Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Festplatte C ist ständig belegt.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.10.2014, 13:53   #1
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Guten Tag!
Seit einigen Tagen ist meine Festplatte C mal mehr (0 MB von 452 GB), mal weniger belegt. Mehrmaliger Durchlauf von Avira, Kaspersky e.t.c. bringen für kurze Zeit mehr Speicherplatz. Selbst zur Erstellung von Logfiles ist zu wenig Speicherplatz vorhanden. Was kann ich tun?
Danke!

Alt 23.10.2014, 14:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 23.10.2014, 15:14   #3
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Sorry, aber wie bekomme ich die Scan-Ergebnisse in das Nachrichtenfeld?


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Wolfwilhelm (administrator) on WOLFWILHELM-PC on 23-10-2014 15:33:25
Running from C:\Users\Wolfwilhelm\Downloads
Loaded Profile: Wolfwilhelm (Available profiles: Wolfwilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Windows\System32\dmwu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEPSON Connect\mepService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\System32\sdiagpsv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEPSON Connect\mep.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1288890487\ee\aolsoftware.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) C:\Users\Wolfwilhelm\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1288890487\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$fec9dfbab9c4ecc7363ef906a2cebff5\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [teXXas] => C:\Program Files (x86)\teXXas\teXXas.exe [5147136 2008-04-25] ()
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [] => [X]
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-13] (Google Inc.)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\MountPoints2: {d4fcb416-f441-11e1-8a08-00038a000015} - E:\TVStick.exe
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3102910257-502917973-1973155659-1000\$fec9dfbab9c4ecc7363ef906a2cebff5\n. ATTENTION! ====> ZeroAccess?
AppInit_DLLs-x32: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
Startup: C:\Users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
ShortcutTarget: wkcalrem.LNK -> C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=hpdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer Group
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.msn.com/?ocid=hpdhp
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_ccp_3912_8&babsrc=SP_ss&mntrId=08a1ccd10000000000000015833fe1bd
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKCU - {4EBA493C-747B-40BF-8557-24A170A3A3FB} URL = hxxp://www.search.ask.com/web?tpid=ORJ&o=100000027&pf=V7&p2=&gct=&itbv=12.10.3.24&apn_uid=DE740232-4F03-4049-B290-E1B6C915C6B1&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_dbr=cr_23.0.1271.64&doi=2013-05-25&trgb=ALL&q={searchTerms}&psv=&pt=tb
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE404
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{B6B4506E-37DA-498A-9364-B9D1AE12E609}\{C7B97030-66F9-4212-86A8-BE4882F3DDAE}.bin (Download Protect)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{A8327DFD-990F-45CC-A8BC-092FB0FACF06}\{4D1ECABC-B04A-4B69-8E57-5F6007F795FA}.bin (Download Protect)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {2665693B-C4F3-434B-83DB-7574CF50C8B7} hxxp://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1B0A57B-FB4C-4B54-8DA2-EF8048B4E0B8}: [NameServer] 10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default
FF NewTab: hxxp://mystart.incredibar.com/?a=6OyWSGlY3A&i=26&loc=skw
FF DefaultSearchUrl: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js
FF SearchPlugin: C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012-09-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2011-01-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-09-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-09-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{41B78D2E-3B25-41B8-9266-508A44748821}] - C:\Windows\Installer\{82021014-DF3E-424D-AA8C-13FB3F5EF2A1}\{41B78D2E-3B25-41B8-9266-508A44748821}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{82021014-DF3E-424D-AA8C-13FB3F5EF2A1}\{41B78D2E-3B25-41B8-9266-508A44748821}.xpi [2014-10-21]
FF HKCU\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - e-webprint@epson.com [Not Found]
FF Extension: No Name - ff-bmboc@bytemobile.com [Not Found]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-09-14]
CHR Extension: (Download Protect) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjbgboefnjalbmhponpeboogiilifjc [2014-08-26]
CHR Extension: (Virtual Keyboard) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Wolfwilhelm\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-08-08]
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [2012-08-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\NewTab.crx [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\mjcm\SweetNT.crx [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2012-10-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [2930992 2014-09-17] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 OptionblFeatures; C:\Windows\system32\sdiagpsv.exe [106496 2012-10-05] () [File not signed]
S2 Browser Manager; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] ()
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 15:33 - 2014-10-23 15:34 - 00035166 _____ () C:\Users\Wolfwilhelm\Downloads\FRST.txt
2014-10-23 15:33 - 2014-10-23 15:33 - 00000000 ____D () C:\FRST
2014-10-23 15:32 - 2014-10-23 15:32 - 02112000 _____ (Farbar) C:\Users\Wolfwilhelm\Downloads\FRST64(1).exe
2014-10-23 15:21 - 2014-10-23 15:21 - 00000000 _____ () C:\Users\Wolfwilhelm\Downloads\FRST64.exe
2014-10-23 15:20 - 2014-10-23 15:21 - 01424907 _____ () C:\Users\Wolfwilhelm\Downloads\FRST64.exe.part
2014-10-23 15:20 - 2014-10-23 15:20 - 01103360 _____ (Farbar) C:\Users\Wolfwilhelm\Downloads\FRST.exe
2014-10-23 15:15 - 2014-10-23 15:15 - 00000484 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-23 15:14 - 2014-10-23 15:15 - 00000484 _____ () C:\Users\Wolfwilhelm\Downloads\defogger_disable.log
2014-10-23 15:14 - 2014-10-23 15:14 - 00050477 _____ () C:\Users\Wolfwilhelm\Downloads\Defogger(1).exe
2014-10-23 15:14 - 2014-10-23 15:14 - 00000000 _____ () C:\Users\Wolfwilhelm\defogger_reenable
2014-10-23 15:12 - 2014-10-23 15:12 - 00050477 _____ () C:\Users\Wolfwilhelm\Downloads\Defogger.exe
2014-10-23 09:30 - 2014-10-23 14:56 - 00002058 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 09:27 - 2014-10-23 12:34 - 00000168 _____ () C:\Windows\setupact.log
2014-10-23 09:27 - 2014-10-23 09:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-21 18:36 - 2014-10-21 18:36 - 00000000 ____D () C:\Program Files\{B6B4506E-37DA-498A-9364-B9D1AE12E609}
2014-10-21 18:36 - 2014-10-21 18:36 - 00000000 ____D () C:\Program Files (x86)\{A8327DFD-990F-45CC-A8BC-092FB0FACF06}
2014-10-21 18:08 - 2014-10-21 18:08 - 00003208 _____ () C:\Windows\System32\Tasks\{B2D1BC26-DB8D-4F8E-9FD1-65D08B9FAE02}
2014-10-21 18:05 - 2014-10-21 18:05 - 00003160 _____ () C:\Windows\System32\Tasks\{B7C8D6AD-FC2D-4682-8278-117DDDFEDF2D}
2014-10-21 16:02 - 2014-10-21 16:02 - 00000000 ____D () C:\Program Files\{B69CD3B4-2DBC-458B-AA98-4E4F02B87738}
2014-10-21 16:02 - 2014-10-21 16:02 - 00000000 ____D () C:\Program Files (x86)\{1D4CA4F5-931C-421E-A2BE-1DF681DFD9DB}
2014-10-20 09:12 - 2014-10-20 09:12 - 00003156 _____ () C:\Windows\System32\Tasks\{58D4A9CD-E6CF-4CEC-A600-74528B77DD2F}
2014-10-17 21:21 - 2014-10-17 21:21 - 09752765 _____ (AVAST Software) C:\Users\Wolfwilhelm\Downloads\avast_free_antivirus_setup_9_0_2021.exe.part
2014-10-02 12:11 - 2014-10-02 12:11 - 00044035 _____ () C:\Users\Wolfwilhelm\Desktop\data=U4aSnIyhBFNIJ3A8fCzUmaVIwyWq6RtIfB4QKiGq_w,AElf5OHBIv-NHynUKiQMoqjrjAC8l9wqIe5o6mRtWXJgiUOBlIkoIzmqqcH3xN38Sx_iNGcpB72a9yPh
2014-09-24 14:10 - 2014-09-24 14:10 - 00100622 _____ () C:\Users\Wolfwilhelm\Desktop\brunner.xps
2014-09-23 20:16 - 2014-09-24 08:27 - 00000000 ____D () C:\Program Files\{C1BDC444-0D18-4A15-813E-2597B9CBA183}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 15:32 - 2012-09-19 23:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-23 15:29 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 15:29 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 15:19 - 2010-11-04 18:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 15:14 - 2010-11-04 18:31 - 00000000 ____D () C:\Users\Wolfwilhelm
2014-10-23 14:40 - 2012-06-22 07:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 12:35 - 2010-11-04 18:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 12:34 - 2014-03-26 16:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-23 12:34 - 2009-09-07 16:42 - 00000961 _____ () C:\Windows\SysWOW64\bscs.ini
2014-10-23 12:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 22:44 - 2013-03-24 19:40 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - Das Himmelsschloss
2014-10-21 22:44 - 2013-03-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - Das Himmelsschloss
2014-10-21 22:44 - 2012-07-13 20:32 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Helden der Wikinger
2014-10-21 22:44 - 2012-07-13 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Helden der Wikinger
2014-10-21 22:44 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-21 18:26 - 2012-12-11 18:34 - 00000000 ____D () C:\Program Files (x86)\ACD Systems
2014-10-21 17:31 - 2014-06-28 07:16 - 00000000 ____D () C:\Windows\system32\tprb
2014-10-21 11:03 - 2011-11-13 13:34 - 00000262 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-10-20 09:15 - 2010-07-13 13:45 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-10-20 09:14 - 2010-07-13 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-10-19 20:32 - 2011-09-05 13:30 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 08:14 - 2010-11-04 18:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 08:14 - 2010-11-04 18:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 22:20 - 2011-08-12 21:44 - 00000000 ____D () C:\Program Files (x86)\Zylom Games
2014-10-16 09:26 - 2012-10-14 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-15 13:14 - 2011-04-03 23:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-13 08:19 - 2014-08-26 07:40 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Local\SWDS
2014-09-30 17:37 - 2010-11-05 02:43 - 00663178 _____ () C:\Windows\system32\perfh007.dat
2014-09-30 17:37 - 2010-11-05 02:43 - 00133824 _____ () C:\Windows\system32\perfc007.dat
2014-09-30 17:37 - 2009-07-14 07:13 - 01524170 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 18:01 - 2014-06-28 07:16 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-26 18:01 - 2012-12-11 18:50 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2014-09-26 18:00 - 2013-04-09 09:49 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2014-09-24 19:40 - 2012-06-22 07:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:40 - 2012-06-22 07:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 19:40 - 2011-05-20 15:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 13:57 - 2010-11-22 09:39 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-09-23 20:16 - 2014-09-22 12:51 - 00000000 ____D () C:\Program Files (x86)\{CCC197F6-9AEE-4112-B569-BAD4782A61A8}

ZeroAccess:
C:\Windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}
C:\Windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@
C:\Windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\U\00000004.@
C:\Windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\L\00000004.@
C:\Windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\L\1afb2d56
C:\Windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\L\201d3dde

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3102910257-502917973-1973155659-1000\$fec9dfbab9c4ecc7363ef906a2cebff5

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$fec9dfbab9c4ecc7363ef906a2cebff5

ZeroAccess:
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@

Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
C:\ProgramData\to_r0tsef.pad


Some content of TEMP:
====================
C:\Users\Wolfwilhelm\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 11:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by Wolfwilhelm at 2014-10-23 15:34:26
Running from C:\Users\Wolfwilhelm\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autostart-Manager (HKLM-x32\...\{0C6DA7D3-EA2A-428B-8F8A-28EB811F57B2}) (Version: 6.01.0000 - Wirth IT Design )
BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Benutzerhandbuch EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Browser Manager (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - )
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Combat Wings (HKLM-x32\...\Combat Wings/DE-German_is1) (Version:  - City Interactive)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy: Helden der Wikinger (HKLM-x32\...\BFG-Farm Frenzy - Helden der Wikinger) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
IB Updater 2.0.0.575 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.575 - IncrediBar) <==== ATTENTION
IB Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.4.1 - ) <==== ATTENTION
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.65.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft AutoRoute 2005 (HKLM-x32\...\{67E4EE98-59F4-4220-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyEPSON Portal (HKLM-x32\...\MyEPSON Connect) (Version:  - SEIKO EPSON Corporation)
MyEPSON Portal (x32 Version: 1.0.4.0 - SEIKO EPSON CORPORATION) Hidden
Mystery Case Files&reg;: Dire Grove™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
Nokia_Multimedia_Common_Components_2_5 (HKLM-x32\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5903 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
teXXas (HKLM-x32\...\{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}) (Version: 1 - metaspinner net GmbH)
T-Mobile Internet Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Youda Legend (HKLM-x32\...\Youda Legend) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3102910257-502917973-1973155659-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\n. No File
CustomCLSID: HKU\S-1-5-21-3102910257-502917973-1973155659-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0272B32F-5070-4C67-9318-D7F77696F5B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {1A307194-7211-498C-800B-8173C14372DD} - System32\Tasks\{DFBCDA77-0E45-4063-B7BC-5D81FA3BD16D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {1C7C684A-43DC-4CEA-AB97-68A60D2DA881} - System32\Tasks\{892A8520-C31C-4381-AE42-0ADADEE233EE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {2128EEE4-25B8-4DBD-93B9-EDFA2EEFA5F3} - System32\Tasks\{17B7E77A-14D3-4C88-8968-A97488BB53EC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {21884149-F792-484D-AB2D-763F1EEF69ED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26A06891-8DAF-4D1C-B73E-EAC90BF45341} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {30351A0A-7FD7-4652-AF2A-AA3F76B13795} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3102910257-502917973-1973155659-1000
Task: {364A6CA0-A035-48FD-A7E3-0ED9F19AB493} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {46571DE3-4013-43A0-B6A8-B0C000A93F3C} - System32\Tasks\{1989B1BB-9ACD-4699-8B6B-EAF50A6C93C6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {56139A8E-DBBF-4068-A45C-410BD365CA52} - System32\Tasks\{FE0F46AC-009E-4352-87F9-088651D88426} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {5BF5F12E-47A9-4E3E-AD72-00C36CB8F015} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-06-24] (Acer)
Task: {B73F27FF-7748-4DFD-AE02-E355E19FCC5B} - System32\Tasks\{59638401-EAEE-4699-875F-387B7574D84D} => C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
Task: {B75D15BC-F623-44E8-81C2-3F3F6A2C6FCD} - System32\Tasks\{B9044C94-EF00-4EBC-9EA1-FDDD5A8D5906} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsPlugin
Task: {BF1ACFED-CC29-445C-9443-8EFDC7422275} - System32\Tasks\Browser Manager => Sc.exe start Browser Manager
Task: {DFEA8F06-1599-4DBF-81FF-AA03E2C5D4CC} - System32\Tasks\{5CAF399F-D519-409A-9407-C0CD0488E0E0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {E7C34016-2190-45E8-985D-5CEC14AFC77F} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EE665F4D-85D8-4D15-B8BF-7F0652FF63FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {FBDD8760-2FFD-4F75-81C7-2B69A4A16CF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {FDC41DF8-840E-400B-88B4-F0D7817F82CA} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-09-02 10:46 - 2009-09-02 10:46 - 00022016 _____ () C:\Windows\System32\BsTrace.dll
2014-02-08 08:10 - 2014-09-17 15:01 - 02930992 _____ () C:\Windows\system32\dmwu.exe
2012-10-05 22:28 - 2012-10-05 22:28 - 00106496 _____ () C:\Windows\system32\sdiagpsv.exe
2009-09-02 10:46 - 2009-09-02 10:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2009-09-02 10:46 - 2009-09-02 10:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2008-03-07 14:54 - 2008-03-07 14:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll
2009-09-02 10:46 - 2009-09-02 10:46 - 00044544 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2010-11-04 18:08 - 2010-06-09 19:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2011-01-13 00:13 - 2010-05-13 10:42 - 00215552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2012-12-06 16:20 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2009-09-02 10:43 - 2009-09-02 10:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2010-06-28 16:20 - 2010-06-28 16:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 16:12 - 2010-06-28 16:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 01:44 - 2013-04-19 01:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2009-09-02 10:48 - 2009-09-02 10:48 - 00144384 _____ () C:\Windows\system32\BsProfilefunc.dll
2011-01-13 00:13 - 2010-05-13 10:41 - 00594432 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
2011-01-13 00:13 - 2007-09-09 17:07 - 00151552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libexpat.dll
2012-05-13 10:11 - 2012-05-13 10:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9875ce06b9f0047956d97ccb4e82c672\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2004-01-09 22:02 - 2004-01-09 22:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll
2011-05-02 13:06 - 2014-10-15 13:14 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-10 20:06 - 2014-09-10 20:06 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0EC7A545
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:24164710
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:38B3DB6F
AlternateDataStreams: C:\ProgramData\Temp:3D26641D
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:423BBE9A
AlternateDataStreams: C:\ProgramData\Temp:488F7244
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4B1195DD
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53DF59D1
AlternateDataStreams: C:\ProgramData\Temp:59465B40
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:6247E766
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:6499508E
AlternateDataStreams: C:\ProgramData\Temp:6A4353C3
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6E2D80C8
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:700B9342
AlternateDataStreams: C:\ProgramData\Temp:726A7C8D
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:762408BA
AlternateDataStreams: C:\ProgramData\Temp:774A0E14
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7A3AAF2E
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:7FCB9D0D
AlternateDataStreams: C:\ProgramData\Temp:8075370B
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:870649A4
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:90C320E1
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:961B84C5
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A6D89509
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:A9056F42
AlternateDataStreams: C:\ProgramData\Temp:A9223B61
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B
AlternateDataStreams: C:\ProgramData\Temp:C0893153
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:CAB0171A
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC141B05
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E14FA16F
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3102910257-502917973-1973155659-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3102910257-502917973-1973155659-500 - Administrator - Disabled)
Gast (S-1-5-21-3102910257-502917973-1973155659-501 - Limited - Disabled)
Wolfwilhelm (S-1-5-21-3102910257-502917973-1973155659-1000 - Administrator - Enabled) => C:\Users\Wolfwilhelm

