Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Continue Live Installation Entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.10.2014, 17:36   #1
Yoshimaru
 
Continue Live Installation Entfernen - Pfeil

Continue Live Installation Entfernen



Hallo bei mir öffnet sich oft das Fenster Continue Live Installation
Ich habe Farbar's Recovery Scan Tool Heruntergeladen und denn Scan durchgeführt.

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Yoshimaru (administrator) on YOSHIMARU-PC on 22-10-2014 18:17:23
Running from C:\Users\Yoshimaru\Downloads
Loaded Profile: Yoshimaru (Available profiles: Yoshimaru)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Users\Yoshimaru\AppData\Roaming\VOPackage\VOsrv.exe
(Wajam Internet Technologies Inc.) C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Wajam Internet Technologies Inc.) C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSConfig] => C:\Windows\system32\msconfig.exe [222208 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76800 2013-09-05] (Vodafone)
HKLM\...\Run: [VmbNotifier] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1893376 2013-09-05] (Vodafone)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\Run: [GameCenterMailRu-EU] => C:\Users\Yoshimaru\AppData\Local\Mail.Ru\GameCenter-EU\GameCenter@Mail.Ru.exe [4830496 2014-09-20] ()
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\Run: [MyComGames] => C:\Users\Yoshimaru\AppData\Local\MyComGames\MyComGames.exe [4268328 2014-10-21] ()
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\Run: [WinnerDM] => C:\Users\Yoshimaru\AppData\Local\WinnerDM\wdm.exe [1801880 2014-10-21] ()
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: D - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {02426576-a6f9-11e2-a8ee-001a92fa2b0e} - G:\setupSNK.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {22ae3da1-3a6f-11e2-b83f-001a92fa2b0e} - D:\autorun.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {2aedd6a2-d2d4-11e2-872d-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {2aedd6a3-d2d4-11e2-872d-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {2aedd6a4-d2d4-11e2-872d-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {2aedd6a9-d2d4-11e2-872d-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {2aedd6b0-d2d4-11e2-872d-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {3bce0841-b39b-11e2-8aa0-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {3bce0846-b39b-11e2-8aa0-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {890b1e2d-c33c-11e2-8f84-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {890b1e2e-c33c-11e2-8f84-001a92fa2b0e} - G:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {91d1af29-6a16-11e3-90b2-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {91d1af30-6a16-11e3-90b2-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {9ea7ee73-c976-11e2-9bb7-806e6f6e6963} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {afa72e7b-c97b-11e2-9b6e-806e6f6e6963} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {b66c650d-d2de-11e2-85b9-806e6f6e6963} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {b8af455c-71f7-11e3-85cb-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {b8af4563-71f7-11e3-85cb-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {baf89b01-b8cd-11e2-8815-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {baf89b03-b8cd-11e2-8815-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {baf89b07-b8cd-11e2-8815-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {baf89b09-b8cd-11e2-8815-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {bf58fdd4-d305-11e3-81f0-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {cb343e87-c2c4-11e3-9a41-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {cb343e8e-c2c4-11e3-9a41-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {eb6c69f6-63ba-11e2-997c-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {eb6c69fe-63ba-11e2-997c-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {ed0ce17a-09fd-11e3-b0e3-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {ed0ce17b-09fd-11e3-b0e3-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f397b4cb-c849-11e2-96de-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f397b4cc-c849-11e2-96de-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f397b4cd-c849-11e2-96de-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f397b4ce-c849-11e2-96de-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f397b4cf-c849-11e2-96de-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f988b5b5-c971-11e2-89c4-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f988b5bd-c971-11e2-89c4-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f988b5bf-c971-11e2-89c4-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f988b5c1-c971-11e2-89c4-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {f988b5c3-c971-11e2-89c4-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {fe2a1fa7-c3f5-11e3-89cd-001a92fa2b0e} - D:\StartVMCLite.exe
HKU\S-1-5-21-908785102-3865279340-3334126312-1000\...\MountPoints2: {fe2a1fa8-c3f5-11e3-89cd-001a92fa2b0e} - D:\StartVMCLite.exe
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\emmsn.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\facebookmessenger.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\filecure.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\launcher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\todisc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\toshddvd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\tosramutil.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:60502;https=127.0.0.1:60502;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2aaf96e4-e6de-4096-a8c4-cdcf7b3d9d35&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2aaf96e4-e6de-4096-a8c4-cdcf7b3d9d35&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2aaf96e4-e6de-4096-a8c4-cdcf7b3d9d35&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2aaf96e4-e6de-4096-a8c4-cdcf7b3d9d35&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4612_3&babsrc=SP_clro&mntrId=24e73077000000000000001b9e39c04b
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.9.1 192.168.9.1

