E2E072-2AF3-414A-B2C5-CD75CB6B44DD}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\ToolTextAlong.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8a087491-5264-11d4-95F6-00A0CC3CCA14}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{8FBFFBB2-64D0-4318-BD07-561CC8EE2084}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\AutoDimHouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\ViewportTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{92454481-8DB8-4C5D-9F8F-1897A30E49C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Nut.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{99D040C9-BC79-44E2-BEC1-DE3636FA0320}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\ChainPolyline.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{ABEE7F9B-1215-4878-8F01-F0BAF4F211F7}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Pipe_Tool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\PalTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C1F35EEC-4BD8-4C2C-8BCF-6066EA37B6C3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\PlaneParameters.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C347BEE4-90D9-4641-A5BC-8B8982846576}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\SectOnPathTool.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C47C48C1-0F15-41BA-AE68-23AB59A005F9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Welding.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C5AA19CF-2F1A-42A3-886F-682FDAEF585A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Hole.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCTrnTools.dll ()
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{CA182404-11E8-4796-B378-C105225C2931}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\TextAlong.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{CD092BC1-5EC8-4AC9-9F2C-DAAE1FA85B4A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\CurveTextTie.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D2446BEB-A633-4653-8BB7-F9F77DEAE2ED}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\WindowHouse.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D4BEEB62-37D5-4FD3-8EAB-5B972F37EFB3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\Thread3D.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Ties\CompoundProfileTie.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{D8ADC55B-2CF1-45BC-8426-2685E150E89B}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Roundrect.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E06FAB40-6649-11D1-8090-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\BasicMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E06FAB41-6649-11D1-8090-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Professional 2012\BasicMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E5151088-1C1D-47B9-887A-FCFEA8700C95}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCmark.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E830E884-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\FPBridgeTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E830E887-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\TcTools\FPBridgeTool.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{E89833D1-0A9B-4EA2-B8E6-372353FFC763}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\GearContour.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{EC2CD23E-C474-476B-AA44-7C4C0D023D97}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Gear.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F2567097-FBF4-4394-AC80-6EF0DA719E0F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Cable.dll (IMSI)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F335199D-8E62-42E3-9F40-8A2459EA5576}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\Screw.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F5125F6F-A84D-4830-AD78-A13E03B64185}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\BPMngr.dll (IMSI/Design, LLC)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F6B5662B-3540-4923-937A-3BC8D9CAE568}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\doorhouse.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F6F41304-02C7-43B1-99DE-FDC3DBFA3C56}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\NorthDirection.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{F792E5D4-834F-4BE5-9BA1-7397781858D2}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Draggers\TCFile.dll (International Microcomputer Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1720512716-2150718686-1536730020-1000_Classes\CLSID\{FF6C0583-D8E3-43D5-BA0F-C7E3B48AF741}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP15\Program\Regens\CoordText.dll (IMSI)

==================== Restore Points  =========================

26-09-2014 08:28:03 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-25 15:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2A69DACE-19E8-4EDB-882A-35BC64D28B74} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {32EE17D5-5D99-4407-8A23-0FDC52D29BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {553E93F7-414E-4C31-83EA-275EA0C75684} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [2013-10-08] (Haufe-Lexware GmbH & Co. KG)
Task: {66E0184F-7CDA-45F9-9B18-617B0C22E76E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {67119E79-4948-43ED-B906-00E313203165} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: {7A5B94AF-4F56-4126-AE3A-8C848B426274} - System32\Tasks\{4F959E81-8C1D-4DCE-A2A3-3C8041FDA9F8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {8BABF4E0-C505-4147-A3A0-ED8A17EFEF76} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {9B5F08AC-DB5D-4878-B41B-3F6656C69BB3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ADA89144-585E-4EE5-A522-B899272C44BC} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
Task: {D45B5DCD-A3AC-46B7-A591-276B8A19AB5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {DB48DFC8-AA54-48BF-9E95-052CBDF23402} - System32\Tasks\{54B31717-8D0D-48CA-B69F-68FF16C0D0E2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {EBBEEA6D-DAF5-4C8F-A09A-5A47DECF4475} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-25 19:34 - 2013-09-12 08:28 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-03-26 23:06 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2013-03-25 19:33 - 2013-01-23 23:57 - 01199576 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-25 19:27 - 2014-09-25 19:27 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bupService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TVGOnlineUpdateSvc => 2
MSCONFIG\Services: Update ResultsAlpha => 2
MSCONFIG\Services: Util ResultsAlpha => 2
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk => C:\Windows\pss\Lotus SmartCenter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^office wörterbuch pro.lnk => C:\Windows\pss\office wörterbuch pro.lnk.CommonStartup
MSCONFIG\startupreg: BrStsWnd => C:\Program Files\Brownie\BrstsWnd.exe Autorun
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Onboard => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: SMASH => "C:\Program Files\SoftMaker Office Professional 2012\SMASH.EXE"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