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 03:10:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x40e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/23/2014 03:10:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.0.0.5397 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9f4

Startzeit: 01cfeebeb3be5a9c

Endzeit: 529

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 49808af2-5ab5-11e4-bec2-00038a000015

Error: (10/23/2014 02:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xe68
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/23/2014 01:38:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1450
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/23/2014 01:38:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x10bc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/23/2014 00:44:52 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/23/2014 00:36:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: Wolfwilhelm-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/23/2014 00:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mcserver.exe, Version: 1.0.0.0, Zeitstempel: 0x4c1324dc
Name des fehlerhaften Moduls: dbus-1.dll, Version: 0.0.0.0, Zeitstempel: 0x4bebbb2c
Ausnahmecode: 0x40000015
Fehleroffset: 0x00055d8f
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0xmcserver.exe0
Pfad der fehlerhaften Anwendung: mcserver.exe1
Pfad des fehlerhaften Moduls: mcserver.exe2
Berichtskennung: mcserver.exe3

Error: (10/23/2014 11:53:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/23/2014 11:48:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mcserver.exe, Version: 1.0.0.0, Zeitstempel: 0x4c1324dc
Name des fehlerhaften Moduls: dbus-1.dll, Version: 0.0.0.0, Zeitstempel: 0x4bebbb2c
Ausnahmecode: 0x40000015
Fehleroffset: 0x00055d8f
ID des fehlerhaften Prozesses: 0x41c
Startzeit der fehlerhaften Anwendung: 0xmcserver.exe0
Pfad der fehlerhaften Anwendung: mcserver.exe1
Pfad des fehlerhaften Moduls: mcserver.exe2
Berichtskennung: mcserver.exe3


System errors:
=============
Error: (10/23/2014 03:35:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:34:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:34:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:33:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:32:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:31:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:30:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:29:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:28:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/23/2014 03:27:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060


Microsoft Office Sessions:
=========================
Error: (10/23/2014 03:10:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142540e801cfeebeb498b83fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlled4b58c9-5ab5-11e4-bec2-00038a000015

Error: (10/23/2014 03:10:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.0.0.53979f401cfeebeb3be5a9c529C:\Program Files (x86)\Mozilla Firefox\firefox.exe49808af2-5ab5-11e4-bec2-00038a000015

Error: (10/23/2014 02:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb8000000300001425e6801cfeeb78608330dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbded8253-5ab1-11e4-bec2-00038a000015

Error: (10/23/2014 01:38:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb8000000300001425145001cfeeb29b9610c6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1d1f1bdd-5aa9-11e4-bec2-00038a000015

Error: (10/23/2014 01:38:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142510bc01cfeead8efee461C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll14ac0d40-5aa9-11e4-bec2-00038a000015

Error: (10/23/2014 00:44:52 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/23/2014 00:36:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: Wolfwilhelm-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/23/2014 00:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcserver.exe1.0.0.04c1324dcdbus-1.dll0.0.0.04bebbb2c4000001500055d8f103401cfeead027d165dC:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exeC:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll5c3dd22c-5aa0-11e4-bec2-00038a000015

Error: (10/23/2014 11:53:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/23/2014 11:48:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcserver.exe1.0.0.04c1324dcdbus-1.dll0.0.0.04bebbb2c4000001500055d8f41c01cfeea66347f2f7C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exeC:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dllb0008c97-5a99-11e4-ab2c-00038a000015


CodeIntegrity Errors:
===================================
  Date: 2014-10-23 10:42:53.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.623
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.591
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.587
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-22 23:15:07.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-22 23:15:07.911
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-22 23:15:07.908
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-22 23:15:07.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 3958.71 MB
Available physical RAM: 2102.72 MB
Total Pagefile: 4876.02 MB
Available Pagefile: 2471.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1B2C6703)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 24.10.2014, 08:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BabylonObjectInstaller

    IB Updater 2.0.0.575

    IB Updater Service


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2014, 11:24   #5
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Code:
ATTFilter
ComboFix 14-10-24.01 - Wolfwilhelm 24.10.2014  11:37:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.1893 [GMT 2:00]
ausgeführt von:: c:\users\Wolfwilhelm\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\go_0molg.pad
c:\programdata\to_r0tsef.pad
c:\users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Wolfwilhelm\AppData\Roaming\05001.054
c:\users\Wolfwilhelm\AppData\Roaming\05001.054\components\AcroFF.txt
c:\users\Wolfwilhelm\AppData\Roaming\05001.054\install.rdf
c:\users\Wolfwilhelm\AppData\Roaming\AcroIEHelpe.txt
c:\users\Wolfwilhelm\AppData\Roaming\BabMaint.exe
c:\users\Wolfwilhelm\AppData\Roaming\srvblck5.tmp
c:\users\Wolfwilhelm\AppData\Roaming\Yrgady
c:\users\Wolfwilhelm\AppData\Roaming\Yrgady\enafe.wok
c:\windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}
c:\windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@
c:\windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\L\00000004.@
c:\windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\L\1afb2d56
c:\windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\L\201d3dde
c:\windows\Installer\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\U\00000004.@
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-24 bis 2014-10-24  ))))))))))))))))))))))))))))))
.
.
2014-10-24 09:09 . 2014-10-24 09:09	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-10-24 08:30 . 2014-10-24 08:30	--------	d-----w-	c:\program files (x86)\{382F91D5-2318-44B1-A915-16583AF59705}
2014-10-24 08:30 . 2014-10-24 08:30	--------	d-----w-	c:\program files\{98F46704-D8C8-4492-8CAD-4A5B271300AB}
2014-10-23 13:42 . 2014-10-23 13:42	--------	d-----w-	c:\program files (x86)\{8D784641-9F6B-4115-99ED-1DCA5EFA0E7E}
2014-10-23 13:42 . 2014-10-23 13:42	--------	d-----w-	c:\program files\{FC0B55F0-0298-4CBD-99ED-4AEBD5303D0A}
2014-10-23 13:33 . 2014-10-23 13:35	--------	d-----w-	C:\FRST
2014-10-21 16:36 . 2014-10-23 13:42	--------	d-----w-	c:\program files (x86)\{A8327DFD-990F-45CC-A8BC-092FB0FACF06}
2014-10-21 16:36 . 2014-10-23 13:42	--------	d-----w-	c:\program files\{B6B4506E-37DA-498A-9364-B9D1AE12E609}
2014-10-15 11:14 . 2014-10-15 11:14	220784	----a-w-	c:\program files (x86)\Mozilla Firefox\sandboxbroker.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 17:40 . 2012-06-22 05:53	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 17:40 . 2011-05-20 13:27	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-16 14:20 . 2011-02-19 21:51	608080	----a-w-	c:\windows\system32\msvcp100.dll
2014-09-16 14:20 . 2011-02-18 23:52	829264	----a-w-	c:\windows\system32\msvcr100.dll
2014-08-25 10:42 . 2014-08-25 10:42	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-25 10:42 . 2014-08-25 10:42	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-08-25 10:42 . 2014-08-25 10:42	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-08-25 10:42 . 2014-08-25 10:42	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-08-25 10:42 . 2014-08-25 10:42	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-08-25 10:42 . 2014-08-25 10:42	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-08-25 10:42 . 2014-08-25 10:42	85504	----a-w-	c:\windows\system32\mshtmled.dll
2014-08-25 10:42 . 2014-08-25 10:42	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-08-25 10:42 . 2014-08-25 10:42	81408	----a-w-	c:\windows\system32\icardie.dll
2014-08-25 10:42 . 2014-08-25 10:42	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-08-25 10:42 . 2014-08-25 10:42	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-08-25 10:42 . 2014-08-25 10:42	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-08-25 10:42 . 2014-08-25 10:42	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-08-25 10:42 . 2014-08-25 10:42	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-08-25 10:42 . 2014-08-25 10:42	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-08-25 10:42 . 2014-08-25 10:42	631808	----a-w-	c:\windows\system32\msfeeds.dll
2014-08-25 10:42 . 2014-08-25 10:42	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-08-25 10:42 . 2014-08-25 10:42	62464	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-08-25 10:42 . 2014-08-25 10:42	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-08-25 10:42 . 2014-08-25 10:42	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-08-25 10:42 . 2014-08-25 10:42	608768	----a-w-	c:\windows\system32\ie4uinit.exe
2014-08-25 10:42 . 2014-08-25 10:42	598016	----a-w-	c:\windows\system32\ieui.dll
2014-08-25 10:42 . 2014-08-25 10:42	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-08-25 10:42 . 2014-08-25 10:42	5721088	----a-w-	c:\windows\system32\jscript9.dll
2014-08-25 10:42 . 2014-08-25 10:42	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-08-25 10:42 . 2014-08-25 10:42	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-08-25 10:42 . 2014-08-25 10:42	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-08-25 10:42 . 2014-08-25 10:42	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-08-25 10:42 . 2014-08-25 10:42	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-08-25 10:42 . 2014-08-25 10:42	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-08-25 10:42 . 2014-08-25 10:42	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-08-25 10:42 . 2014-08-25 10:42	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2014-08-25 10:42 . 2014-08-25 10:42	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-08-25 10:42 . 2014-08-25 10:42	413696	----a-w-	c:\windows\system32\html.iec
2014-08-25 10:42 . 2014-08-25 10:42	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-25 10:42 . 2014-08-25 10:42	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-08-25 10:42 . 2014-08-25 10:42	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-08-25 10:42 . 2014-08-25 10:42	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-08-25 10:42 . 2014-08-25 10:42	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-25 10:42 . 2014-08-25 10:42	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-08-25 10:42 . 2014-08-25 10:42	292864	----a-w-	c:\windows\system32\dxtrans.dll
2014-08-25 10:42 . 2014-08-25 10:42	2768384	----a-w-	c:\windows\system32\iertutil.dll
2014-08-25 10:42 . 2014-08-25 10:42	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-08-25 10:42 . 2014-08-25 10:42	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-08-25 10:42 . 2014-08-25 10:42	266424	----a-w-	c:\windows\system32\iedkcs32.dll
2014-08-25 10:42 . 2014-08-25 10:42	247808	----a-w-	c:\windows\system32\msls31.dll
2014-08-25 10:42 . 2014-08-25 10:42	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-08-25 10:42 . 2014-08-25 10:42	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-08-25 10:42 . 2014-08-25 10:42	235520	----a-w-	c:\windows\system32\url.dll
2014-08-25 10:42 . 2014-08-25 10:42	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-08-25 10:42 . 2014-08-25 10:42	23464448	----a-w-	c:\windows\system32\mshtml.dll
2014-08-25 10:42 . 2014-08-25 10:42	2266112	----a-w-	c:\windows\system32\wininet.dll
2014-08-25 10:42 . 2014-08-25 10:42	2040832	----a-w-	c:\windows\system32\inetcpl.cpl
2014-08-25 10:42 . 2014-08-25 10:42	1964544	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-08-25 10:42 . 2014-08-25 10:42	195584	----a-w-	c:\windows\system32\msrating.dll
2014-08-25 10:42 . 2014-08-25 10:42	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-08-25 10:42 . 2014-08-25 10:42	1791488	----a-w-	c:\windows\SysWow64\wininet.dll
2014-08-25 10:42 . 2014-08-25 10:42	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-08-25 10:42 . 2014-08-25 10:42	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-08-25 10:42 . 2014-08-25 10:42	143872	----a-w-	c:\windows\system32\wextract.exe
2014-08-25 10:42 . 2014-08-25 10:42	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-08-25 10:42 . 2014-08-25 10:42	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-08-25 10:42 . 2014-08-25 10:42	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-08-25 10:42 . 2014-08-25 10:42	13527040	----a-w-	c:\windows\system32\ieframe.dll
2014-08-25 10:42 . 2014-08-25 10:42	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-08-25 10:42 . 2014-08-25 10:42	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-08-25 10:42 . 2014-08-25 10:42	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-08-25 10:42 . 2014-08-25 10:42	1249280	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-08-25 10:42 . 2014-08-25 10:42	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-08-25 10:42 . 2014-08-25 10:42	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-08-25 10:42 . 2014-08-25 10:42	1068032	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-08-25 10:42 . 2014-08-25 10:42	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-08-25 10:42 . 2014-08-25 10:42	101376	----a-w-	c:\windows\system32\inseng.dll
2014-08-25 10:42 . 2014-08-25 10:42	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-08-25 10:42 . 2014-08-25 10:42	774144	----a-w-	c:\windows\system32\jscript.dll
2014-08-25 10:42 . 2014-08-25 10:42	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-08-25 10:42 . 2014-08-25 10:42	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-08-25 10:42 . 2014-08-25 10:42	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-08-25 10:42 . 2014-08-25 10:42	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-08-25 10:42 . 2014-08-25 10:42	147968	----a-w-	c:\windows\system32\occache.dll
2014-08-25 10:42 . 2014-08-25 10:42	13824	----a-w-	c:\windows\system32\mshta.exe
2014-08-25 10:42 . 2014-08-25 10:42	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-08-25 10:42 . 2014-08-25 10:42	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-08-13 13:04 . 2010-06-24 10:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}]
2014-10-24 08:30	324096	----a-w-	c:\program files (x86)\{382F91D5-2318-44B1-A915-16583AF59705}\{B7C80A0B-48FB-485E-98E9-F38DE11794A1}.bin
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"teXXas"="c:\program files (x86)\teXXas\teXXas.exe" [2008-04-25 5147136]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"HostManager"="c:\program files (x86)\Common Files\AOL\1288890487\ee\AOLSoftware.exe" [2006-09-26 50736]
"BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]
.
c:\users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2004-7-12 15360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
MCtlSvc.lnk - c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2011-1-13 89600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Browser Manager;Browser Manager; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MyEPSON Connect Service;MyEPSON Connect Service;c:\program files (x86)\EPSON\MyEPSON Connect\mepService.exe;c:\program files (x86)\EPSON\MyEPSON Connect\mepService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 OptionblFeatures;Kernel Legacy WMI-Leistungsadapter;c:\windows\system32\sdiagpsv.exe;c:\windows\SYSNATIVE\sdiagpsv.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-19 18:20	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 17:40]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 06:13]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 06:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}]
2014-10-24 08:30	401408	----a-w-	c:\program files\{98F46704-D8C8-4492-8CAD-4A5B271300AB}\{A1E834C9-9C33-4BF6-8724-1D8B644D27E8}.bin
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/?a=6OyWSGlY3A&i=26&loc=skw
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B1B0A57B-FB4C-4B54-8DA2-EF8048B4E0B8}: NameServer = 10.74.83.22 193.254.160.1
FF - ProfilePath - c:\users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de?hl=de&gl=de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-08-25 18:47; {BC771772-1933-47FC-9BB0-0B38DF762296}; c:\windows\Installer\{8DBAFEE8-E522-4205-9682-521CA3410D63}\{BC771772-1933-47FC-9BB0-0B38DF762296}.xpi
FF - ExtSQL: 2014-08-25 19:07; firefox-hotfix@mozilla.org; c:\users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\extensions\firefox-hotfix@mozilla.org.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=08a1ccd10000000000000015833fe1bd&q=
FF - user.js: extensions.BabylonToolbar.id - 08a1ccd10000000000000015833fe1bd
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15609
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1221:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=120912_ccp_3912_8
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: browser.search.defaultenginename - Google
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.startup.homepage - hxxp://www.google.de/ncr
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyWSGlY3A&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 08a1ccd10000000000000015833fe1bd
FF - user.js: extensions.incredibar_i.instlDay - 15685
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:50
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyWSGlY3A
FF - user.js: extensions.incredibar_i.upn2n - 92262603964115846
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd - 
FF - user.js: browser.search.defaultenginename - Google
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.startup.homepage - hxxp://www.google.de?hl=de&gl=de
FF - user.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - user.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - user.js: browser.urlbar.autoFill - false//;
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-BFG-Farm Frenzy - Helden der Wikinger - c:\program files (x86)\Farm Frenzy - Helden der Wikinger\Uninstall.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\EPSON\MyEPSON Connect\mep.exe
c:\program files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-24  12:03:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-10-24 10:03
.
Vor Suchlauf: 437.227.520 Bytes frei
Nach Suchlauf: 210.337.792 Bytes frei
.
- - End Of File - - 9DFAE08E9FD9FBCC53C8310401785E0B
         
Moin!
Danke, hat Alles geklappt. Bis auf die Tatsache, das unter Revo Uninstaller kein Programm "IB Updater 2.0.0.575" erschienen ist. Freier Speicher momentan 15,3 MB von 452 GB.