FireFox:
========
FF ProfilePath: C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1410192567&from=exp&uid=TOSHIBAXMK1237GSX_77BMFB9TSXX77BMFB9TS
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: google.de
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2aaf96e4-e6de-4096-a8c4-cdcf7b3d9d35&affid=111585&searchtype=ds&babsrc=lnkry&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @mail.ru/GameCenter -> C:\Users\Yoshimaru\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll (LLC Mail.Ru)
FF Plugin HKCU: @my.com/Games -> C:\Users\Yoshimaru\AppData\Local\MyComGames\NPMyComDetector.dll (My.com, Inc)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Yoshimaru\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF SearchPlugin: C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\amazon-icon@winload.de [2013-05-29]
FF Extension: German Dictionary - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-10-17]
FF Extension: Fast Start - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\faststartff@gmail.com [2014-09-08]
FF Extension: Boni.tv Addon - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\addon@kingbonus.de.xpi [2014-10-01]
FF Extension: MyBrowserCash - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\mybrowsercash@mybrowsercash.com.xpi [2014-10-02]
FF Extension: Adblock Plus - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-15]
FF Extension: iGraal - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\Extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}.xpi [2014-10-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-16]
FF HKLM\...\Firefox\Extensions: [shopclever@extension] - C:\Program Files\ShopClever\Firefox
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Yoshimaru\AppData\Roaming\Mozilla\Firefox\Profiles\uv0av2f5.default-1354092064490\extensions\faststartff@gmail.com