========================= Accounts: ==========================

Admin (S-1-5-21-1720512716-2150718686-1536730020-1000 - Enabled - Status: OK) => C:\Users\Admin
Administrator (S-1-5-21-1720512716-2150718686-1536730020-500 - Disabled - Status: Degraded)
Gast (S-1-5-21-1720512716-2150718686-1536730020-501 - Disabled - Status: Degraded)
UpdatusUser (S-1-5-21-1720512716-2150718686-1536730020-1001 - Enabled - Status: OK) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 11:55:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PROFIL~1.EXE, Version: 2.24.0.3, Zeitstempel: 0x4eb9848d
Name des fehlerhaften Moduls: PROFIL~1.EXE, Version: 2.24.0.3, Zeitstempel: 0x4eb9848d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002adb7
ID des fehlerhaften Prozesses: 0x12b4
Startzeit der fehlerhaften Anwendung: 0xPROFIL~1.EXE0
Pfad der fehlerhaften Anwendung: PROFIL~1.EXE1
Pfad des fehlerhaften Moduls: PROFIL~1.EXE2
Berichtskennung: PROFIL~1.EXE3

Error: (09/26/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDDriveService.exe, Version: 2.2.0.19, Zeitstempel: 0x51ddd13a
Name des fehlerhaften Moduls: WDDriveService.exe, Version: 2.2.0.19, Zeitstempel: 0x51ddd13a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fe0c
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xWDDriveService.exe0
Pfad der fehlerhaften Anwendung: WDDriveService.exe1
Pfad des fehlerhaften Moduls: WDDriveService.exe2
Berichtskennung: WDDriveService.exe3

Error: (09/25/2014 05:35:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/09/25 17:35:32.552]: [00002448]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/25/2014 03:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: tv_w32.dll, Version: 9.0.32494.0, Zeitstempel: 0x541334c5
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00007c8a
ID des fehlerhaften Prozesses: 0x6d0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (09/25/2014 01:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723, Zeitstempel: 0x52315a51
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000200
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (09/25/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723, Zeitstempel: 0x52315a51
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626e0
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (09/25/2014 01:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320, Zeitstempel: 0x53739709
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000200
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xwuauclt.exe0
Pfad der fehlerhaften Anwendung: wuauclt.exe1
Pfad des fehlerhaften Moduls: wuauclt.exe2
Berichtskennung: wuauclt.exe3

Error: (09/25/2014 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320, Zeitstempel: 0x53739709
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626e0
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xwuauclt.exe0
Pfad der fehlerhaften Anwendung: wuauclt.exe1
Pfad des fehlerhaften Moduls: wuauclt.exe2
Berichtskennung: wuauclt.exe3

Error: (09/25/2014 10:47:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe ; Beschreibung = Revo Uninstaller's restore point - TuneUp Utilities 2013; Fehler = 0x80042302).

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.


System errors:
=============
Error: (09/26/2014 02:06:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dragon Logger service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/26/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (09/26/2014 11:55:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PROFIL~1.EXE2.24.0.34eb9848dPROFIL~1.EXE2.24.0.34eb9848dc00000050002adb712b401cfd96ff24966cdC:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXEC:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE35a34113-4563-11e4-809e-3085a99aac51

Error: (09/26/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDDriveService.exe2.2.0.1951ddd13aWDDriveService.exe2.2.0.1951ddd13ac00000050002fe0c93801cfd95ba5d9edaaC:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exeC:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exec45cffd0-4550-11e4-b05c-3085a99aac51