Alt 25.10.2014, 08:02   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




TreeSize Free Download
TreeSize free starten, Schauen was soviel SPeicher belegt, davon einen Screenshot.


und ein frisches FRST log bitte.
__________________
--> Festplatte C ist ständig belegt.

Alt 26.10.2014, 09:23   #7
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Moin!
Jetzt komme ich gar nicht mehr ins Internet. Danke trotzdem.

Alt 26.10.2014, 17:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



geht das etwas genauer?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.10.2014, 09:53   #9
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Hi!
Bis zur "Google"-Seite komme ich gerade noch. Wenn ich dann mit "Trojaner-Board" verbunden werden möchte, bekomme ich die Meldung "Die Seite kann nicht angezeigt werden". 814MB von 452GB frei.

Code:
ATTFilter
/ Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.10.2014
Suchlauf-Zeit: 09:50:27
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.27.01
Rootkit Datenbank: v2014.10.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Wolfwilhelm

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420250
Verstrichene Zeit: 39 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 80
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, Löschen bei Neustart, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, Löschen bei Neustart, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\INPROCSERVER32, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [7a333adf4d2f290dfddb139215ed659b], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, In Quarantäne, [2984b3665c20290d0389f0f014ee42be], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [2984b3665c20290d0389f0f014ee42be], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, In Quarantäne, [2984b3665c20290d0389f0f014ee42be], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, In Quarantäne, [9c1153c647350c2aa56b24bf946e60a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [d3da3adf91ebf541b085485e08fa5ca4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [624b0c0d92ea2412cdbe15cbed153fc1], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, In Quarantäne, [218c60b9b4c80d29cebc3b0c25de8b75], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [189531e876068aac5336b98e669d21df], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [4c61b1685c201b1b708b0070e32145bb], 
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT, In Quarantäne, [f0bd8990ceaef83ec8483e397391738d], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, In Quarantäne, [e1ccdc3d3b41a88e4f4ded84df25eb15], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [327bd544cfadb185a783f04d24df23dd], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, In Quarantäne, [05a858c13f3db87e2664f94e57ac15eb], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, In Quarantäne, [8f1e55c4c1bb8da92057afe1b54f8e72], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [1994f920453782b43059bc8b7d8603fd], 
PUP.Optional.Perion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jifflliplgeajjdhmkcfnngfpgbjonjg, In Quarantäne, [743971a87804ba7c9a3161c5e221db25], 
PUP.Optional.Perion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niogeckbkdcabhnapjbkeiklablhjoca, In Quarantäne, [4b628b8ee09cb5815553a879fd0642be], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [703d75a490eca09695665d13d52fa45c], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [119c34e544388da97a950770db297a86], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Löschen bei Neustart, [b8f5db3e80fc65d14a6a571c8d77f30d], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [c9e48c8d98e452e430bed59a24e0a957], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [6c41f72288f4003661d794df7391ad53], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [d7d6df3aa4d85bdbda30b89111f24bb5], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Löschen bei Neustart, [95187f9aa0dcfe387c7e9cd4b74de51b], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Löschen bei Neustart, [862744d554287fb752bd8ee9bd4703fd], 

Registrierungswerte: 12
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [7a333adf4d2f290dfddb139215ed659b]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [86278e8b215b33033d9b6f36788aaf51], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 92262603964115846, In Quarantäne, [4c61b1685c201b1b708b0070e32145bb]
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT|PDV, [BLACKLIST=1] [CAPTURECHEXT=1], In Quarantäne, [f0bd8990ceaef83ec8483e397391738d]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [e2cb1108b5c777bfb6bebdbe7094ee12]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 92262603964115846, In Quarantäne, [703d75a490eca09695665d13d52fa45c]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [119c34e544388da97a950770db297a86]
PUP.Optional.BProtector, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3912_8&babsrc=HP_ss&mntrId=08a1ccd10000000000000015833fe1bd, Löschen bei Neustart, [a409b960a2da1c1a6877b5c7ab5958a8]
PUP.BProtector, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3912_8&babsrc=HP_ss&mntrId=08a1ccd10000000000000015833fe1bd, Löschen bei Neustart, [3d702eeb304c8aacb53b4f2047bd15eb]
PUP.BProtector, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [4b624dcce09c6ec8559cd79824e09e62]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 92262603964115846, Löschen bei Neustart, [95187f9aa0dcfe387c7e9cd4b74de51b]
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Löschen bei Neustart, [862744d554287fb752bd8ee9bd4703fd]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 5
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\LocalLow\BabylonToolbar, In Quarantäne, [c1eca8716b11c27436918084c73ccb35], 
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\LocalLow\BabylonToolbar\BabylonToolbar, In Quarantäne, [c1eca8716b11c27436918084c73ccb35], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\ChromeInfoBar, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\NewTab, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 

Dateien: 120
PUP.Optional.DownloadProtect.A, C:\Program Files\{98F46704-D8C8-4492-8CAD-4A5B271300AB}\{A1E834C9-9C33-4BF6-8724-1D8B644D27E8}.bin, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, C:\Program Files\{FC0B55F0-0298-4CBD-99ED-4AEBD5303D0A}\{B1DA7694-B713-4560-9A33-CBDE172B42A5}.bin, In Quarantäne, [ac01be5bc5b768cef29ba2abd0305fa1], 
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{8D784641-9F6B-4115-99ED-1DCA5EFA0E7E}\{F686077D-8D64-48FF-ABA5-E592F42F772E}.bin, In Quarantäne, [218cf3267a02fa3cbad3c4895da36d93], 
PUP.Optional.Downloadster, C:\Users\Wolfwilhelm\Downloads\java_setup.exe, In Quarantäne, [6d40c55453294aec50ff81a128d8a957], 
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, In Quarantäne, [8f1e6caded8f0e28fd8b94b361a21ce4], 
PUP.Optional.MyStartSearch.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\MyStart Search.xml, In Quarantäne, [238af425fb816bcb5d106be246bd8c74], 
PUP.Optional.BProtector.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\bprotector_extensions.sqlite, In Quarantäne, [d2db39e0dca05dd93ad4f35c887b39c7], 
PUP.Optional.BProtector.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\bprotector_prefs.js, In Quarantäne, [cbe2ae6be597de58e42b9ab5ab58e31d], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\ChromeInfoBar\data.txt, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\NewTab\data.txt, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\NewTab\NewTab.crx, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[e5c89e7ba0dcba7ca6928bd857aebf41]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[9914ac6d1567dd59fd3b7ae91fe6ba46]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the ), Ersetzt,[f0bd4ccda3d93501c375ef74d5301fe1]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while the app), Ersetzt,[b6f745d46c1090a698a0f96a2bda1be5]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[c5e8e732d5a740f62e0ab5ae0df8dc24]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (references

/* Do not edit this file.
 *
 * If you make changes to this file whil), Ersetzt,[8a2306136f0d87af78c0a2c113f21fe1]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ile.
 *
 * If you make changes to this file while ), Ersetzt,[109db465ceae3303290faeb530d5e21e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[6f3e6dac126add5911276ef545c0936d]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If you), Ersetzt,[6b4264b53f3d0d297bbd5d06e91ce020]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you make chan), Ersetzt,[733afc1d92eab185fa3ebca746bf7789]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make chang), Ersetzt,[7e2f9e7b522a69cd999fe47f9d68a15f]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while), Ersetzt,[2885af6a7a02ea4c70c8c89b07fe8f71]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s file.
 *
 * If you make changes to this file wh), Ersetzt,[604de732017bdb5b5cdc2a39d134b24e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If you make changes to this fil), Ersetzt,[4b62ff1aff7d4fe749ef73f04cb9c040]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this file whil), Ersetzt,[199482971a6258deef490261de27916f]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[8f1ec356f389bc7a70c81c47a065ac54]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make changes to this), Ersetzt,[08a568b1403c2412e256c99a689d8d73]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (not edit this file.
 *
 * If you make changes to this f), Ersetzt,[a30a7d9c92eaa2948aae7fe40cf91be5]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[3875cd4c225a0630b385adb63acbd42c]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 *), Ersetzt,[1a9378a1502c2a0cb8806df6d530fd03]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ll be overwritten when the application exits.
 *
 * To make a), Ersetzt,[baf3ca4f2a52df571226e77c937247b9]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[525bac6d74088aac6bcdf86b25e08f71]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[2c819e7bf983ac8a3404ed76fb0a7f81]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (Preferences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[d6d7c950b9c376c05ddb3a298085bf41]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[595441d8bcc0a096b880273c33d2ce32]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be ove), Ersetzt,[06a751c8275569cd4cec0d5673921ee2]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (he application is running,
 * the changes will be overw), Ersetzt,[0ca193868cf051e54deb372cd4310000]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[5b529089d8a4b284a98f570c61a419e7]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes to th), Ersetzt,[4e5ff52445374aec71c7f3703bcadb25]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make), Ersetzt,[f2bbae6b34483bfb47f1055e59ac8977]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes to this file while th), Ersetzt,[b2fb73a65c20ff3775c3dd8628dd2ad6]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while the a), Ersetzt,[7c310f0a621a54e2bc7cc79cad5810f0]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[eac3ea2f09739e98eb4d3a2943c26e92]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[7c313edbf28a43f3db5dbda64eb730d0]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[a30a2eebe29a9a9c33055a098e7709f7]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.incredibar.admin", false);), Ersetzt,[436abd5c1963b87ef941d58ec54011ef]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If ), Ersetzt,[dfced148a4d86cca2d0df370ba4bf10f]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If), Ersetzt,[624b091048346fc7ac8e1d46f51005fb]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * ), Ersetzt,[6b425cbdc9b3ec4a9f9bd58ed035a858]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If y), Ersetzt,[8b22f920592310262119ec773ec7e31d]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[04a935e494e8ac8a48f2ed763fc6e41c]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make), Ersetzt,[3d70b9601b61db5b89b13d26f70e23dd]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[129b5fba99e3fa3c3cfe9ac92cd96a96]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file w), Ersetzt,[e9c40217d1abc076fa408bd84eb77d83]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s file.
 *
 * If you make changes to this fil), Ersetzt,[ebc2ad6cd8a46cca2614263df510df21]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If you make changes to this), Ersetzt,[f1bcbe5bf68659dd80ba9cc7ee174db3]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this file while t), Ersetzt,[b5f8df3a601c22145fdbb8ab18ed12ee]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (/* Do not edit this file.
 *
 * If you make changes), Ersetzt,[3479011809734cea84b6b5ae4db89c64]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you ), Ersetzt,[05a8ed2c3745eb4b6fcb0d560df8659b]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes t), Ersetzt,[c9e48a8f6913ae887ac0e87b80859f61]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ot edit this file.
 *
 * If you make changes to thi), Ersetzt,[515cf12807754aec77c3c49f4abb3fc1]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you m), Ersetzt,[bfee96839fdddf5799a16bf8ed18659b]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you ), Ersetzt,[595490894c30e84e0733adb6e91c7c84]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * I), Ersetzt,[2984d544d7a587af5dddc1a2cd38966a]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (r Preferences

/* Do not edit this file.
 *
 * If y), Ersetzt,[e7c679a0a2da2115a793d19225e03ac6]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[218c25f4a7d549ed42f874efd62f48b8]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[38752aef671567cf6cce352eb94c6b95]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (references