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll ()
CHR Plugin: (Application Manager) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\Yoshimaru\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Yoshimaru\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]
CHR Extension: (YouTube) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Adblock Plus) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-02]
CHR Extension: (Google-Suche) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (Google Mail) - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn10.crx []
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Yoshimaru\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-05-29]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Yoshimaru\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49248 2007-01-12] (Symantec Corporation)
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-21] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-21] (globalUpdate) [File not signed]
R2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [492496 2014-10-01] (Client Connect LTD)
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174664 2007-05-24] (Symantec Corporation)
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-05] (Symantec Corporation)
S4 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-09-19] (TuneUp Software)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-09-05] (Vodafone) [File not signed]
R2 vosr; C:\Users\Yoshimaru\AppData\Roaming\VOPackage\VOsrv.exe [53248 2014-05-20] () [File not signed] <==== ATTENTION
R2 Wajam Internet Enhancer Service; C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [305152 2014-09-25] (Wajam Internet Technologies Inc.) [File not signed] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-01-01] (Avira Operations GmbH & Co. KG)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387384 2007-01-10] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\dddsk.sys [22312 2009-02-12] (EldoS Corporation)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-28] (Symantec Corporation)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-10-11] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [181912 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2007-05-24] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [514560 2006-11-02] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 oflpydin; \??\C:\Users\YOSHIM~1\AppData\Local\Temp\oflpydin.sys [X]
U5 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [191544 2007-01-09] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 18:17 - 2014-10-22 18:18 - 00028833 _____ () C:\Users\Yoshimaru\Downloads\FRST.txt
2014-10-22 18:17 - 2014-10-22 18:17 - 00000000 ____D () C:\FRST
2014-10-22 18:15 - 2014-10-22 18:15 - 01102336 _____ (Farbar) C:\Users\Yoshimaru\Downloads\FRST.exe
2014-10-22 16:21 - 2014-10-22 16:21 - 00000940 _____ () C:\Users\Yoshimaru\Desktop\Continue Live Installation.lnk
2014-10-21 04:53 - 2014-10-21 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-10-21 04:53 - 2014-10-21 04:53 - 00000000 ____D () C:\Program Files\Wajam
2014-10-21 04:51 - 2014-10-22 18:06 - 00002436 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5_user.job
2014-10-21 04:51 - 2014-10-22 18:04 - 00005174 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-11.job
2014-10-21 04:51 - 2014-10-22 18:04 - 00004484 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-4.job
2014-10-21 04:51 - 2014-10-22 18:04 - 00004148 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-6.job
2014-10-21 04:51 - 2014-10-22 18:04 - 00003804 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-7.job
2014-10-21 04:51 - 2014-10-22 18:04 - 00003114 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-1.job
2014-10-21 04:51 - 2014-10-22 18:04 - 00002436 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5.job
2014-10-21 04:51 - 2014-10-21 04:51 - 00000000 ____D () C:\Program Files\Google
2014-10-21 04:50 - 2014-10-22 18:04 - 00004148 _____ () C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-3.job
2014-10-21 04:50 - 2014-10-22 18:04 - 00000960 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-21 04:50 - 2014-10-22 16:55 - 00000964 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-21 04:50 - 2014-10-21 04:51 - 00000000 ____D () C:\Program Files\CinePlus-1.2V20.10
2014-10-21 04:50 - 2014-10-21 04:50 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Local\globalUpdate
2014-10-21 04:50 - 2014-10-21 04:50 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-21 04:47 - 2014-10-21 04:47 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\Dorrible
2014-10-21 04:46 - 2014-10-22 18:08 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Local\WinnerDM
2014-10-21 04:46 - 2014-10-21 04:46 - 01768319 _____ () C:\Users\Yoshimaru\Downloads\Code.rar_21aFG.rar
2014-10-21 04:46 - 2014-10-21 04:46 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Download Manager
2014-10-21 00:27 - 2014-10-21 00:27 - 00000133 _____ () C:\Users\Yoshimaru\Desktop\Drachenkrieg.url
2014-10-21 00:27 - 2014-10-21 00:27 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legend - Legacy Of The Dragons
2014-10-21 00:02 - 2014-10-22 18:08 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Local\MyComGames