Error: (09/25/2014 05:35:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/09/25 17:35:32.552]: [00002448]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/25/2014 03:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7tv_w32.dll9.0.32494.0541334c5c00000fd00007c8a6d001cfd89eb091732fC:\Windows\Explorer.EXEC:\Program Files\TeamViewer\Version9\tv_w32.dllc5e14cb9-44b4-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.272352315a51unknown0.0.0.000000000c00000050000020067c01cfd89ebc3bf76dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeunknown2d8d7ecc-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.272352315a51msvcrt.dll7.0.7601.177444eeaf722c0000005000626e067c01cfd89ebc3bf76dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\msvcrt.dll2b514a37-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wuauclt.exe7.6.7600.32053739709unknown0.0.0.000000000c00000050000020014dc01cfd89f2788d35eC:\Windows\system32\wuauclt.exeunknown2a6897d2-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wuauclt.exe7.6.7600.32053739709msvcrt.dll7.0.7601.177444eeaf722c0000005000626e014dc01cfd89f2788d35eC:\Windows\system32\wuauclt.exeC:\Windows\system32\msvcrt.dll2766c93b-44a8-11e4-9a29-3085a99aac51

Error: (09/25/2014 10:47:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Admin\AppData\Local\Temp\revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe Revo Uninstaller's restore point - TuneUp Utilities 20130x80042302

Error: (09/25/2014 10:47:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 39%
Total physical RAM: 3552.16 MB
Available physical RAM: 2132.94 MB
Total Pagefile: 7102.6 MB
Available Pagefile: 5646.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:499.86 GB) (Free:427.85 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1363.05 GB) (Free:1227.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5FB4569E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=499.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1363.1 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Alt 27.09.2014, 07:44   #7
M-K-D-B
/// TB-Ausbilder
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
  • Verwende für jede Anwendung und jeden Account ein anderes Passwort.
  • Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
  • Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
  • Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
  • Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
  • Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.





Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.09.2014, 11:30   #8
candelaver
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



Absoulte große Klasse Danke !!!!!
Es hat alles prima geklappt !!!!

Alt 27.09.2014, 13:27   #9
M-K-D-B
/// TB-Ausbilder
 
ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Standard

ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen
bootmgr, conduit.search, conduit.search entfernen, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xc00000fd, fehlercode 22, fehlercode windows, festplatte, flash player, install.exe, neue festplatte, nodrives, safer networking, software, superantispyware, svchost.exe, win32/browsefox.c, win32/complitly.a, win32/conduit.searchprotect.k, win32/firseriainstaller.f, win32/installcore.po, win32/ponmocup.aa, win32/pricegong.a, win32/searchplugin.a, win32/toolbar.babylon.e, win32/toolbar.babylon.f, windows, wuauclt.exe



Ähnliche Themen: ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen


  1. Probleme beim installieren von eset security und malwarebytes antimaleware
    Alles rund um Windows - 15.07.2014 (1)
  2. Windows7 Eset Scanner meldet Infizierung Operating memory win32/spy.zbot.aao trojan
    Log-Analyse und Auswertung - 23.10.2013 (7)
  3. Win 7: Java/Exploit.Agent.PFI trojan von ESET gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (9)
  4. a variant of Win32/Spy.Banker.YIL trojan mit ESET online scan endeckt
    Log-Analyse und Auswertung - 29.07.2013 (9)
  5. Probleme nach ESET Online Scanner
    Log-Analyse und Auswertung - 06.07.2013 (19)
  6. a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (18)
  7. Wie entferne ich Win32/Ponmocup
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (21)
  8. Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  9. Trojan.ZbotR.Gen - mit Auswirkungen auf die Login-Seite von comdirect...?
    Log-Analyse und Auswertung - 17.10.2012 (5)
  10. Win32/Ponmocup.AA Trojaner - Google leitet mich auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (9)
  11. JS/Expack.OY (Antivir) und html/fraud.bg trojan (eset) gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  12. ESET Smart Security oder ESET NOD32 Antivirus?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.10.2010 (1)
  13. Silentbanker & Co. und ihre Auswirkungen(?)
    Mülltonne - 25.11.2008 (1)
  14. Trojaner befall mit allerlei Auswirkungen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2006 (8)
  15. W32/Mitglieder.CT Auswirkungen?
    Plagegeister aller Art und deren Bekämpfung - 03.11.2005 (1)
  16. BDS/Agent.AY und seine auswirkungen auf meinen pc?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2005 (8)
  17. spätere auswirkungen nach kwbot entfernung?
    Plagegeister aller Art und deren Bekämpfung - 28.02.2003 (1)

Zum Thema ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen - Hallo TB Team, Ich habe mit Teamviewer einer Bekannten, bei Pc Problemem zu helfen, Die PC- Probleme sind so reichlich und vielseitig vorhanden, dass ich gar nicht weiss, wo ich - ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen...
Archiv
Du betrachtest: ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.