/* Do not edit this file.
 *
 * If ), Ersetzt,[703d63b686f6a294c2783b28f60fdf21]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you ), Ersetzt,[cce1da3f205c999d23178cd7788daf51]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * th), Ersetzt,[218c5cbd4f2d251150ea94cf57ae7a86]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (this file while the application is running,
 * the ch), Ersetzt,[436a78a17309d85eae8c4b184abb4ab6]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you make changes to), Ersetzt,[9914a5748cf05cda9e9c76ed45c059a7]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes t), Ersetzt,[a50825f4afcd71c5ca70ce950df80df3]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make changes to), Ersetzt,[7e2f6dacf38980b682b86003d332619f]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[218c72a73844bf77dd5d4b18966f748c]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you make), Ersetzt,[9b129b7e403ce55149f11f44bf468c74]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you), Ersetzt,[208d170297e53ef8d7632d36f2130000]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[c3ea49d0f58774c22d0d441f5da837c9]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to this file w), Ersetzt,[e7c6ba5fa3d9f244a496135043c2b050]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (his file.
 *
 * If you make changes to this file while the a), Ersetzt,[6e3fd544196349ed44f685de1ee7fe02]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[bfeed940d5a784b2a1990d5624e101ff]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make), Ersetzt,[109da277dca0ea4c2d0daeb5fb0aa25e]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you ), Ersetzt,[f3ba77a29edef2448baf055e4cb98e72]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[17964bcef08c54e253e7aeb52fd68878]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If), Ersetzt,[77361207bbc1ee48ee4c7ee5bb4af30d]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (Preferences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[a20b2fea265671c50a301350907544bc]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make chan), Ersetzt,[a30a78a18eeec373df5bb9aae520bc44]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make change), Ersetzt,[416c3fdac1bbd264142613501ee711ef]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make change), Ersetzt,[fdb044d5c6b665d11f1b7de655b08b75]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the ch), Ersetzt,[416cc8515725f34359e15b089a6b1ae6]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (is file while the application is running,
 * the change), Ersetzt,[7d3061b8bfbd65d19c9e620145c0956b]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes to thi), Ersetzt,[585532e7f686bf77d664f2719c69ae52]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (o not edit this file.
 *
 * If you make changes to th), Ersetzt,[4d603fdae29a72c492a896cd6b9a9f61]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make changes to thi), Ersetzt,[bbf20b0e017b4aeca397d192ba4b4bb5]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( not edit this file.
 *
 * If you make changes to this), Ersetzt,[0e9fed2c1f5d979f2218d68d3ec751af]
PUP.Optional.Softonic.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"mysearch.sweetim.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"s\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"home.sweetim.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\",\"searchsafer.com\":\"q\",\"www.searchqu.com\":\"q\",\"searchfunmoods.com\":\"s\",\"www.searchfunmoods.com\":\"s\",\"www.searchya.com\":\"q\",\"search.lphant.net\":\"\",\"searchremagnified.com\":\"\",\"www.pagequeryresults.com\":\"\",\"www.searchqueryresults.com\":\"\",\"domainhelp.search.com\":\"q\",\"search.b1.org\":\"q\",\"search.pontofrio.com.br\":\"q\",\"search.maxonline.com.sg\":\"q\",\"search.us.com\":\"k\",\"www.picsearch.com\":\"q\",\"www.search-document.com\":\"q\",\"www.searchsafer.com\":\"q\",\"www.website-unavailable.com\":\"q\",\"fantastigames.metacrawler.com\":\"q\"}|||8641356625692894");), Ersetzt,[614ca970d0ac2d09b291aeb5f60f3bc5]
PUP.Optional.Softonic.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (f("extensions.ORJ-V7-SAT.RSEnabledAtInstall", "false");
user_pref("extensions.ORJ-V7-SAT.Reporting_URL", "\"hxxp://phn.apnanalytics.com/tr.gif\"");
user_pref("extensions.ORJ-V7-SAT.cbid", "\"BEA\"");
user_pref("extensions.ORJ-V7-SAT.clear_search_on_close", "false");
user_pref("extensions.ORJ-V7-SAT.client", "\"ff\"");
user_pref("extensions.ORJ-V7-SAT.dbgrpt", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.dbr", "\"ff_12.0.0.4493\"");
user_pref("extensions.ORJ-V7-SAT.default-keyword-initially-set", "\"1399723072784\"");
user_pref("extensions.ORJ-V7-SAT.display_search_history", "true");
user_pref("extensions.ORJ-V7-SAT.doi", "\"2014-05-09\"");
user_pref("extensions.ORJ-V7-SAT.domain", "\"www.search.ask.com\"");
user_pref("extensions.ORJ-V7-SAT.dtid", "\"^OSJ000^YY^DE\"");
user_pref("extensions.ORJ-V7-SAT.gco", "\"APN11464cr\"");
user_pref("extensions.ORJ-V7-SAT.guid", "\"0C9F000A-C113-4D58-8D17-4D36985A0C71\"");
user_pref("extensions.ORJ-V7-SAT.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11464&pf=V7&trgb=FF&p2=%5EBEA%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BEA&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ff_12.0.0.4493&apn_uid=0C9F000A-C113-4D58-8D17-4D36985A0C71&itbv=12.10.6.53&doi=2014-05-09&psv=\"");
user_pref("extensions.ORJ-V7-SAT.itbv", "\"12.10.6.60\"");
user_pref("extensions.ORJ-V7-SAT.l", "\"dis\"");
user_pref("extensions.ORJ-V7-SAT.lastInstallOperation", "\"Install\"");
user_pref("extensions.ORJ-V7-SAT.locale", "\"de_DE\"");
user_pref("extensions.ORJ-V7-SAT.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-V7-SAT.nthp", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.o", "\"APN11464\"");
user_pref("extensions.ORJ-V7-SAT.p2", "\"^BEA^OSJ000^YY^DE\"");
user_pref("extensions.ORJ-V7-SAT.pf", "\"V7\"");
user_pref("extensions.ORJ-V7-SAT.phoneHomeTimeStamp", "1401133796763");
user_pref("extensions.ORJ-V7-SAT.platformversion", "\"12.10.6.60\"");
user_pref("extensions.ORJ-V7-SAT.pref_AutoFillSBOnTextHighLight", "true");
user_pref("extensions.ORJ-V7-SAT.pref_competitor_autofill", "true");
user_pref("extensions.ORJ-V7-SAT.pref_install_state", "\"installed\"");
user_pref("extensions.ORJ-V7-SAT.pref_lang", "\"de\"");
user_pref("extensions.ORJ-V7-SAT.pref_locale", "\"DE\"");
user_pref("extensions.ORJ-V7-SAT.pref_new_tab_off_by_user", "true");
user_pref("extensions.ORJ-V7-SAT.pref_new_tab_on", "false");
user_pref("extensions.ORJ-V7-SAT.pref_search_history", "[\"\"]");
user_pref("extensions.ORJ-V7-SAT.pref_tab_close", "[]");
user_pref("extensions.ORJ-V7-SAT.pref_tb_is_visible", "true");
user_pref("extensions.ORJ-V7-SAT.pref_update_url", "\"\"");
user_pref("extensions.ORJ-V7-SAT.previous-keyword-url", "\"hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=\"");
user_pref("extensions.ORJ-V7-SAT.productguid", "\"{4F524A2D-5637-2D53-4154-A758B70C0A06}\"");
user_pref("extensions.ORJ-V7-SAT.psv", "\"\"");
user_pref("extensions.ORJ-V7-SAT.qsrc", "\"2871\"");
user_pref("extensions.ORJ-V7-SAT.sa_enabled", "true");
user_pref("extensions.ORJ-V7-SAT.sa_ff", "\"1\"");
user_pref("extensions.ORJ-V7-SAT.slwo", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.tb", "\"ORJ-V7-SAT\"");
user_pref("extensions.ORJ-V7-SAT.tb-attrib", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.tb-type", "\"shopping\"");
user_pref("extensions.ORJ-V7-SAT.tbsinstalled", "\"ORJ,ORJ-V7-SAT\"");
user_pref("extensions.ORJ-V7-SAT.timeinstalled", "\"2014-05-09T00:01:02\"");
user_pref("extensions.ORJ-V7-SAT.timeinstalled_ff", "\"2014-05-09T00:01:02\"");
user_pref("extensions.ORJ-V7-SAT.trgb", "\"FF\"");
user_pref("extensions.ORJ-V7-SAT.version", "\"38.9\"");
user_pref("extensions.ORJ.Browsers", "\"1_IE,1_CR,1_FF\"");
user_pref("extensions.ORJ.CacheConfigUpdate", "1394658187103");
user_pref("extensions.ORJ.DataStore.toolbar", "{}");
user_pref("extensions.ORJ.InstallDir", "\"C:\\\\Program Files (x86)\\\\Ask.com\\\\\"");
user_pref("extensions.ORJ.ProductVersion", "\"12.10.3.24\"");
user_pref("extensions.ORJ.RSEnabledAtInstall", "false");
user_pref("extensions.ORJ.Reporting_URL", "\"hxxp://phn.apnanalytics.com/tr.gif\"");
user_pref("extensions.ORJ.apn_dbr", "\"cr_23.0.1271.64\"");
user_pref("extensions.ORJ.build", "\"36191\"");
user_pref("extensions.ORJ.cbid", "\"U3\"");
user_pref("extensions.ORJ.clear_search_on_close", "false");
user_pref("extensions.ORJ.client", "\"ff\"");
user_pref("extensions.ORJ.com.apn.weather.locations", "[{\"id\":\"GMXX0104\",\"text\":\"Osnabruck, WE, Germany\"}]");
user_pref("extensions.ORJ.com.apn.weather.settings", "{\"locale\":\"GB\",\"lang\":\"de\",\"button\":\"on\"}");
user_pref("extensions.ORJ.cr-o", "\"\"");
user_pref("extensions.ORJ.crumb", "\"2012.12.18+23.54.23-toolbar004iad-DE-T3NuYWJydWNrLEdlcm1hbnkErsetzt,[b3fa8297d3a947efac971a49b2539967]D\"");
user_pref("extensions.ORJ.dbgrpt", "\"0,1\"");
user_pref("extensions.ORJ.dbr", "\"cr_23.0.1271.64\"");
user_pref("extensions.ORJ.display_search_history", "true");
user_pref("extensions.ORJ.doi", "\"2013-05-25\"");
user_pref("extensions.ORJ.domain", "\"www.search.ask.com\"");
user_pref("extensions.ORJ.dtid", "\"OSJ000YYDE\"");
user_pref("extensions.ORJ.enableBackgroundNotifications", "true");
user_pref("extensions.ORJ.guid", "\"DE740232-4F03-4049-B290-E1B6C915C6B1\"");
user_pref("extensions.ORJ.hpr_cr", "\"\"");
user_pref("extensions.ORJ.hpr_ff", "\"\"");
user_pref("extensions.ORJ.hpr_ie", "\"\"");
user_pref("extensions.ORJ.if", "\"upd\"");
user_pref("extensions.ORJ.itbv", "\"12.10.3.24\"");
user_pref("extensions.ORJ.l", "\"dis\"");
user_pref("extensions.ORJ.lastInstallOperation", "\"Install\"");
user_pref("extensions.ORJ.latitude", "\"52.27\"");
user_pref("extensions.ORJ.locale", "\"de_DE\"");
user_pref("extensions.ORJ.location", "\"Osnabruck,Germany\"");
user_pref("extensions.ORJ.longitude", "\"8.05\"");
user_pref("extensions.ORJ.nthp_cr", "\"1\"");
user_pref("extensions.ORJ.nthp_ff", "\"1\"");
user_pref("extensions.ORJ.o", "\"100000027\"");
user_pref("extensions.ORJ.p2", "\"\"");
user_pref("extensions.ORJ.pf", "\"V5\"");
user_pref("extensions.ORJ.phoneHomeTimeStamp", "1394658190180");
user_pref("extensions.ORJ.platformversion", "\"12.10.3.24\"");
user_pref("extensions.ORJ.pref_AutoFillSBOnTextHighLight", "true");
user_pref("extensions.ORJ.pref_competitor_autofill", "true");
user_pref("extensions.ORJ.pref_install_state", "\"installed\"");
user_pref("extensions.ORJ.pref_lang", "\"de\"");
user_pref("extensions.ORJ.pref_locale", "\"DE\"");
user_pref("extensions.ORJ.pref_new_tab_off_by_user", "true");
user_pref("extensions.ORJ.pref_new_tab_on", "false");
user_pref("extensions.ORJ.pref_search_history", "[]");
user_pref("extensions.ORJ.pref_tab_close", "[]");
user_pref("extensions.ORJ.pref_tb_is_visible", "true");
user_pref("extensions.ORJ.productguid", "\"{4F524A00-6A76-A76A-76A7-A758B70C0A03}\"");
user_pref("extensions.ORJ.qsrc", "\"2871\"");
user_pref("extensions.ORJ.sa", "\"YES\"");
user_pref("extensions.ORJ.sa_cr", "\"1\"");
user_pref("extensions.ORJ.sa_enabled", "true");
user_pref("extensions.ORJ.sa_ff", "\"1\"");
user_pref("extensions.ORJ.sa_ie", "\"1\"");
user_pref("extensions.ORJ.saguid", "\"EA23D236-5CAC-4E3F-BB94-7EC1CC0E7EA1\"");
user_pref("extensions.ORJ.sdoi", "\"2014-03-02 05\"");
user_pref("extensions.ORJ.site-cro", "\"100000027cr\"");
user_pref("extensions.ORJ.site-o", "\"100000027\"");
user_pref("extensions.ORJ.tb", "\"ORJ\"");
user_pref("extensions.ORJ.tb-attrib", "\"0\"");
user_pref("extensions.ORJ.tb-type", "\"v5,blocked\"");
user_pref("extensions.ORJ.tbsinstalled", "\"ORJ\"");
user_pref("extensions.ORJ.themeid", "\"\"");
user_pref("extensions.ORJ.timeinstalled", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.timeinstalled_cr", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.timeinstalled_ff", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.timeinstalled_ie", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.to", "\"\"");
user_pref("extensions.ORJ.trgb", "\"ALL\"");
user_pref("extensions.ORJ.version", "\"32.15\"");
user_pref("extensions.autoDisableScopes", 0);
user_pref("extensions.blocklist.pingCountTotal", 152);
user_pref("extensions.blocklist.pingCountVersion", 12);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.e-webprint.firstTime", false);
user_pref("extensions.e-webprint.flashprint", false);
user_pref("extensions.enabledAddons", "ff-bmboc%40bytemobile.com:4.2.2,e-webprint%40epson.com:1.20.00,%7B79817EE7-280E-41A1-BB8F-D81B0460B2C7%7D:2.2.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0");
user_pref("extensions.getAddons.cache.lastUpdate", 1414364397);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10665");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "B29AD460FE772C58F15C6428B0B210F5");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "08a1ccd10000000000000015833fe1bd");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15685");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1417:50:50");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyWSGlY3A&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6OyWSGlY3A");
user_pref("extensions.incredibar.upn2n", "92262603964115846");
user_pref("extensions.incredibar.), %5
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.autoRvrt", "false");), Ersetzt,[bbf250c9e5974cea8a36b7ab699c0ef2]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShut), Ersetzt,[505da277631953e3932d6ff3c44141bf]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (okie.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("security.warn_viewing_mixed", false);
user_pr), Ersetzt,[2786988109737bbb3f81d38f63a28080]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (er_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewi), Ersetzt,[258834e5cdafd75f9a2668faee17d828]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: ();
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("security.warn_view), Ersetzt,[466741d8d6a62115ebd581e115f0a55b]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (pref("privacy.clearOnShutdown.cookies", false);
user_pre), Ersetzt,[f6b7db3ea1db290d09b7115125e015eb]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShutd), Ersetzt,[882573a64e2ebf77b10fbda5ce3751af]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (kie.cookieBehavior", 0);
user_pref("privacy.clearOnShutd), Ersetzt,[208d74a52c502e083d8370f2679e8080]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cookies"), Ersetzt,[b6f7a4757b016fc7e9d7e08244c1f20e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (havior", 0);
user_pref("privacy.clearOnShutdown.cookies",), Ersetzt,[5954041596e66bcb0db3441eeb1a34cc]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (e.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cook), Ersetzt,[218c64b5b8c495a1a51ba6bc759011ef]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (kieBehavior", 0);
user_pref("privacy.clearOnShutdown.), Ersetzt,[614c75a4413b32045e62fb678b7a47b9]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ookie.cookieBehavior", 0);
user_pref("privacy.clearOnShu), Ersetzt,[e2cb0514710bb87eb30dde84b84df20e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShu), Ersetzt,[3e6f50c99edeed49645c77ebdd2847b9]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ookie.cookieBehavior", 0);
user_pref("privacy.clearOnS), Ersetzt,[fcb19287512b9a9c19a7a2c08a7bd030]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (okie.cookieBehavior", 0);
user_pref("privacy.clearOn), Ersetzt,[1e8fc455fd7fac8a5c64b0b242c30cf4]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (cookie.cookieBehavior", 0);
user_pref("privacy.clearO), Ersetzt,[4c611cfdabd1f343e9d765fd1aeb0bf5]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ookie.cookieBehavior", 0);
user_pref("privacy.clear), Ersetzt,[e4c990895f1d4ee8358bc9992dd8b050]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (.cookie.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cookies", false);
use), Ersetzt,[8429ad6c3448a294ecd49ec435d0ba46]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (pref("privacy.clearOnShutdown.cookies", false);
use), Ersetzt,[feaf2ced26561323c5fb78eac342857b]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (.cookie.cookieBehavior", 0);
user_pref("privacy.clear), Ersetzt,[66471504255755e1368a085a7b8a09f7]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Alt 27.10.2014, 12:09   #10
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Code:
ATTFilter
/ Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.10.2014
Suchlauf-Zeit: 09:50:27
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.27.01
Rootkit Datenbank: v2014.10.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Wolfwilhelm

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420250
Verstrichene Zeit: 39 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 80
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, Löschen bei Neustart, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, Löschen bei Neustart, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\INPROCSERVER32, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [7b32b861e99362d43257f0f0d92960a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [04a97d9c8eee181e8305667a1ae8b947], 
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [7a333adf4d2f290dfddb139215ed659b], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, In Quarantäne, [2984b3665c20290d0389f0f014ee42be], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [2984b3665c20290d0389f0f014ee42be], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, In Quarantäne, [2984b3665c20290d0389f0f014ee42be], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, In Quarantäne, [9c1153c647350c2aa56b24bf946e60a0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [0ca145d4e597b97d7515558bd32fd828], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [d3da3adf91ebf541b085485e08fa5ca4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [624b0c0d92ea2412cdbe15cbed153fc1], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, In Quarantäne, [218c60b9b4c80d29cebc3b0c25de8b75], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [189531e876068aac5336b98e669d21df], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [4c61b1685c201b1b708b0070e32145bb], 
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT, In Quarantäne, [f0bd8990ceaef83ec8483e397391738d], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, In Quarantäne, [e1ccdc3d3b41a88e4f4ded84df25eb15], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [327bd544cfadb185a783f04d24df23dd], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, In Quarantäne, [05a858c13f3db87e2664f94e57ac15eb], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, In Quarantäne, [8f1e55c4c1bb8da92057afe1b54f8e72], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [1994f920453782b43059bc8b7d8603fd], 
PUP.Optional.Perion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jifflliplgeajjdhmkcfnngfpgbjonjg, In Quarantäne, [743971a87804ba7c9a3161c5e221db25], 
PUP.Optional.Perion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niogeckbkdcabhnapjbkeiklablhjoca, In Quarantäne, [4b628b8ee09cb5815553a879fd0642be], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [703d75a490eca09695665d13d52fa45c], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [119c34e544388da97a950770db297a86], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Löschen bei Neustart, [b8f5db3e80fc65d14a6a571c8d77f30d], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [c9e48c8d98e452e430bed59a24e0a957], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [6c41f72288f4003661d794df7391ad53], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [d7d6df3aa4d85bdbda30b89111f24bb5], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Löschen bei Neustart, [95187f9aa0dcfe387c7e9cd4b74de51b], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Löschen bei Neustart, [862744d554287fb752bd8ee9bd4703fd], 

Registrierungswerte: 12
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [7a333adf4d2f290dfddb139215ed659b]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [86278e8b215b33033d9b6f36788aaf51], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 92262603964115846, In Quarantäne, [4c61b1685c201b1b708b0070e32145bb]
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT|PDV, [BLACKLIST=1] [CAPTURECHEXT=1], In Quarantäne, [f0bd8990ceaef83ec8483e397391738d]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [e2cb1108b5c777bfb6bebdbe7094ee12]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 92262603964115846, In Quarantäne, [703d75a490eca09695665d13d52fa45c]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [119c34e544388da97a950770db297a86]
PUP.Optional.BProtector, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3912_8&babsrc=HP_ss&mntrId=08a1ccd10000000000000015833fe1bd, Löschen bei Neustart, [a409b960a2da1c1a6877b5c7ab5958a8]
PUP.BProtector, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3912_8&babsrc=HP_ss&mntrId=08a1ccd10000000000000015833fe1bd, Löschen bei Neustart, [3d702eeb304c8aacb53b4f2047bd15eb]
PUP.BProtector, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [4b624dcce09c6ec8559cd79824e09e62]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 92262603964115846, Löschen bei Neustart, [95187f9aa0dcfe387c7e9cd4b74de51b]
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3102910257-502917973-1973155659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Löschen bei Neustart, [862744d554287fb752bd8ee9bd4703fd]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 5
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\LocalLow\BabylonToolbar, In Quarantäne, [c1eca8716b11c27436918084c73ccb35], 
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\LocalLow\BabylonToolbar\BabylonToolbar, In Quarantäne, [c1eca8716b11c27436918084c73ccb35], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\ChromeInfoBar, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\NewTab, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 