2014-10-21 00:02 - 2014-10-21 00:02 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.Com GAMES
2014-10-20 23:26 - 2014-10-20 23:26 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\FLEXnet
2014-10-20 23:09 - 2014-10-20 23:09 - 00002074 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-10-20 23:09 - 2014-10-20 23:09 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\Vodafone
2014-10-20 23:09 - 2014-10-20 23:09 - 00000000 ____D () C:\ProgramData\Vodafone
2014-10-20 23:09 - 2014-10-20 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-10-20 23:08 - 2014-10-20 23:08 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-20 23:08 - 2014-10-20 23:08 - 00000000 ____D () C:\Program Files\Vodafone
2014-10-18 19:34 - 2014-10-21 16:38 - 00000237 _____ () C:\Users\Yoshimaru\Desktop\Anmeldung.txt
2014-10-17 19:28 - 2014-10-18 15:55 - 00000574 _____ () C:\Users\Yoshimaru\Desktop\Neues Textdokument (3).txt
2014-10-15 22:47 - 2014-10-15 22:47 - 00006767 _____ () C:\Users\Yoshimaru\Desktop\index.jpeg
2014-10-15 20:32 - 2014-10-15 21:27 - 00001647 _____ () C:\Users\Yoshimaru\Desktop\Boni.tv.txt
2014-10-14 21:26 - 2014-10-14 21:26 - 00000162 _____ () C:\Users\Yoshimaru\Downloads\data.qst
2014-10-14 19:48 - 2014-10-14 19:48 - 01168896 _____ (Questler) C:\Users\Yoshimaru\Downloads\Bonusfinder2.exe
2014-10-09 16:08 - 2014-10-09 16:12 - 00000006 _____ () C:\Users\Yoshimaru\Desktop\Neues Textdokument (2).txt
2014-10-09 11:51 - 2014-10-09 13:13 - 00002283 _____ () C:\Users\Yoshimaru\Desktop\Neues Textdokument.txt
2014-10-09 08:47 - 2014-10-09 08:47 - 00000000 ____D () C:\Users\Yoshimaru\Desktop\Neuer Ordner
2014-10-07 12:39 - 2014-10-07 12:39 - 00000082 _____ () C:\Users\Yoshimaru\Desktop\2855.txt
2014-10-03 17:19 - 2014-10-20 23:10 - 00062400 _____ () C:\Users\Yoshimaru\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 13:59 - 2014-10-20 23:16 - 00257976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 02:04 - 2014-10-01 02:04 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\ASP
2014-10-01 02:03 - 2014-10-01 02:08 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\systweak
2014-10-01 01:59 - 2014-10-01 01:59 - 00000000 ____D () C:\Program Files\predm
2014-10-01 01:59 - 2014-10-01 01:59 - 00000000 ____D () C:\Program Files\ORBTR
2014-09-29 11:58 - 2014-09-29 15:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-29 11:58 - 2014-09-29 11:58 - 00000000 ____H () C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-09-29 11:58 - 2014-09-29 11:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-09-29 11:58 - 2009-07-14 03:19 - 00445008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-09-29 11:58 - 2009-07-14 03:19 - 00038480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-09-29 11:58 - 2009-06-10 23:27 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2014-09-26 00:14 - 2014-09-26 00:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 18:10 - 2013-06-06 23:11 - 01210904 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 18:08 - 2012-10-14 13:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 18:06 - 2013-01-21 12:17 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-22 18:04 - 2006-11-02 15:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-22 18:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 18:04 - 2006-11-02 14:47 - 00003456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:04 - 2006-11-02 14:47 - 00003456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:00 - 2012-10-26 19:30 - 00000452 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-10-21 01:03 - 2013-01-07 00:47 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\ITTerritory
2014-10-20 23:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 23:09 - 2006-11-02 12:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 23:08 - 2007-05-24 13:25 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-10-20 23:06 - 2013-01-21 15:30 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Local\Downloaded Installations
2014-10-20 02:01 - 2012-10-26 19:30 - 00000426 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-10-18 13:08 - 2013-06-20 14:08 - 00000000 ____D () C:\Users\Yoshimaru\Documents\VMCLite
2014-10-17 19:20 - 2012-10-14 16:29 - 00000000 ___RD () C:\Users\Yoshimaru\Desktop\Yoshimaru
2014-10-15 13:39 - 2012-10-22 18:13 - 00000000 ____D () C:\Users\Yoshimaru\AppData\Roaming\vlc
2014-10-14 10:20 - 2012-11-01 04:42 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 10:20 - 2012-11-01 04:42 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-14 02:44 - 2014-03-18 13:15 - 00000000 ___RD () C:\Users\Yoshimaru\Desktop\Woq2
2014-10-07 12:13 - 2014-04-29 20:12 - 00000000 ____D () C:\ProgramData\AlawarWrapper
2014-10-03 15:11 - 2014-04-13 07:28 - 00000000 ___RD () C:\Users\Yoshimaru\Desktop\Mein Juwel
2014-10-01 02:02 - 2012-10-14 12:42 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-01 02:02 - 2012-10-14 12:12 - 00000954 _____ () C:\Users\Yoshimaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-29 12:02 - 2006-11-02 17:31 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-09-29 11:57 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-26 18:13 - 2012-10-14 12:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad


Some content of TEMP:
====================
C:\Users\Yoshimaru\AppData\Local\Temp\avgnt.exe
C:\Users\Yoshimaru\AppData\Local\Temp\MyComSetup_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-22 18:14

==================== End Of Log ============================
         
--- --- ---

Addition.txt

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by Yoshimaru at 2014-10-22 18:18:37
Running from C:\Users\Yoshimaru\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AppCore (Version: 1 - Symantec Corporation) Hidden
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
AV (Version: 1 - Symantec Corporation) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
ccCommon (Version: 106.2.0.21 - Symantec) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.01 - TOSHIBA)
Center@Mail.Ru - EU (HKCU\...\GameCenterMailRu-EU) (Version: 2.419 - LLC Mail.Ru)
CinePlus-1.2V20.10 (HKLM\...\CinePlus-1.2V20.10) (Version: 1.35.9.29 - CinemaPlusV20.10)
Drakensang Online (HKLM\...\Drakensang Online) (Version:  - )
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG)
Google Chrome (HKCU\...\Google Chrome) (Version: 25.0.1364.97 - Google Inc.)
IBot 5.07 (HKLM\...\{8091803D-96B2-4A9E-BF9A-E8376BF6DEF6}}_is1) (Version: 5.07 - Profibot)
Installer (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Legend - Legacy Of The Dragons (HKCU\...\Legend - Legacy Of The Dragons (DE)) (Version: 1.9 - Mail.Ru Games GmbH)
Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden
Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (HKLM\...\o2DE) (Version:  - Mobile Connection Manager)
Mobistel Cynus T2 Drivers(x64) (HKLM\...\{C3F57607-592D-458F-81AE-349FD05DFA74}) (Version: 1.00 - Mobistel)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.Com GAMES (HKCU\...\MyComGames) (Version: 2.19 - BENSTAR LIMITED)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
No23 Recorder (HKLM\...\No23 Recorder) (Version: 2.1.0.3 - No23)
No23 Recorder (Version: 2.1.0.3 - No23) Hidden
Norton Confidential Browser Component (Version: 1.5.0.29 - Symantec Corporation) Hidden
Norton Confidential Web Protection Component (Version: 1.5.0.29 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}) (Version: 10.2.0.30 - Symantec Corporation)
Norton Internet Security (Version: 10.1.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 10.2.0.30 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2007.2.0.22 - Symantec Corporation) Hidden
Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
Ribble (HKCU\...\Ribble) (Version: 1.3.4.0 - Dorrible)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.0 (HKLM\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SymNet (Version: 7.2.0.15 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.23.11 - Synaptics)
TOSHIBA Benutzerhandbücher (HKLM\...\{56995235-B76E-44A6-BA17-8FF13D3F907A}) (Version: 7.30 - TOSHIBA)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD03) - Agere Systems)
TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.2020.4 - TuneUp Software)
TuneUp Utilities 2013 (Version: 13.0.2020.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.2020.4 - TuneUp Software) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Vodafone Mobile Broadband (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.408.46426 - Vodafone)
Wajam (HKLM\...\Wajam) (Version: 2.15 (i2.5) - Wajam) <==== ATTENTION
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9-Reihe (Version: 9.00.2980 - Microsoft Corporation) Hidden
Winner Download Manager (HKCU\...\WinnerDM) (Version:  - Winner Solutions LLC)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Qin 2 Version 2100 (HKLM\...\{FC26F601-7CE4-4B59-B0A8-5E4359173097}_is1) (Version: 2100 - WoQ2Server.de)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-908785102-3865279340-3334126312-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Yoshimaru\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-908785102-3865279340-3334126312-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Yoshimaru\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-908785102-3865279340-3334126312-1000_Classes\CLSID\{5A8FF410-F3CE-4844-B31B-F18D911239E8}\InprocServer32 -> C:\Users\Yoshimaru\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll (LLC Mail.Ru)
CustomCLSID: HKU\S-1-5-21-908785102-3865279340-3334126312-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Yoshimaru\AppData\Local\Google\Chrome\Application\25.0.1364.97\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-908785102-3865279340-3334126312-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Yoshimaru\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-908785102-3865279340-3334126312-1000_Classes\CLSID\{9FBA1E11-455C-4499-8C34-BABB1DF85598}\InprocServer32 -> C:\Users\Yoshimaru\AppData\Local\MyComGames\NPMyComDetector.dll (My.com, Inc)