Dateien: 120
PUP.Optional.DownloadProtect.A, C:\Program Files\{98F46704-D8C8-4492-8CAD-4A5B271300AB}\{A1E834C9-9C33-4BF6-8724-1D8B644D27E8}.bin, In Quarantäne, [a10cea2f86f631056825b8959c646898], 
PUP.Optional.DownloadProtect.A, C:\Program Files\{FC0B55F0-0298-4CBD-99ED-4AEBD5303D0A}\{B1DA7694-B713-4560-9A33-CBDE172B42A5}.bin, In Quarantäne, [ac01be5bc5b768cef29ba2abd0305fa1], 
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{8D784641-9F6B-4115-99ED-1DCA5EFA0E7E}\{F686077D-8D64-48FF-ABA5-E592F42F772E}.bin, In Quarantäne, [218cf3267a02fa3cbad3c4895da36d93], 
PUP.Optional.Downloadster, C:\Users\Wolfwilhelm\Downloads\java_setup.exe, In Quarantäne, [6d40c55453294aec50ff81a128d8a957], 
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, In Quarantäne, [8f1e6caded8f0e28fd8b94b361a21ce4], 
PUP.Optional.MyStartSearch.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\MyStart Search.xml, In Quarantäne, [238af425fb816bcb5d106be246bd8c74], 
PUP.Optional.BProtector.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\bprotector_extensions.sqlite, In Quarantäne, [d2db39e0dca05dd93ad4f35c887b39c7], 
PUP.Optional.BProtector.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\bprotector_prefs.js, In Quarantäne, [cbe2ae6be597de58e42b9ab5ab58e31d], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\ChromeInfoBar\data.txt, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\NewTab\data.txt, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Perion.A, C:\Program Files (x86)\Perion\NewTab\NewTab.crx, In Quarantäne, [e7c645d4037972c48b8968b1c53ed828], 
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[e5c89e7ba0dcba7ca6928bd857aebf41]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[9914ac6d1567dd59fd3b7ae91fe6ba46]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the ), Ersetzt,[f0bd4ccda3d93501c375ef74d5301fe1]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while the app), Ersetzt,[b6f745d46c1090a698a0f96a2bda1be5]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[c5e8e732d5a740f62e0ab5ae0df8dc24]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (references

/* Do not edit this file.
 *
 * If you make changes to this file whil), Ersetzt,[8a2306136f0d87af78c0a2c113f21fe1]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ile.
 *
 * If you make changes to this file while ), Ersetzt,[109db465ceae3303290faeb530d5e21e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[6f3e6dac126add5911276ef545c0936d]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If you), Ersetzt,[6b4264b53f3d0d297bbd5d06e91ce020]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you make chan), Ersetzt,[733afc1d92eab185fa3ebca746bf7789]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make chang), Ersetzt,[7e2f9e7b522a69cd999fe47f9d68a15f]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while), Ersetzt,[2885af6a7a02ea4c70c8c89b07fe8f71]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s file.
 *
 * If you make changes to this file wh), Ersetzt,[604de732017bdb5b5cdc2a39d134b24e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If you make changes to this fil), Ersetzt,[4b62ff1aff7d4fe749ef73f04cb9c040]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this file whil), Ersetzt,[199482971a6258deef490261de27916f]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[8f1ec356f389bc7a70c81c47a065ac54]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make changes to this), Ersetzt,[08a568b1403c2412e256c99a689d8d73]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (not edit this file.
 *
 * If you make changes to this f), Ersetzt,[a30a7d9c92eaa2948aae7fe40cf91be5]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[3875cd4c225a0630b385adb63acbd42c]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 *), Ersetzt,[1a9378a1502c2a0cb8806df6d530fd03]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ll be overwritten when the application exits.
 *
 * To make a), Ersetzt,[baf3ca4f2a52df571226e77c937247b9]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[525bac6d74088aac6bcdf86b25e08f71]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[2c819e7bf983ac8a3404ed76fb0a7f81]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (Preferences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[d6d7c950b9c376c05ddb3a298085bf41]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[595441d8bcc0a096b880273c33d2ce32]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be ove), Ersetzt,[06a751c8275569cd4cec0d5673921ee2]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (he application is running,
 * the changes will be overw), Ersetzt,[0ca193868cf051e54deb372cd4310000]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[5b529089d8a4b284a98f570c61a419e7]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes to th), Ersetzt,[4e5ff52445374aec71c7f3703bcadb25]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make), Ersetzt,[f2bbae6b34483bfb47f1055e59ac8977]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes to this file while th), Ersetzt,[b2fb73a65c20ff3775c3dd8628dd2ad6]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while the a), Ersetzt,[7c310f0a621a54e2bc7cc79cad5810f0]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[eac3ea2f09739e98eb4d3a2943c26e92]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[7c313edbf28a43f3db5dbda64eb730d0]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[a30a2eebe29a9a9c33055a098e7709f7]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.incredibar.admin", false);), Ersetzt,[436abd5c1963b87ef941d58ec54011ef]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If ), Ersetzt,[dfced148a4d86cca2d0df370ba4bf10f]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If), Ersetzt,[624b091048346fc7ac8e1d46f51005fb]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * ), Ersetzt,[6b425cbdc9b3ec4a9f9bd58ed035a858]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If y), Ersetzt,[8b22f920592310262119ec773ec7e31d]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[04a935e494e8ac8a48f2ed763fc6e41c]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make), Ersetzt,[3d70b9601b61db5b89b13d26f70e23dd]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[129b5fba99e3fa3c3cfe9ac92cd96a96]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file w), Ersetzt,[e9c40217d1abc076fa408bd84eb77d83]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s file.
 *
 * If you make changes to this fil), Ersetzt,[ebc2ad6cd8a46cca2614263df510df21]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If you make changes to this), Ersetzt,[f1bcbe5bf68659dd80ba9cc7ee174db3]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this file while t), Ersetzt,[b5f8df3a601c22145fdbb8ab18ed12ee]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (/* Do not edit this file.
 *
 * If you make changes), Ersetzt,[3479011809734cea84b6b5ae4db89c64]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you ), Ersetzt,[05a8ed2c3745eb4b6fcb0d560df8659b]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes t), Ersetzt,[c9e48a8f6913ae887ac0e87b80859f61]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ot edit this file.
 *
 * If you make changes to thi), Ersetzt,[515cf12807754aec77c3c49f4abb3fc1]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you m), Ersetzt,[bfee96839fdddf5799a16bf8ed18659b]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you ), Ersetzt,[595490894c30e84e0733adb6e91c7c84]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * I), Ersetzt,[2984d544d7a587af5dddc1a2cd38966a]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (r Preferences

/* Do not edit this file.
 *
 * If y), Ersetzt,[e7c679a0a2da2115a793d19225e03ac6]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[218c25f4a7d549ed42f874efd62f48b8]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[38752aef671567cf6cce352eb94c6b95]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (references

/* Do not edit this file.
 *
 * If ), Ersetzt,[703d63b686f6a294c2783b28f60fdf21]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you ), Ersetzt,[cce1da3f205c999d23178cd7788daf51]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * th), Ersetzt,[218c5cbd4f2d251150ea94cf57ae7a86]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (this file while the application is running,
 * the ch), Ersetzt,[436a78a17309d85eae8c4b184abb4ab6]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you make changes to), Ersetzt,[9914a5748cf05cda9e9c76ed45c059a7]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes t), Ersetzt,[a50825f4afcd71c5ca70ce950df80df3]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make changes to), Ersetzt,[7e2f6dacf38980b682b86003d332619f]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[218c72a73844bf77dd5d4b18966f748c]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you make), Ersetzt,[9b129b7e403ce55149f11f44bf468c74]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you), Ersetzt,[208d170297e53ef8d7632d36f2130000]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[c3ea49d0f58774c22d0d441f5da837c9]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to this file w), Ersetzt,[e7c6ba5fa3d9f244a496135043c2b050]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (his file.
 *
 * If you make changes to this file while the a), Ersetzt,[6e3fd544196349ed44f685de1ee7fe02]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[bfeed940d5a784b2a1990d5624e101ff]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make), Ersetzt,[109da277dca0ea4c2d0daeb5fb0aa25e]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you ), Ersetzt,[f3ba77a29edef2448baf055e4cb98e72]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[17964bcef08c54e253e7aeb52fd68878]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If), Ersetzt,[77361207bbc1ee48ee4c7ee5bb4af30d]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (Preferences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[a20b2fea265671c50a301350907544bc]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make chan), Ersetzt,[a30a78a18eeec373df5bb9aae520bc44]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make change), Ersetzt,[416c3fdac1bbd264142613501ee711ef]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make change), Ersetzt,[fdb044d5c6b665d11f1b7de655b08b75]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the ch), Ersetzt,[416cc8515725f34359e15b089a6b1ae6]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (is file while the application is running,
 * the change), Ersetzt,[7d3061b8bfbd65d19c9e620145c0956b]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes to thi), Ersetzt,[585532e7f686bf77d664f2719c69ae52]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (o not edit this file.
 *
 * If you make changes to th), Ersetzt,[4d603fdae29a72c492a896cd6b9a9f61]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make changes to thi), Ersetzt,[bbf20b0e017b4aeca397d192ba4b4bb5]
PUP.Optional.Incredibar.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: ( not edit this file.
 *
 * If you make changes to this), Ersetzt,[0e9fed2c1f5d979f2218d68d3ec751af]
PUP.Optional.Softonic.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"mysearch.sweetim.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"s\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"home.sweetim.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\",\"searchsafer.com\":\"q\",\"www.searchqu.com\":\"q\",\"searchfunmoods.com\":\"s\",\"www.searchfunmoods.com\":\"s\",\"www.searchya.com\":\"q\",\"search.lphant.net\":\"\",\"searchremagnified.com\":\"\",\"www.pagequeryresults.com\":\"\",\"www.searchqueryresults.com\":\"\",\"domainhelp.search.com\":\"q\",\"search.b1.org\":\"q\",\"search.pontofrio.com.br\":\"q\",\"search.maxonline.com.sg\":\"q\",\"search.us.com\":\"k\",\"www.picsearch.com\":\"q\",\"www.search-document.com\":\"q\",\"www.searchsafer.com\":\"q\",\"www.website-unavailable.com\":\"q\",\"fantastigames.metacrawler.com\":\"q\"}|||8641356625692894");), Ersetzt,[614ca970d0ac2d09b291aeb5f60f3bc5]
PUP.Optional.Softonic.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\prefs.js, Gut: (), Schlecht: (f("extensions.ORJ-V7-SAT.RSEnabledAtInstall", "false");
user_pref("extensions.ORJ-V7-SAT.Reporting_URL", "\"hxxp://phn.apnanalytics.com/tr.gif\"");
user_pref("extensions.ORJ-V7-SAT.cbid", "\"BEA\"");
user_pref("extensions.ORJ-V7-SAT.clear_search_on_close", "false");
user_pref("extensions.ORJ-V7-SAT.client", "\"ff\"");
user_pref("extensions.ORJ-V7-SAT.dbgrpt", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.dbr", "\"ff_12.0.0.4493\"");
user_pref("extensions.ORJ-V7-SAT.default-keyword-initially-set", "\"1399723072784\"");
user_pref("extensions.ORJ-V7-SAT.display_search_history", "true");
user_pref("extensions.ORJ-V7-SAT.doi", "\"2014-05-09\"");
user_pref("extensions.ORJ-V7-SAT.domain", "\"www.search.ask.com\"");
user_pref("extensions.ORJ-V7-SAT.dtid", "\"^OSJ000^YY^DE\"");
user_pref("extensions.ORJ-V7-SAT.gco", "\"APN11464cr\"");
user_pref("extensions.ORJ-V7-SAT.guid", "\"0C9F000A-C113-4D58-8D17-4D36985A0C71\"");
user_pref("extensions.ORJ-V7-SAT.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11464&pf=V7&trgb=FF&p2=%5EBEA%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BEA&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ff_12.0.0.4493&apn_uid=0C9F000A-C113-4D58-8D17-4D36985A0C71&itbv=12.10.6.53&doi=2014-05-09&psv=\"");
user_pref("extensions.ORJ-V7-SAT.itbv", "\"12.10.6.60\"");
user_pref("extensions.ORJ-V7-SAT.l", "\"dis\"");
user_pref("extensions.ORJ-V7-SAT.lastInstallOperation", "\"Install\"");
user_pref("extensions.ORJ-V7-SAT.locale", "\"de_DE\"");
user_pref("extensions.ORJ-V7-SAT.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-V7-SAT.nthp", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.o", "\"APN11464\"");
user_pref("extensions.ORJ-V7-SAT.p2", "\"^BEA^OSJ000^YY^DE\"");
user_pref("extensions.ORJ-V7-SAT.pf", "\"V7\"");
user_pref("extensions.ORJ-V7-SAT.phoneHomeTimeStamp", "1401133796763");
user_pref("extensions.ORJ-V7-SAT.platformversion", "\"12.10.6.60\"");
user_pref("extensions.ORJ-V7-SAT.pref_AutoFillSBOnTextHighLight", "true");
user_pref("extensions.ORJ-V7-SAT.pref_competitor_autofill", "true");
user_pref("extensions.ORJ-V7-SAT.pref_install_state", "\"installed\"");
user_pref("extensions.ORJ-V7-SAT.pref_lang", "\"de\"");
user_pref("extensions.ORJ-V7-SAT.pref_locale", "\"DE\"");
user_pref("extensions.ORJ-V7-SAT.pref_new_tab_off_by_user", "true");
user_pref("extensions.ORJ-V7-SAT.pref_new_tab_on", "false");
user_pref("extensions.ORJ-V7-SAT.pref_search_history", "[\"\"]");
user_pref("extensions.ORJ-V7-SAT.pref_tab_close", "[]");
user_pref("extensions.ORJ-V7-SAT.pref_tb_is_visible", "true");
user_pref("extensions.ORJ-V7-SAT.pref_update_url", "\"\"");
user_pref("extensions.ORJ-V7-SAT.previous-keyword-url", "\"hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=\"");
user_pref("extensions.ORJ-V7-SAT.productguid", "\"{4F524A2D-5637-2D53-4154-A758B70C0A06}\"");
user_pref("extensions.ORJ-V7-SAT.psv", "\"\"");
user_pref("extensions.ORJ-V7-SAT.qsrc", "\"2871\"");
user_pref("extensions.ORJ-V7-SAT.sa_enabled", "true");
user_pref("extensions.ORJ-V7-SAT.sa_ff", "\"1\"");
user_pref("extensions.ORJ-V7-SAT.slwo", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.tb", "\"ORJ-V7-SAT\"");
user_pref("extensions.ORJ-V7-SAT.tb-attrib", "\"0\"");
user_pref("extensions.ORJ-V7-SAT.tb-type", "\"shopping\"");
user_pref("extensions.ORJ-V7-SAT.tbsinstalled", "\"ORJ,ORJ-V7-SAT\"");
user_pref("extensions.ORJ-V7-SAT.timeinstalled", "\"2014-05-09T00:01:02\"");
user_pref("extensions.ORJ-V7-SAT.timeinstalled_ff", "\"2014-05-09T00:01:02\"");
user_pref("extensions.ORJ-V7-SAT.trgb", "\"FF\"");
user_pref("extensions.ORJ-V7-SAT.version", "\"38.9\"");
user_pref("extensions.ORJ.Browsers", "\"1_IE,1_CR,1_FF\"");
user_pref("extensions.ORJ.CacheConfigUpdate", "1394658187103");
user_pref("extensions.ORJ.DataStore.toolbar", "{}");
user_pref("extensions.ORJ.InstallDir", "\"C:\\\\Program Files (x86)\\\\Ask.com\\\\\"");
user_pref("extensions.ORJ.ProductVersion", "\"12.10.3.24\"");
user_pref("extensions.ORJ.RSEnabledAtInstall", "false");
user_pref("extensions.ORJ.Reporting_URL", "\"hxxp://phn.apnanalytics.com/tr.gif\"");
user_pref("extensions.ORJ.apn_dbr", "\"cr_23.0.1271.64\"");
user_pref("extensions.ORJ.build", "\"36191\"");
user_pref("extensions.ORJ.cbid", "\"U3\"");
user_pref("extensions.ORJ.clear_search_on_close", "false");
user_pref("extensions.ORJ.client", "\"ff\"");
user_pref("extensions.ORJ.com.apn.weather.locations", "[{\"id\":\"GMXX0104\",\"text\":\"Osnabruck, WE, Germany\"}]");
user_pref("extensions.ORJ.com.apn.weather.settings", "{\"locale\":\"GB\",\"lang\":\"de\",\"button\":\"on\"}");
user_pref("extensions.ORJ.cr-o", "\"\"");
user_pref("extensions.ORJ.crumb", "\"2012.12.18+23.54.23-toolbar004iad-DE-T3NuYWJydWNrLEdlcm1hbnkErsetzt,[b3fa8297d3a947efac971a49b2539967]D\"");
user_pref("extensions.ORJ.dbgrpt", "\"0,1\"");
user_pref("extensions.ORJ.dbr", "\"cr_23.0.1271.64\"");
user_pref("extensions.ORJ.display_search_history", "true");
user_pref("extensions.ORJ.doi", "\"2013-05-25\"");
user_pref("extensions.ORJ.domain", "\"www.search.ask.com\"");
user_pref("extensions.ORJ.dtid", "\"OSJ000YYDE\"");
user_pref("extensions.ORJ.enableBackgroundNotifications", "true");
user_pref("extensions.ORJ.guid", "\"DE740232-4F03-4049-B290-E1B6C915C6B1\"");
user_pref("extensions.ORJ.hpr_cr", "\"\"");
user_pref("extensions.ORJ.hpr_ff", "\"\"");
user_pref("extensions.ORJ.hpr_ie", "\"\"");
user_pref("extensions.ORJ.if", "\"upd\"");
user_pref("extensions.ORJ.itbv", "\"12.10.3.24\"");
user_pref("extensions.ORJ.l", "\"dis\"");
user_pref("extensions.ORJ.lastInstallOperation", "\"Install\"");
user_pref("extensions.ORJ.latitude", "\"52.27\"");
user_pref("extensions.ORJ.locale", "\"de_DE\"");
user_pref("extensions.ORJ.location", "\"Osnabruck,Germany\"");
user_pref("extensions.ORJ.longitude", "\"8.05\"");
user_pref("extensions.ORJ.nthp_cr", "\"1\"");
user_pref("extensions.ORJ.nthp_ff", "\"1\"");
user_pref("extensions.ORJ.o", "\"100000027\"");
user_pref("extensions.ORJ.p2", "\"\"");
user_pref("extensions.ORJ.pf", "\"V5\"");
user_pref("extensions.ORJ.phoneHomeTimeStamp", "1394658190180");
user_pref("extensions.ORJ.platformversion", "\"12.10.3.24\"");
user_pref("extensions.ORJ.pref_AutoFillSBOnTextHighLight", "true");
user_pref("extensions.ORJ.pref_competitor_autofill", "true");
user_pref("extensions.ORJ.pref_install_state", "\"installed\"");
user_pref("extensions.ORJ.pref_lang", "\"de\"");
user_pref("extensions.ORJ.pref_locale", "\"DE\"");
user_pref("extensions.ORJ.pref_new_tab_off_by_user", "true");
user_pref("extensions.ORJ.pref_new_tab_on", "false");
user_pref("extensions.ORJ.pref_search_history", "[]");
user_pref("extensions.ORJ.pref_tab_close", "[]");
user_pref("extensions.ORJ.pref_tb_is_visible", "true");
user_pref("extensions.ORJ.productguid", "\"{4F524A00-6A76-A76A-76A7-A758B70C0A03}\"");
user_pref("extensions.ORJ.qsrc", "\"2871\"");
user_pref("extensions.ORJ.sa", "\"YES\"");
user_pref("extensions.ORJ.sa_cr", "\"1\"");
user_pref("extensions.ORJ.sa_enabled", "true");
user_pref("extensions.ORJ.sa_ff", "\"1\"");
user_pref("extensions.ORJ.sa_ie", "\"1\"");
user_pref("extensions.ORJ.saguid", "\"EA23D236-5CAC-4E3F-BB94-7EC1CC0E7EA1\"");
user_pref("extensions.ORJ.sdoi", "\"2014-03-02 05\"");
user_pref("extensions.ORJ.site-cro", "\"100000027cr\"");
user_pref("extensions.ORJ.site-o", "\"100000027\"");
user_pref("extensions.ORJ.tb", "\"ORJ\"");
user_pref("extensions.ORJ.tb-attrib", "\"0\"");
user_pref("extensions.ORJ.tb-type", "\"v5,blocked\"");
user_pref("extensions.ORJ.tbsinstalled", "\"ORJ\"");
user_pref("extensions.ORJ.themeid", "\"\"");
user_pref("extensions.ORJ.timeinstalled", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.timeinstalled_cr", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.timeinstalled_ff", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.timeinstalled_ie", "\"2013-05-25T08:09:40\"");
user_pref("extensions.ORJ.to", "\"\"");
user_pref("extensions.ORJ.trgb", "\"ALL\"");
user_pref("extensions.ORJ.version", "\"32.15\"");
user_pref("extensions.autoDisableScopes", 0);
user_pref("extensions.blocklist.pingCountTotal", 152);
user_pref("extensions.blocklist.pingCountVersion", 12);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.e-webprint.firstTime", false);
user_pref("extensions.e-webprint.flashprint", false);
user_pref("extensions.enabledAddons", "ff-bmboc%40bytemobile.com:4.2.2,e-webprint%40epson.com:1.20.00,%7B79817EE7-280E-41A1-BB8F-D81B0460B2C7%7D:2.2.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0");
user_pref("extensions.getAddons.cache.lastUpdate", 1414364397);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10665");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "B29AD460FE772C58F15C6428B0B210F5");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "08a1ccd10000000000000015833fe1bd");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15685");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1417:50:50");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyWSGlY3A&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6OyWSGlY3A");
user_pref("extensions.incredibar.upn2n", "92262603964115846");
user_pref("extensions.incredibar.), %5
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.autoRvrt", "false");), Ersetzt,[bbf250c9e5974cea8a36b7ab699c0ef2]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShut), Ersetzt,[505da277631953e3932d6ff3c44141bf]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (okie.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("security.warn_viewing_mixed", false);
user_pr), Ersetzt,[2786988109737bbb3f81d38f63a28080]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (er_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewi), Ersetzt,[258834e5cdafd75f9a2668faee17d828]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: ();
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("security.warn_view), Ersetzt,[466741d8d6a62115ebd581e115f0a55b]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (pref("privacy.clearOnShutdown.cookies", false);
user_pre), Ersetzt,[f6b7db3ea1db290d09b7115125e015eb]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShutd), Ersetzt,[882573a64e2ebf77b10fbda5ce3751af]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (kie.cookieBehavior", 0);
user_pref("privacy.clearOnShutd), Ersetzt,[208d74a52c502e083d8370f2679e8080]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cookies"), Ersetzt,[b6f7a4757b016fc7e9d7e08244c1f20e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (havior", 0);
user_pref("privacy.clearOnShutdown.cookies",), Ersetzt,[5954041596e66bcb0db3441eeb1a34cc]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (e.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cook), Ersetzt,[218c64b5b8c495a1a51ba6bc759011ef]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (kieBehavior", 0);
user_pref("privacy.clearOnShutdown.), Ersetzt,[614c75a4413b32045e62fb678b7a47b9]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ookie.cookieBehavior", 0);
user_pref("privacy.clearOnShu), Ersetzt,[e2cb0514710bb87eb30dde84b84df20e]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ie.cookieBehavior", 0);
user_pref("privacy.clearOnShu), Ersetzt,[3e6f50c99edeed49645c77ebdd2847b9]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ookie.cookieBehavior", 0);
user_pref("privacy.clearOnS), Ersetzt,[fcb19287512b9a9c19a7a2c08a7bd030]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (okie.cookieBehavior", 0);
user_pref("privacy.clearOn), Ersetzt,[1e8fc455fd7fac8a5c64b0b242c30cf4]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (cookie.cookieBehavior", 0);
user_pref("privacy.clearO), Ersetzt,[4c611cfdabd1f343e9d765fd1aeb0bf5]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (ookie.cookieBehavior", 0);
user_pref("privacy.clear), Ersetzt,[e4c990895f1d4ee8358bc9992dd8b050]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (.cookie.cookieBehavior", 0);
user_pref("privacy.clearOnShutdown.cookies", false);
use), Ersetzt,[8429ad6c3448a294ecd49ec435d0ba46]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (pref("privacy.clearOnShutdown.cookies", false);
use), Ersetzt,[feaf2ced26561323c5fb78eac342857b]
PUP.Optional.Babylon.A, C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js, Gut: (), Schlecht: (.cookie.cookieBehavior", 0);
user_pref("privacy.clear), Ersetzt,[66471504255755e1368a085a7b8a09f7]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.002 - Bericht erstellt am 27/10/2014 um 11:09:16
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Wolfwilhelm - WOLFWILHELM-PC
# Gestartet von : C:\Users\Wolfwilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8XTSP0T\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Browser Manager

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\Wolfwilhelm\AppData\Local\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\{382F91D5-2318-44B1-A915-16583AF59705}
Ordner Gelöscht : C:\Program Files (x86)\{4588C116-6AF1-472B-B963-93417A849128}
Ordner Gelöscht : C:\Program Files\{98F46704-D8C8-4492-8CAD-4A5B271300AB}
Ordner Gelöscht : C:\Program Files\{F7D9918F-B69B-4C82-8761-D515384672F0}
Ordner Gelöscht : C:\Windows\Installer\{89570856-72D1-44FD-A543-16F9736C41DE}
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Wolfwilhelm\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\searchplugins\BabylonMngr.xml
Datei Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default\user.js
Datei Gelöscht : C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\vibpc0fz.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Browser Manager

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{C9F8D002-A885-4C2E-8771-669DCC857CCD}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKCU\Software\5be8fd8e76fb840
Schlüssel Gelöscht : HKLM\SOFTWARE\5be8fd8e76fb840
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_acdsee-foto-editor_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_acdsee-foto-editor_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v33.0 (x86 de)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [10928 octets] - [27/10/2014 10:57:27]
AdwCleaner[S0].txt - [10077 octets] - [27/10/2014 11:09:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10138 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Wolfwilhelm on 27.10.2014 at 11:25:32,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4EBA493C-747B-40BF-8557-24A170A3A3FB}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-2A7B1244.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{044EF868-A907-470E-B667-D9895A4008C8}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{08AB4E64-B175-431F-8D60-A7B51B87AA78}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{106C2EE7-E02B-404D-90E5-6E57ACDFB455}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{1B30AF33-5F9D-42D9-9668-7DB27CA9FDB0}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{236DAFB7-7BE7-47FC-B1DB-37BD26FE741B}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{246ADF26-1737-4CC9-B9E7-25ACFA07BFC2}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{292CDED5-13C3-4ADB-8B80-1ECF8C29B086}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{2DE4466D-A692-4349-A577-3468C8B6D478}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{31BC4974-2356-4B64-A387-0D01C10929BC}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{4434FC43-8F88-4A41-AABA-66A9A4597849}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{51D795D7-5B85-454E-9D3E-62D8F03BC6B0}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{5EE237CB-E2F2-4990-B564-49B8D906B0A7}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{707BA34A-E689-4F6A-B7B4-DAC1443B5BAC}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{841A6107-4EA0-497F-9D56-AD2FBB7B1A0A}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{85643471-A573-4564-867E-C0ED9024D7C1}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{87893BAA-4CE4-46AD-9FCA-1C2A5B54C9AD}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{8F4D8805-5C72-4C0A-8F63-9B006A6D9301}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{91973230-42F4-4F88-992A-E9B58EF46AF0}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{95E59BC8-A559-4EF2-BC50-FCEBE59D8BBE}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{B07EC961-4FB2-4285-A70C-A2950C56CEFE}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{BB8C0245-BEC0-4CA2-85C4-B4DD07155395}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{C2C4E814-A4AA-44EB-88FF-22C6FCBC8F87}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{DE07F0CD-6B88-4257-918A-534A4AF77CA8}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{EA038063-7F20-4F0B-ADC8-2E66EB79DFBB}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{F02C652B-3962-4A2F-BC74-05517B567854}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{FC6000B8-DD13-423A-A23A-EF941E05D58F}
Successfully deleted: [Empty Folder] C:\Users\Wolfwilhelm\appdata\local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Wolfwilhelm\AppData\Roaming\mozilla\firefox\profiles\hte7g242.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3912_8&babsrc=HP_ss&mntrId=08a1ccd10000000000000015833fe1bd");
user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6OyWSGlY3A&i=26&loc=skw");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=109958&tt=120912_ccp_3912_8");
user_pref("extensions.BabylonToolbar.bbDpng", "12");
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.envrmnt", "production");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "2AE732A0A0EFA36E9548DD7443C7CB15");
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "08a1ccd10000000000000015833fe1bd");
user_pref("extensions.BabylonToolbar.instlDay", "15609");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1221:47:48");
user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"76\",\"lastVrsn\":\"76\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=08a1ccd10000000000000015833fe1bd&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1221:47:48");
user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tt=120912_ccp_3912_8");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1221:47:48");
user_pref("extensions.ORJ-V7-SAT.DataStore.toolbar", "{\"BLACKLIST_SUBDOMAINS_OF\":[\"join.me\",\"Bing.com\",\"Hotmail.com\",\"Live.com\"],\"BLACKLIST_DOMAIN\":{\"touch.facebo
user_pref("extensions.ORJ-V7-SAT.domain", "\"www.search.ask.com\"");
user_pref("extensions.ORJ-V7-SAT.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11464&pf=V7&trgb=FF&p2=%5EBEA%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BEA&apn_dtid=%5E
user_pref("extensions.ORJ.InstallDir", "\"C:\\\\Program Files (x86)\\\\Ask.com\\\\\"");
user_pref("extensions.ORJ.domain", "\"www.search.ask.com\"");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10665");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "B29AD460FE772C58F15C6428B0B210F5");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "08a1ccd10000000000000015833fe1bd");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15685");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1417:50:50");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyWSGlY3A&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6OyWSGlY3A");
user_pref("extensions.incredibar.upn2n", "92262603964115846");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1417:50:50");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10665");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "08a1ccd10000000000000015833fe1bd");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15685");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyWSGlY3A&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyWSGlY3A");
user_pref("extensions.incredibar_i.upn2n", "92262603964115846");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:50:50");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3912_8&babsrc=HP_ss&mntrId=08a1ccd10000000000000015833fe1bd");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://clients1.google.de/c
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.
Emptied folder: C:\Users\Wolfwilhelm\AppData\Roaming\mozilla\firefox\profiles\hte7g242.default\minidumps [64 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.10.2014 at 11:32:23,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
r r3 TreeSize Free - C:\ auf [Acerl																	
																	
Datei   Scan   Ansicht Einblenden				Optionen   Hilfe   TreeSize Professional													
			m	000		% m		KB MB GBflklllllJ GrnRe            Relent ' Da			; ▼ f?l?l	i Vei	il	Prn7Pnt (R...		1 Hrtp Ändern...	
457.3 GB C:\ auf [Acer] >        379.1 GB ProgramData 34,6 GB Users							456.3 GB 378.6 GB 34,5 GB		457.3 GB 511.463 36.511 379.1GB 279.135 1.816 34,6 GB     22.824 2592					100.0 % ] 27.10.2014 82.9%] 27.10.2014 7,6 %     | 2710.2014			
	29,4 GB	Windows						29,1 GB	29,4 GB   157.640 24512					6,4%		2710.2014	
> J	8,0 GB	Program Files (x86)						7,9 GB	8	,0 GB     43.762 5.837				1,8%		27.10.2014	
i_i	3,1 GB	[34 Dateien]						3,1 GB	3,1 GB		34		0	0,7%		27.10.2014	
> £	1,9 GB	OEM						1,9 GB	1,9 GB 2.318				230	0,4%		26.11.2010	
	721,2 MB	Program 1	:iles				715,7 MB		721,2 MB 2.943				590	0,2%		27.10.2014	
[> 1	274,0 MB	Recovery					274,0 MB		274,0 MB		2		1	0,1%		05.11.2010	
	112,1 MB	System Volume Information					107,0 MB		112,1 MB 2.199				83	0,0%		27.10.2014	
	89,8 MB	book						39,8 MB	89,	3 MB	2		0	0,0%		25.07.2010	
	31,3 MB	FRST						31,3 MB	31,3 MB		14		6	0,0%		23.10.2014	
▻ £	19,1 MB	AdwCleaner						17,9 MB	19,1 MB		421		67	0,0%		27.10.2014	
	14,5 MB	94fl75728cd5adb66bbc87cc8b						14,3 MB	14,5 MB		105		26	0,0%		26.10.2014	
[> 1	9,8 MB	Qoobox						9,6 MB	9,	3 MB	51		22	0,0%		24.10.2014	
[> i	4,2 MB	f76ade0f3aa5f81e3bc565301b40...						4,2 MB	4,2 MB		3		0	0,0%		17.08.2012	
	540,0 KB	Intel					532,9 KB		540,0 KB		4		1	0,0%		04.11.2010	
	24,0 KB	SRECYCLE.BIN						1,6 KB	24,0 KB		6		6	0,0%		24.10.2014	
	0 Bytes	Config.M	si					0 Bytes	0 Bytes		0		0	0,0%		27.10.2014	
m	0 Bytes	Documents and Settings						0 Bytes	0 Bytes		0		0	0,0%		14.07.2009	
m	0 Bytes	Dokumente und Einstellungen						0 Bytes	0 Bytes		0		0	0,0%		04.11.2010	
	0 Bytes	PerfLogs						0 Bytes	0 Bytes		0		1	0,0%		14.07.2009	
m	0 Bytes	Programme						0 Bytes	0 Bytes		0		0	0,0%		04.11.2010	
																	