==================== Restore Points  =========================

18-10-2014 17:26:21 Geplanter Prüfpunkt
20-10-2014 02:07:27 Geplanter Prüfpunkt
20-10-2014 18:13:40 Geplanter Prüfpunkt
20-10-2014 21:06:54 Removed Vodafone Mobile Connect Lite.
20-10-2014 21:07:35 Installed Vodafone Mobile Broadband.
22-10-2014 08:39:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {010A53EC-490E-4891-A9B9-C6C76ED6B646} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {18CFB9E4-07C1-4F24-9C44-0B6848EE0358} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-7 => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-7.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2EE8F97E-AB87-4EDC-A3E7-1FACEEE2E2E5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-908785102-3865279340-3334126312-1000Core => C:\Users\Yoshimaru\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-30] (Facebook Inc.)
Task: {32C0C017-31CA-4B85-92FD-1526EB1B1D8F} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-4 => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-4.exe
Task: {34C5E48E-40CC-46A5-964E-EFFBA77BD78F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-21] (globalUpdate) <==== ATTENTION
Task: {37296CAA-D7AC-4421-8F6F-55AFB0CE7C11} - System32\Tasks\{378E4DEA-7C1C-4164-A9DF-19C877C76453} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {37625604-62C6-4E8B-8BDD-30690518FA43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {38A60FC6-1187-4498-900D-3B501415B74C} - System32\Tasks\Opera scheduled Autoupdate 1406417799 => C:\Program Files\Opera\launcher.exe [2014-08-27] (Opera Software)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3BCF013A-8C8F-4BCA-99C6-9E7A70CEB67B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-908785102-3865279340-3334126312-1000UA => C:\Users\Yoshimaru\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-30] (Facebook Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {4D882E30-9850-4D7E-8D1C-95595CF06481} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-6 => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-6.exe
Task: {504EC081-DC5E-47D7-AB7A-7FBDF789210D} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMNJGMOMOMHMJJLMPMCNIMLMMJGMCNLMOJOJHMCNGMPMIMNMCNNMJJHMKJHMMJOMNMLJOMKJMJJNJICMIMCNHMCNMMFMIMCNPMCNJMPMPMPMFMJMCNPMCNJMPMPMPMCNNMJNPICMPMFMFMJMJNHICMHJOJCJCJGJJNBJCMGKAJMIHJGJCJOJNIKIJNKJCMJNNICMJNDJCMLJKJ"
Task: {55EE38D9-DC74-4FFE-BD34-C79FBA98F1D1} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {5821C35D-FFF2-4072-8D4F-CC4E72EC0B6E} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {5FC4F7F9-CE62-4CAB-87D6-A90F3C58F061} - System32\Tasks\Google Updater and Installer => C:\Users\Yoshimaru\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {62D31EFE-16B9-4F0F-9CD2-E0A42E81292C} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {64E436F6-FC35-4EF8-874D-6CC607CA8B2C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {7449716D-3C02-4870-B2BE-2C258DACD3E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01] (Adobe Systems Incorporated)
Task: {7C5B9BF0-DD7D-4457-A0EB-1ADDE2374ABD} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-3 => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-3.exe
Task: {8CA8B1A4-3178-41F2-A066-B8A2C6A29EDD} - System32\Tasks\Ribble => C:\Users\Yoshimaru\AppData\Roaming\Dorrible\Ribble\d.exe [2014-09-29] ()
Task: {8CA9961C-18C5-42C9-9144-2D354A926DE1} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {98AFF4D6-0CF2-4234-AA90-7C8471ACEBB9} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-21] (globalUpdate) <==== ATTENTION
Task: {9D2FC609-0A85-482F-879C-A374C4C82435} - System32\Tasks\{E8D3535E-351F-4FA5-B063-981F20EEDB98} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9F081CD0-975F-43B7-AD95-013F4391D902} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5 => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5.exe [2014-10-21] ()
Task: {AF80B5EA-0E7F-4A2C-B751-51EE04A7D92F} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RCP\RegCleanPro.exe <==== ATTENTION
Task: {B4A6E8B6-0B0D-4ADE-9BE1-D9865A5F3F79} - System32\Tasks\{1E6AEE3D-A891-423A-ABC5-2FF8905A32A4} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {BB6A9BB6-B460-4201-BDDC-9E5A5F60313B} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5_user => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5.exe [2014-10-21] ()
Task: {D5548B17-A780-4E37-BE3D-D2F71B5EFC12} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-11 => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-11.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {ED4DEB35-BCE1-429B-B07F-40BA7015CA09} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {F9ECC64C-2F9B-4676-8E36-C517DE2EB1CF} - System32\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-1 => C:\Program Files\CinePlus-1.2V20.10\CinePlus-1.2V20.10-codedownloader.exe
Task: {FD21B502-DD52-4804-A506-28972604F4DA} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-1.job => C:\Program Files\CinePlus-1.2V20.10\CinePlus-1.2V20.10-codedownloader.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-11.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-11.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-3.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-3.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-4.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-4.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5_user.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-5.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-6.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-6.exe
Task: C:\Windows\Tasks\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-7.job => C:\Program Files\CinePlus-1.2V20.10\dcc79aa7-896e-4109-8bbf-22e4992a4e7a-7.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-908785102-3865279340-3334126312-1000Core.job => C:\Users\Yoshimaru\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-908785102-3865279340-3334126312-1000UA.job => C:\Users\Yoshimaru\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2007-05-24 13:27 - 2007-02-05 18:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2007-05-24 13:27 - 2004-05-27 18:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2006-11-02 12:25 - 2007-03-30 11:04 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-05-24 13:27 - 2007-03-22 17:09 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2014-05-20 11:18 - 2014-05-20 11:18 - 00053248 _____ () C:\Users\Yoshimaru\AppData\Roaming\VOPackage\VOsrv.exe
2006-11-02 08:47 - 2006-11-02 11:46 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2014-09-26 00:15 - 2014-09-26 00:15 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:52B72A7C
AlternateDataStreams: C:\ProgramData\Temp:5F91AB27
AlternateDataStreams: C:\ProgramData\Temp:AFFC859A
AlternateDataStreams: C:\ProgramData\Temp:C28667BE
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Yoshimaru^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Yoshimaru^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk => C:\Windows\pss\runctf.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Yoshimaru\AppData\Local\Smartbar\Application\Linkury.exe startup
MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desktop SMS => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Yoshimaru\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin
MSCONFIG\startupreg: GameCenterMailRu-EU => "C:\Users\Yoshimaru\AppData\Local\Mail.Ru\GameCenter-EU\GameCenter@Mail.Ru.exe" -autostart
MSCONFIG\startupreg: Google Update => "C:\Users\Yoshimaru\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IS CfgWiz => "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Questler Bonusfinder => C:\Users\Yoshimaru\Downloads\Bonusfinder2.exe
MSCONFIG\startupreg: RoboForm => "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun                                                                                                                                                                                                              
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MSCONFIG\startupreg: VMCL => C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

========================= Accounts: ==========================

Administrator (S-1-5-21-908785102-3865279340-3334126312-500 - Administrator - Disabled)
Gast (S-1-5-21-908785102-3865279340-3334126312-501 - Limited - Disabled)
Yoshimaru (S-1-5-21-908785102-3865279340-3334126312-1000 - Administrator - Enabled) => C:\Users\Yoshimaru

==================== Faulty Device Manager Devices =============

Name: isatap.{1C5D897C-972D-4D6D-8B71-0FA12EDE74CE}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 06:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Orbt.ext, Version 1.5.3.0, Zeitstempel 0x4e1471b8, fehlerhaftes Modul fastprox.dll, Version 6.0.6000.16830, Zeitstempel 0x49acaf15, Ausnahmecode 0xc0000096, Fehleroffset 0x00001d28,
Prozess-ID 0xcc8, Anwendungsstartzeit Orbt.ext0.

Error: (10/22/2014 06:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung TJ2Client.exe, Version 2100.1212.1.0, Zeitstempel 0x475f3f30, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0d333d30,
Prozess-ID 0xdc8, Anwendungsstartzeit TJ2Client.exe0.

Error: (10/22/2014 04:49:43 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Error: (10/22/2014 03:53:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung VmbNotifier.exe, Version 10.3.408.46426, Zeitstempel 0x52287af4, fehlerhaftes Modul VmbNotifier.exe, Version 10.3.408.46426, Zeitstempel 0x52287af4, Ausnahmecode 0xc0000005, Fehleroffset 0x000187d7,
Prozess-ID 0xc68, Anwendungsstartzeit VmbNotifier.exe0.

Error: (10/22/2014 03:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Orbt.ext, Version 1.5.3.0, Zeitstempel 0x4e1471b8, fehlerhaftes Modul fastprox.dll, Version 6.0.6000.16830, Zeitstempel 0x49acaf15, Ausnahmecode 0xc0000096, Fehleroffset 0x00001d28,
Prozess-ID 0xcc8, Anwendungsstartzeit Orbt.ext0.

Error: (10/22/2014 03:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung TJ2Client.exe, Version 2100.1212.1.0, Zeitstempel 0x475f3f30, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x098a3d30,
Prozess-ID 0xecc, Anwendungsstartzeit TJ2Client.exe0.

Error: (10/22/2014 03:18:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung TJ2Client.exe, Version 2100.1212.1.0, Zeitstempel 0x475f3f30, fehlerhaftes Modul GmaEffect_TJ2.dll, Version 0.6.810.1, Zeitstempel 0x443f5e6d, Ausnahmecode 0xc0000005, Fehleroffset 0x0001fab9,
Prozess-ID 0xb88, Anwendungsstartzeit TJ2Client.exe0.

Error: (10/22/2014 08:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung TJ2Client.exe, Version 2100.1212.1.0, Zeitstempel 0x475f3f30, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0c063d30,
Prozess-ID 0xa58, Anwendungsstartzeit TJ2Client.exe0.

Error: (10/22/2014 06:04:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Orbt.ext, Version 1.5.3.0, Zeitstempel 0x4e1471b8, fehlerhaftes Modul fastprox.dll, Version 6.0.6000.16830, Zeitstempel 0x49acaf15, Ausnahmecode 0xc0000096, Fehleroffset 0x00001d28,
Prozess-ID 0xe60, Anwendungsstartzeit Orbt.ext0.

Error: (10/22/2014 06:01:31 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.


System errors:
=============
Error: (10/22/2014 06:06:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Orbiter

Error: (10/22/2014 06:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Ricoh xD-Picture Card Driver%%1058

Error: (10/22/2014 06:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimsptsk%%1058

Error: (10/22/2014 06:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%1058

Error: (10/22/2014 06:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (10/22/2014 03:52:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Orbiter

Error: (10/22/2014 03:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Ricoh xD-Picture Card Driver%%1058

Error: (10/22/2014 03:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimsptsk%%1058

Error: (10/22/2014 03:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%1058

Error: (10/22/2014 03:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (10/22/2014 06:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Orbt.ext1.5.3.04e1471b8fastprox.dll6.0.6000.1683049acaf15c000009600001d28cc801cfee1239dccddf

Error: (10/22/2014 06:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TJ2Client.exe2100.1212.1.0475f3f30unknown0.0.0.000000000c00000050d333d30dc801cfee0381747e35

Error: (10/22/2014 04:49:43 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (10/22/2014 03:53:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VmbNotifier.exe10.3.408.4642652287af4VmbNotifier.exe10.3.408.4642652287af4c0000005000187d7c6801cfedff648b3c45