I &		» B		?	!					\	Olfll				m\
         

Alt 27.10.2014, 12:44   #11
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



[CODE]/
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by Wolfwilhelm (administrator) on WOLFWILHELM-PC on 27-10-2014 13:32:37
Running from C:\Users\Wolfwilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PDNZVZ0
Loaded Profile: Wolfwilhelm (Available profiles: Wolfwilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEPSON Connect\mepService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\System32\sdiagpsv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEPSON Connect\mep.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1288890487\ee\aolsoftware.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(JAM Software) C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1288890487\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [258512 2011-12-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [teXXas] => C:\Program Files (x86)\teXXas\teXXas.exe [5147136 2008-04-25] ()
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-13] (Google Inc.)
HKU\S-1-5-21-3102910257-502917973-1973155659-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
Startup: C:\Users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
ShortcutTarget: wkcalrem.LNK -> C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE404
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {2665693B-C4F3-434B-83DB-7574CF50C8B7} hxxp://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1B0A57B-FB4C-4B54-8DA2-EF8048B4E0B8}: [NameServer] 10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfwilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\hte7g242.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2011-01-12]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-09-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-09-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-09-19]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{752614D7-A36A-4007-A56F-1B38DFBF4279}] - C:\Windows\Installer\{23F26B37-2C03-4BDF-8BF9-506131C9F27B}\{752614D7-A36A-4007-A56F-1B38DFBF4279}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{23F26B37-2C03-4BDF-8BF9-506131C9F27B}\{752614D7-A36A-4007-A56F-1B38DFBF4279}.xpi [2014-10-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - ff-bmboc@bytemobile.com [Not Found]
FF Extension: No Name - e-webprint@epson.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-09-14]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-09-14]
CHR Extension: (Download Protect) - C:\Users\Wolfwilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjofmabjjbbgbbpifljkejkeiageklm [2014-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-08-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 BFE; . [0 2014-10-27] () [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MpsSvc; . [0 2014-10-27] () [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 OptionblFeatures; C:\Windows\system32\sdiagpsv.exe [106496 2012-10-05] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97312 2011-12-15] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130760 2011-12-15] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] ()
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 11:39 - 2014-10-27 11:39 - 00001225 _____ () C:\Users\Wolfwilhelm\Desktop\TreeSize Free.lnk
2014-10-27 11:39 - 2014-10-27 11:39 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\JAM Software
2014-10-27 11:39 - 2014-10-27 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-10-27 11:39 - 2014-10-27 11:39 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-10-27 11:32 - 2014-10-27 11:32 - 00011982 _____ () C:\Users\Wolfwilhelm\Desktop\JRT.txt
2014-10-27 11:25 - 2014-10-27 11:25 - 00000000 ____D () C:\Windows\ERUNT
2014-10-27 11:16 - 2014-10-27 11:16 - 00000000 ____D () C:\Program Files\{CACBFA7C-8080-43D7-8B9F-2A1D35D05A26}
2014-10-27 11:16 - 2014-10-27 11:16 - 00000000 ____D () C:\Program Files (x86)\{716C5781-7F25-42EB-A772-C17611C881D5}
2014-10-27 10:56 - 2014-10-27 11:26 - 00000000 ____D () C:\AdwCleaner
2014-10-27 10:44 - 2014-10-27 10:44 - 00061584 _____ () C:\Users\Wolfwilhelm\Desktop\MBAM.txt
2014-10-27 09:49 - 2014-10-27 13:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 09:49 - 2014-10-27 09:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-27 09:49 - 2014-10-27 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-27 09:49 - 2014-10-27 09:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-27 09:49 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 09:49 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 09:49 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-27 09:21 - 2014-10-27 11:13 - 00007826 _____ () C:\Windows\PFRO.log
2014-10-27 09:18 - 2014-10-27 09:18 - 09958844 _____ () C:\rules.ref
2014-10-27 09:17 - 2014-10-27 09:17 - 00023014 _____ () C:\swissarmy.ref
2014-10-27 09:17 - 2014-10-27 09:17 - 00000314 _____ () C:\actions.ref
2014-10-27 07:28 - 2014-10-27 11:14 - 00000336 _____ () C:\Windows\setupact.log
2014-10-27 07:28 - 2014-10-27 07:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-26 20:29 - 2014-10-26 20:29 - 00000000 ____D () C:\94f175728cd5adb66bbc87cc8b
2014-10-26 20:25 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-26 20:25 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-26 20:18 - 2014-10-27 05:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-26 09:39 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-26 09:39 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-10-26 09:37 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-26 09:37 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-26 09:37 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-26 09:37 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-26 09:37 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-26 09:37 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-26 09:37 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-26 09:37 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-26 09:37 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-26 09:37 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-26 09:37 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-26 09:37 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-26 09:37 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-26 09:37 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-26 09:37 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-26 09:37 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-26 09:37 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-26 09:37 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-26 09:37 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-26 09:37 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-26 09:37 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-26 09:37 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-26 09:37 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-26 09:37 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-26 09:37 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-26 09:37 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-26 09:37 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-26 09:37 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-26 09:37 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-26 09:37 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-26 09:37 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-26 09:37 - 2013-02-15 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-26 09:37 - 2013-02-15 07:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-26 09:37 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-26 09:36 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-26 09:36 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-10-26 09:36 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-10-26 09:36 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-10-26 09:36 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-10-26 09:36 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-10-26 09:36 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-26 09:36 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-10-26 09:36 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-10-26 09:36 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-10-26 09:36 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-10-26 09:36 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-26 09:36 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-10-26 09:36 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-26 09:36 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-10-26 09:36 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-10-26 09:36 - 2013-05-13 06:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-26 09:36 - 2013-05-13 06:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-26 09:36 - 2013-05-13 06:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-10-26 09:36 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-10-26 09:36 - 2013-05-13 05:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-26 09:36 - 2013-05-13 05:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-26 09:36 - 2013-05-13 05:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-10-26 09:36 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-10-26 09:36 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-10-26 09:36 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-10-26 09:36 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-26 09:35 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-26 09:35 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-26 09:35 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-26 09:35 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-26 09:35 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-26 09:35 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-26 09:35 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-26 09:35 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-26 09:35 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-26 09:35 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-26 09:35 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-26 09:35 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-26 09:35 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-26 09:35 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-26 09:35 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-26 09:35 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-26 09:35 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-26 09:35 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-26 09:35 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 09:35 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-26 09:35 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-26 09:35 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-26 09:35 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-26 09:35 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-26 09:35 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-26 09:35 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-26 09:35 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-26 09:35 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-26 09:35 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-26 09:35 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-26 09:35 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-26 09:35 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-26 09:35 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-26 09:35 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-26 09:35 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-26 09:35 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-26 09:35 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-26 09:35 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-26 09:35 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-26 09:35 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-26 09:35 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-26 09:35 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-26 09:35 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-26 09:35 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-26 09:35 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-26 09:35 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-26 09:35 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-26 09:35 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-26 09:35 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-26 09:35 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-26 09:35 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-26 09:35 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-26 09:35 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-26 09:35 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-26 09:35 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-26 09:35 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-26 09:34 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-26 09:34 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-26 09:34 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-26 09:34 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-26 09:34 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-26 09:34 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-26 09:34 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-26 09:34 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-26 09:34 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-10-26 09:34 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-10-26 09:34 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-10-26 09:34 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-26 09:34 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-10-26 09:34 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-10-26 09:34 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-26 09:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-26 09:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-26 09:33 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-26 09:33 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-26 09:33 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-26 09:33 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-26 09:33 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-26 09:33 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-10-26 09:33 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-26 09:33 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-10-26 09:33 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-10-26 09:33 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-10-26 09:33 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-10-26 09:33 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-26 09:33 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-26 09:32 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-26 09:32 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-24 15:29 - 2014-10-24 15:29 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\Avira
2014-10-24 15:27 - 2014-10-24 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-24 15:26 - 2014-10-24 15:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-24 15:26 - 2011-12-15 14:00 - 00027760 _____ (Avira GmbH) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-24 15:26 - 2011-12-15 13:59 - 00130760 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys
2014-10-24 15:26 - 2011-12-15 13:59 - 00097312 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-24 11:03 - 2014-10-24 11:03 - 00031092 _____ () C:\ComboFix.txt
2014-10-24 11:01 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-24 11:01 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-24 11:01 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-24 11:01 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-24 11:00 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-24 11:00 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-24 11:00 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-24 11:00 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-24 10:33 - 2014-10-24 11:03 - 00000000 ____D () C:\Qoobox
2014-10-24 10:33 - 2014-10-24 11:02 - 00000000 ____D () C:\Windows\erdnt
2014-10-24 10:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-24 10:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-24 10:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-24 10:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-24 10:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-24 10:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-24 10:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-24 10:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-24 10:31 - 2014-10-24 10:31 - 05583977 ____R (Swearware) C:\Users\Wolfwilhelm\Downloads\ComboFix.exe
2014-10-24 10:09 - 2014-10-24 10:09 - 00001268 _____ () C:\Users\Wolfwilhelm\Desktop\Revo Uninstaller.lnk
2014-10-24 10:09 - 2014-10-24 10:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-24 10:08 - 2014-10-24 10:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Wolfwilhelm\Downloads\revosetup95.exe
2014-10-24 09:31 - 2014-10-27 13:00 - 01177812 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 14:34 - 2014-10-23 14:35 - 00049142 _____ () C:\Users\Wolfwilhelm\Downloads\Addition.txt
2014-10-23 14:33 - 2014-10-27 13:32 - 00000000 ____D () C:\FRST
2014-10-23 14:33 - 2014-10-23 14:35 - 00044352 _____ () C:\Users\Wolfwilhelm\Downloads\FRST.txt
2014-10-23 14:32 - 2014-10-23 14:32 - 02112000 _____ (Farbar) C:\Users\Wolfwilhelm\Downloads\FRST64(1).exe
2014-10-23 14:20 - 2014-10-23 18:57 - 01424907 _____ () C:\Users\Wolfwilhelm\Downloads\FRST64.exe.part
2014-10-23 14:20 - 2014-10-23 14:20 - 01103360 _____ (Farbar) C:\Users\Wolfwilhelm\Downloads\FRST.exe
2014-10-23 14:15 - 2014-10-23 14:15 - 00000484 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-23 14:14 - 2014-10-23 14:15 - 00000484 _____ () C:\Users\Wolfwilhelm\Downloads\defogger_disable.log
2014-10-23 14:14 - 2014-10-23 14:14 - 00050477 _____ () C:\Users\Wolfwilhelm\Downloads\Defogger(1).exe
2014-10-23 14:14 - 2014-10-23 14:14 - 00000000 _____ () C:\Users\Wolfwilhelm\defogger_reenable
2014-10-23 14:12 - 2014-10-23 14:12 - 00050477 _____ () C:\Users\Wolfwilhelm\Downloads\Defogger.exe
2014-10-21 17:36 - 2014-10-23 14:42 - 00000000 ____D () C:\Program Files\{B6B4506E-37DA-498A-9364-B9D1AE12E609}
2014-10-21 17:36 - 2014-10-23 14:42 - 00000000 ____D () C:\Program Files (x86)\{A8327DFD-990F-45CC-A8BC-092FB0FACF06}
2014-10-21 17:08 - 2014-10-21 17:08 - 00003208 _____ () C:\Windows\System32\Tasks\{B2D1BC26-DB8D-4F8E-9FD1-65D08B9FAE02}
2014-10-21 17:05 - 2014-10-21 17:05 - 00003160 _____ () C:\Windows\System32\Tasks\{B7C8D6AD-FC2D-4682-8278-117DDDFEDF2D}
2014-10-20 08:12 - 2014-10-20 08:12 - 00003156 _____ () C:\Windows\System32\Tasks\{58D4A9CD-E6CF-4CEC-A600-74528B77DD2F}
2014-10-17 20:21 - 2014-10-17 20:21 - 09752765 _____ (AVAST Software) C:\Users\Wolfwilhelm\Downloads\avast_free_antivirus_setup_9_0_2021.exe.part
2014-10-02 11:11 - 2014-10-02 11:11 - 00044035 _____ () C:\Users\Wolfwilhelm\Desktop\data=U4aSnIyhBFNIJ3A8fCzUmaVIwyWq6RtIfB4QKiGq_w,AElf5OHBIv-NHynUKiQMoqjrjAC8l9wqIe5o6mRtWXJgiUOBlIkoIzmqqcH3xN38Sx_iNGcpB72a9yPh

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 13:19 - 2010-11-04 17:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 12:59 - 2014-01-20 18:07 - 00001979 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-27 12:59 - 2013-05-10 16:47 - 00000870 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-27 12:40 - 2012-06-22 06:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 12:05 - 2012-09-19 22:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-27 11:23 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 11:23 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 11:16 - 2014-03-26 15:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-27 11:14 - 2010-11-04 17:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 11:14 - 2009-09-07 15:42 - 00000961 _____ () C:\Windows\SysWOW64\bscs.ini
2014-10-27 11:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 10:33 - 2009-10-05 22:35 - 00000000 ____D () C:\Windows\DeployWinRE2
2014-10-27 07:49 - 2010-11-05 01:43 - 00658286 _____ () C:\Windows\system32\perfh007.dat
2014-10-27 07:49 - 2010-11-05 01:43 - 00131234 _____ () C:\Windows\system32\perfc007.dat
2014-10-27 07:49 - 2009-07-14 06:13 - 01509920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 04:24 - 2010-11-12 15:48 - 01551788 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-27 04:24 - 2010-11-12 15:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-10-27 03:15 - 2012-05-20 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-27 03:14 - 2012-05-20 07:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-27 03:14 - 2012-05-20 07:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-27 01:07 - 2012-09-14 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 01:07 - 2011-05-17 09:14 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\Malwarebytes
2014-10-26 23:42 - 2009-07-14 05:45 - 00333144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-26 23:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-26 19:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-24 15:26 - 2012-09-14 12:15 - 00000000 ____D () C:\ProgramData\Avira
2014-10-24 15:06 - 2009-07-14 03:34 - 00000523 _____ () C:\Windows\win.ini
2014-10-24 11:03 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-24 10:55 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-24 10:33 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-23 14:14 - 2010-11-04 17:31 - 00000000 ____D () C:\Users\Wolfwilhelm
2014-10-21 21:44 - 2013-03-24 18:40 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - Das Himmelsschloss
2014-10-21 21:44 - 2013-03-24 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - Das Himmelsschloss
2014-10-21 21:44 - 2012-07-13 19:32 - 00000000 ____D () C:\Users\Wolfwilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Helden der Wikinger
2014-10-21 21:44 - 2012-07-13 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Helden der Wikinger
2014-10-21 21:44 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-21 17:26 - 2012-12-11 17:34 - 00000000 ____D () C:\Program Files (x86)\ACD Systems
2014-10-21 10:03 - 2011-11-13 12:34 - 00000262 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-10-20 08:15 - 2010-07-13 12:45 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-10-20 08:14 - 2010-07-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-10-19 19:32 - 2011-09-05 12:30 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 07:14 - 2010-11-04 17:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 07:14 - 2010-11-04 17:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 21:20 - 2011-08-12 20:44 - 00000000 ____D () C:\Program Files (x86)\Zylom Games
2014-10-16 08:26 - 2012-10-14 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-15 12:14 - 2011-04-03 22:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 10:02 - 2010-11-09 13:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