Error: (10/22/2014 03:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Orbt.ext1.5.3.04e1471b8fastprox.dll6.0.6000.1683049acaf15c000009600001d28cc801cfedff66762425

Error: (10/22/2014 03:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TJ2Client.exe2100.1212.1.0475f3f30unknown0.0.0.000000000c0000005098a3d30ecc01cfedf984e7b110

Error: (10/22/2014 03:18:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TJ2Client.exe2100.1212.1.0475f3f30GmaEffect_TJ2.dll0.6.810.1443f5e6dc00000050001fab9b8801cfedae39994247

Error: (10/22/2014 08:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TJ2Client.exe2100.1212.1.0475f3f30unknown0.0.0.000000000c00000050c063d30a5801cfedaefbb85b97

Error: (10/22/2014 06:04:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Orbt.ext1.5.3.04e1471b8fastprox.dll6.0.6000.1683049acaf15c000009600001d28e6001cfedad23efde57

Error: (10/22/2014 06:01:31 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Percentage of memory in use: 49%
Total physical RAM: 2038.75 MB
Available physical RAM: 1019.9 MB
Total Pagefile: 4290.54 MB
Available Pagefile: 3102.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.88 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:55.66 GB) (Free:19.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:54.66 GB) (Free:21.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 5D9F3862)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=55.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=54.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Hoffe ihr könnt mir helfen.

lg

Geändert von Yoshimaru (22.10.2014 um 17:44 Uhr) Grund: denn Code vergessen.

Alt 22.10.2014, 18:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Continue Live Installation Entfernen - Standard

Continue Live Installation Entfernen



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Installer

    Wajam


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Antwort

Themen zu Continue Live Installation Entfernen
4d36e972-e325-11ce-bfc1-08002be10318, askbar, browser, desktop, device driver, entfernen, fast start, fehlercode 31, fehlercode windows, flash player, homepage, iexplore.exe, install.exe, installation, installer entfernen, live installation, newtab, required, security, software, svchost.exe, symantec, teredo, this device cannot start. (code10), wajam entfernen, windows



Ähnliche Themen: Continue Live Installation Entfernen


  1. Windows 8: Ca. vor 1 Monat "continue live installation" eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2015 (5)
  2. Windows 7/8: Continue Live Installation (und mehr?) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.10.2015 (15)
  3. Continue Live Installation erscheint immer wieder...
    Log-Analyse und Auswertung - 12.04.2015 (11)
  4. Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt
    Log-Analyse und Auswertung - 07.04.2015 (5)
  5. Continue live installation
    Plagegeister aller Art und deren Bekämpfung - 22.03.2015 (17)
  6. Continue Live Installation meldung
    Log-Analyse und Auswertung - 22.03.2015 (17)
  7. Continue Live Installation lässt sich nicht entfernen.
    Log-Analyse und Auswertung - 16.03.2015 (13)
  8. Continue Live Installation
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (13)
  9. continue live installation/windows version installer bei Windows7
    Log-Analyse und Auswertung - 22.02.2015 (15)
  10. Windows 8: Werbung im Browser/ unerwünschte Installation: Continue Live Installation
    Log-Analyse und Auswertung - 20.02.2015 (24)
  11. Win7 Umbenennung Chrome Browser, Installation Continue Live Installation
    Log-Analyse und Auswertung - 01.01.2015 (11)
  12. Windows 8.1: Continue Live Installation
    Log-Analyse und Auswertung - 19.11.2014 (12)
  13. Windows 7 : Windows Version Installer Overlay und Continue Live Installation.exe verschwindet nicht.
    Log-Analyse und Auswertung - 09.10.2014 (9)
  14. Continue Live Installation
    Plagegeister aller Art und deren Bekämpfung - 01.10.2014 (17)
  15. habe ausversehen continue live installer herunterladen und kann ich nun nicht mehr entfernen
    Mülltonne - 30.08.2014 (1)
  16. habe ausversehen continue live installer herunterladen und kann ich nun nicht mehr entfernen
    Log-Analyse und Auswertung - 30.08.2014 (1)
  17. "Continue VuuPC Installation" vom Rechner entfernen
    Log-Analyse und Auswertung - 19.06.2014 (16)

Zum Thema Continue Live Installation Entfernen - Hallo bei mir öffnet sich oft das Fenster Continue Live Installation Ich habe Farbar's Recovery Scan Tool Heruntergeladen und denn Scan durchgeführt. FRST.txt FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter - Continue Live Installation Entfernen...
Archiv
Du betrachtest: Continue Live Installation Entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.