ZeroAccess:
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@

Some content of TEMP:
====================
C:\Users\Wolfwilhelm\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Wolfwilhelm\AppData\Local\Temp\Quarantine.exe
C:\Users\Wolfwilhelm\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 10:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
/Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by Wolfwilhelm at 2014-10-27 13:38:16
Running from C:\Users\Wolfwilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PDNZVZ0
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autostart-Manager (HKLM-x32\...\{0C6DA7D3-EA2A-428B-8F8A-28EB811F57B2}) (Version: 6.01.0000 - Wirth IT Design )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.0.0.872 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Benutzerhandbuch EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Combat Wings (HKLM-x32\...\Combat Wings/DE-German_is1) (Version:  - City Interactive)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy: Helden der Wikinger (HKLM-x32\...\BFG-Farm Frenzy - Helden der Wikinger) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft AutoRoute 2005 (HKLM-x32\...\{67E4EE98-59F4-4220-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyEPSON Portal (HKLM-x32\...\MyEPSON Connect) (Version:  - SEIKO EPSON Corporation)
MyEPSON Portal (x32 Version: 1.0.4.0 - SEIKO EPSON CORPORATION) Hidden
Mystery Case Files&reg;: Dire Grove™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
Nokia_Multimedia_Common_Components_2_5 (HKLM-x32\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5903 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
teXXas (HKLM-x32\...\{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}) (Version: 1 - metaspinner net GmbH)
T-Mobile Internet Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
TreeSize Free V3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2 - JAM Software)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Youda Legend (HKLM-x32\...\Youda Legend) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3102910257-502917973-1973155659-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-24 10:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0272B32F-5070-4C67-9318-D7F77696F5B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {1A307194-7211-498C-800B-8173C14372DD} - System32\Tasks\{DFBCDA77-0E45-4063-B7BC-5D81FA3BD16D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {1C7C684A-43DC-4CEA-AB97-68A60D2DA881} - System32\Tasks\{892A8520-C31C-4381-AE42-0ADADEE233EE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {2128EEE4-25B8-4DBD-93B9-EDFA2EEFA5F3} - System32\Tasks\{17B7E77A-14D3-4C88-8968-A97488BB53EC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {21884149-F792-484D-AB2D-763F1EEF69ED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26A06891-8DAF-4D1C-B73E-EAC90BF45341} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {30351A0A-7FD7-4652-AF2A-AA3F76B13795} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3102910257-502917973-1973155659-1000
Task: {364A6CA0-A035-48FD-A7E3-0ED9F19AB493} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {46571DE3-4013-43A0-B6A8-B0C000A93F3C} - System32\Tasks\{1989B1BB-9ACD-4699-8B6B-EAF50A6C93C6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {56139A8E-DBBF-4068-A45C-410BD365CA52} - System32\Tasks\{FE0F46AC-009E-4352-87F9-088651D88426} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {5BF5F12E-47A9-4E3E-AD72-00C36CB8F015} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-06-24] (Acer)
Task: {B73F27FF-7748-4DFD-AE02-E355E19FCC5B} - System32\Tasks\{59638401-EAEE-4699-875F-387B7574D84D} => C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
Task: {B75D15BC-F623-44E8-81C2-3F3F6A2C6FCD} - System32\Tasks\{B9044C94-EF00-4EBC-9EA1-FDDD5A8D5906} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsPlugin
Task: {DFEA8F06-1599-4DBF-81FF-AA03E2C5D4CC} - System32\Tasks\{5CAF399F-D519-409A-9407-C0CD0488E0E0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {E7C34016-2190-45E8-985D-5CEC14AFC77F} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {EE665F4D-85D8-4D15-B8BF-7F0652FF63FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {FBDD8760-2FFD-4F75-81C7-2B69A4A16CF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {FDC41DF8-840E-400B-88B4-F0D7817F82CA} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\System32\BsTrace.dll
2012-10-05 21:28 - 2012-10-05 21:28 - 00106496 _____ () C:\Windows\system32\sdiagpsv.exe
2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2008-03-07 13:54 - 2008-03-07 13:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll
2010-11-04 17:08 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2011-01-12 23:13 - 2010-05-13 09:42 - 00215552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00044544 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-10-24 15:26 - 2011-12-15 13:59 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 20:39 - 2012-12-06 15:20 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2009-09-02 09:43 - 2009-09-02 09:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 00:44 - 2013-04-19 00:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2004-01-09 21:02 - 2004-01-09 21:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 22:08 - 2002-04-22 22:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 22:08 - 2002-04-22 22:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll
2010-07-25 07:10 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2009-09-02 09:48 - 2009-09-02 09:48 - 00144384 _____ () C:\Windows\system32\BsProfilefunc.dll
2011-01-12 23:13 - 2010-05-13 09:41 - 00594432 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
2011-01-12 23:13 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libexpat.dll
2012-05-13 09:11 - 2012-05-13 09:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9875ce06b9f0047956d97ccb4e82c672\IsdiInterop.ni.dll
2010-07-13 12:32 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-18 17:16 - 2013-11-18 02:56 - 01042432 _____ () C:\Users\Wolfwilhelm\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.3.132\Blingext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0EC7A545
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:24164710
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:38B3DB6F
AlternateDataStreams: C:\ProgramData\Temp:3D26641D
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:423BBE9A
AlternateDataStreams: C:\ProgramData\Temp:488F7244
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4B1195DD
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53DF59D1
AlternateDataStreams: C:\ProgramData\Temp:59465B40
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:6247E766
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:6499508E
AlternateDataStreams: C:\ProgramData\Temp:6A4353C3
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6E2D80C8
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:700B9342
AlternateDataStreams: C:\ProgramData\Temp:726A7C8D
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:762408BA
AlternateDataStreams: C:\ProgramData\Temp:774A0E14
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7A3AAF2E
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:7FCB9D0D
AlternateDataStreams: C:\ProgramData\Temp:8075370B
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:870649A4
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:90C320E1
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:961B84C5
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A6D89509
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:A9056F42
AlternateDataStreams: C:\ProgramData\Temp:A9223B61
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B
AlternateDataStreams: C:\ProgramData\Temp:C0893153
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:CAB0171A
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC141B05
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E14FA16F
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3102910257-502917973-1973155659-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3102910257-502917973-1973155659-500 - Administrator - Disabled)
Gast (S-1-5-21-3102910257-502917973-1973155659-501 - Limited - Disabled)
Wolfwilhelm (S-1-5-21-3102910257-502917973-1973155659-1000 - Administrator - Enabled) => C:\Users\Wolfwilhelm

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 00:57:29 PM) (Source: TreeSize Free) (EventID: 0) (User: Wolfwilhelm-PC)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 016C0884 in module 'TreeSizeFree.exe'. Read of address 00000000.
48  5361 TreeSizeFree.exe ShellBrowser TShellBrowser.GetShellFolder +2
436  5913 TreeSizeFree.exe ShellBrowser TShellBrowser.GetUIObject +22
680  5094 TreeSizeFree.exe ShellBrowser TShellBrowser.InvokeContextMenuCommand +43
560  154 TreeSizeFree.exe TreeSize.FileSystem.Root TFileSystemRoot.InvokeContextMenuCommand +27
151  562 TreeSizeFree.exe TreeSize.Presenter.VirtualTree TTreeSizeVTPresenter.DirectoryTreeKeyDown +12
33  0 TreeSizeFree.exe Vcl.Controls TWinControl.KeyDown +0
63  1215 TreeSizeFree.exe Jam.UI.VirtualTree TVirtualStringTreeEx.KeyDown +9
146  0 TreeSizeFree.exe Vcl.Controls TWinControl.DoKeyDown +0
10  0 TreeSizeFree.exe Vcl.Controls TWinControl.WMKeyDown +0
20  18537 TreeSizeFree.exe VirtualTrees TBaseVirtualTree.WMKeyDown +2
36  0 TreeSizeFree.exe Vcl.Controls TControl.Perform +0
64  0 TreeSizeFree.exe Vcl.Controls TWinControl.CNKeyDown +0
701  0 TreeSizeFree.exe Vcl.Controls TControl.WndProc +0
1477  0 TreeSizeFree.exe Vcl.Controls TWinControl.WndProc +0
242  27326 TreeSizeFree.exe VirtualTrees TBaseVirtualTree.WndProc +32
44  0 TreeSizeFree.exe Vcl.Controls TWinControl.MainWndProc +0
20  0 TreeSizeFree.exe System.Classes StdWndProc +0
10  0 USER32.dll  DispatchMessageW +0
243  0 TreeSizeFree.exe Vcl.Forms TApplication.ProcessMessage +0
10  0 TreeSizeFree.exe Vcl.Forms TApplication.HandleMessage +0
201  0 TreeSizeFree.exe Vcl.Forms TApplication.Run +0
16  0 kernel32.dll  BaseThreadInitThunk +0


System errors:
=============
Error: (10/27/2014 01:22:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (10/27/2014 00:57:29 PM) (Source: TreeSize Free) (EventID: 0) (User: Wolfwilhelm-PC)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 016C0884 in module 'TreeSizeFree.exe'. Read of address 00000000.
48  5361 TreeSizeFree.exe ShellBrowser TShellBrowser.GetShellFolder +2
436  5913 TreeSizeFree.exe ShellBrowser TShellBrowser.GetUIObject +22
680  5094 TreeSizeFree.exe ShellBrowser TShellBrowser.InvokeContextMenuCommand +43
560  154 TreeSizeFree.exe TreeSize.FileSystem.Root TFileSystemRoot.InvokeContextMenuCommand +27
151  562 TreeSizeFree.exe TreeSize.Presenter.VirtualTree TTreeSizeVTPresenter.DirectoryTreeKeyDown +12
33  0 TreeSizeFree.exe Vcl.Controls TWinControl.KeyDown +0
63  1215 TreeSizeFree.exe Jam.UI.VirtualTree TVirtualStringTreeEx.KeyDown +9
146  0 TreeSizeFree.exe Vcl.Controls TWinControl.DoKeyDown +0
10  0 TreeSizeFree.exe Vcl.Controls TWinControl.WMKeyDown +0
20  18537 TreeSizeFree.exe VirtualTrees TBaseVirtualTree.WMKeyDown +2
36  0 TreeSizeFree.exe Vcl.Controls TControl.Perform +0
64  0 TreeSizeFree.exe Vcl.Controls TWinControl.CNKeyDown +0
701  0 TreeSizeFree.exe Vcl.Controls TControl.WndProc +0
1477  0 TreeSizeFree.exe Vcl.Controls TWinControl.WndProc +0
242  27326 TreeSizeFree.exe VirtualTrees TBaseVirtualTree.WndProc +32
44  0 TreeSizeFree.exe Vcl.Controls TWinControl.MainWndProc +0
20  0 TreeSizeFree.exe System.Classes StdWndProc +0
10  0 USER32.dll  DispatchMessageW +0
243  0 TreeSizeFree.exe Vcl.Forms TApplication.ProcessMessage +0
10  0 TreeSizeFree.exe Vcl.Forms TApplication.HandleMessage +0
201  0 TreeSizeFree.exe Vcl.Forms TApplication.Run +0
16  0 kernel32.dll  BaseThreadInitThunk +0


CodeIntegrity Errors:
===================================
  Date: 2014-10-24 11:50:49.664
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-24 11:50:49.558
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-23 10:42:53.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.623
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.591
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-23 10:42:53.587
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-22 23:15:07.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-22 23:15:07.911
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 3958.71 MB
Available physical RAM: 1009.37 MB
Total Pagefile: 4081.73 MB
Available Pagefile: 815.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1B2C6703)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 28.10.2014, 06:57   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\..\Interfaces\{B1B0A57B-FB4C-4B54-8DA2-EF8048B4E0B8}: [NameServer] 10.74.83.22 193.254.160.1
cmd: netsh winsock reset
ZeroAccess:
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@
cmd: ipconfig /flushdns
Task: {FDC41DF8-840E-400B-88B4-F0D7817F82CA} - \CreateChoiceProcessTask No Task File <==== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Was macht das Internet?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.10.2014, 11:14   #13
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Code:
ATTFilter
/Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by Wolfwilhelm at 2014-10-28 11:54:37 Run:2
Running from C:\Users\Wolfwilhelm\Desktop\Trojaner board
Loaded Profile: Wolfwilhelm (Available profiles: Wolfwilhelm)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\..\Interfaces\{B1B0A57B-FB4C-4B54-8DA2-EF8048B4E0B8}: [NameServer] 10.74.83.22 193.254.160.1
cmd: netsh winsock reset
ZeroAccess:
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}
C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@
cmd: ipconfig /flushdns
Task: {FDC41DF8-840E-400B-88B4-F0D7817F82CA} - \CreateChoiceProcessTask No Task File <==== ATTENTION
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B1B0A57B-FB4C-4B54-8DA2-EF8048B4E0B8}\\NameServer => Value not found.

=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========

ZeroAccess: => Error: No automatic fix found for this entry.
"C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}" => File/Directory not found.
"C:\Users\Wolfwilhelm\AppData\Local\{fec9dfba-b9c4-ecc7-363e-f906a2cebff5}\@" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDC41DF8-840E-400B-88B4-F0D7817F82CA}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => Key not found.


The system needed a reboot. 

==== End of Fixlog ====
         
Hallo Schrauber!
Das Internet läuft so leidlich. Manchmal sind 0MB von 452GB. Momentan sind es 363MB. Was mir Sorgen macht: Ich müsste unbedingt "online-banken". Ich habe aber so meine Bedenken.
Gruß Wolf

Alt 29.10.2014, 07:14   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Warte noch mit banken.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.10.2014, 23:49   #15
Wolfwilhelm
 
Festplatte C ist ständig belegt. - Standard

Festplatte C ist ständig belegt.



Moin!
Nach ca. 14 Std. Laufzeit mit zwei Unterbrechungen bekomme ich die Mitteilung: ESET Online Scanner Container funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. ESET: 23%, 171427geprüfte Dateien, 85114 infizierte Dateien. 72,2MB von 452GB.

Antwort

Themen zu Festplatte C ist ständig belegt.
babylonobjectinstaller entfernen, fehlercode 0x0, fehlercode 0x40000015, fehlercode 0x80000003, fehlercode windows, ib updater 2.0.0.575 entfernen, pup.bprotector, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bprotector, pup.optional.bprotector.a, pup.optional.datamangr.a, pup.optional.datamngr.a, pup.optional.downloadprotect.a, pup.optional.downloadster, pup.optional.frostwiretb.a, pup.optional.incredibar, pup.optional.incredibar.a, pup.optional.installbrain.a, pup.optional.mystartsearch.a, pup.optional.perion.a, pup.optional.softonic.a, pup.optional.startpage.a, pup.optional.sweetim.a, zu wenig speicherplatz



Ähnliche Themen: Festplatte C ist ständig belegt.


  1. Win 7 extreem langsam - CPU und RAM aber nur 15% belegt
    Log-Analyse und Auswertung - 25.07.2015 (9)
  2. Merkwürdige Fehler und ständig sehr viel Arbeitsspeicher belegt.
    Plagegeister aller Art und deren Bekämpfung - 21.05.2015 (24)
  3. Firefox hängt, Arbeitsspeicher zu 100% belegt.
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (20)
  4. SD-Karte: Fotos weg, Speicher belegt
    Netzwerk und Hardware - 02.01.2015 (1)
  5. Windows 7: mehrere *32iexplorer.exe im Taskmanager, belegt 3/4 der RAM
    Log-Analyse und Auswertung - 06.11.2014 (7)
  6. Schlimmer Trojaner Befall , Festplatte arbeitet ständig, blockiert Programme
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (3)
  7. Nicht entfernbarer Balken belegt 1/3 vom Desktop
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (5)
  8. Windows Recovery gibt ständig Warnungen, kein Zugriff mehr auf Festplatte
    Plagegeister aller Art und deren Bekämpfung - 29.03.2011 (30)
  9. bei meiner 250 gb festplatte sind 71,8 mb belegt obwohl nichts sichtbares drauf ist
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (8)
  10. Enter- und Feststelltaste belegt worden
    Plagegeister aller Art und deren Bekämpfung - 21.03.2009 (20)
  11. netstat ports komisch belegt
    Plagegeister aller Art und deren Bekämpfung - 23.11.2008 (4)
  12. rundll32.exe belegt 98% - system extrem langsam
    Mülltonne - 09.10.2008 (1)
  13. rundll32.exe belegt 98% - system ist sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 09.10.2008 (0)
  14. PC startet sich beim anschliessen ext. Festplatte ständig neu
    Alles rund um Windows - 28.08.2008 (5)
  15. PC stüzt nach Neuinstallation und neuer SATA Festplatte ständig
    Alles rund um Windows - 21.07.2008 (11)
  16. RAM noch nach hoher Ausnutzung belegt
    Diskussionsforum - 18.10.2007 (2)
  17. ping hoch bandbreite belegt
    Log-Analyse und Auswertung - 26.12.2004 (4)

Zum Thema Festplatte C ist ständig belegt. - Guten Tag! Seit einigen Tagen ist meine Festplatte C mal mehr (0 MB von 452 GB), mal weniger belegt. Mehrmaliger Durchlauf von Avira, Kaspersky e.t.c. bringen für kurze Zeit mehr - Festplatte C ist ständig belegt....
Archiv
Du betrachtest: Festplatte C ist ständig belegt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.