Verdacht auf Trojaner

lobowolf · 26.12.2014, 18:43

Vorerst schöen Feiertage und entschuldige das ich Dich um diese Zeit störe habe aber den Verdacht das ich mir 2 Erpressungstrojaner eingefangen habe. Habe meinen Lap mit Malwarebytes (Premium Edition ) gescannt und er hat mir 2 Trojaner angezeigt die ich in die Quarantäne verschoben habe. Es handelt sich dabei umden security.hijack der als Registrierungswert und alsRegistrierungsschlüssel ausgewiesen ist. E dürfte sich meiner laienhaften Meinung um ein Debug firefox.exe handeln. Der PC funktioniert einwandfrei traue mich aber nicht ihn auszuschalten und wieder hochzufahren obwohl beim 2. scan nichts festgestellt wurde

schreibe dich deswegen weil du mir schon einmal erfolgreich geholfen hast lg wolfgang

schrauber · 26.12.2014, 18:44

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lobowolf · 26.12.2014, 18:55

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by melsy (administrator) on MELSY-HP on 26-12-2014 18:48:30
Running from C:\Users\melsy\Downloads
Loaded Profiles: melsy & _supereasy_1cbackup_ (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Users\melsy\AppData\Roaming\BupSystem\bup.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Astonsoft) C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [SuperEasy 1-Click Backup] => C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe [317024 2013-11-28] ()
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\RunOnce: [Adobe Speed Launcher] => 1419551942
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * DfSDKBt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3195104690-1283173883-910289243-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON/1
HKU\S-1-5-21-3195104690-1283173883-910289243-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQCON/1
HKU\S-1-5-21-3195104690-1283173883-910289243-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON/1
URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {1890CF76-D8E5-4584-8B8B-0415EA96601F} URL = 
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> DefaultScope {1890CF76-D8E5-4584-8B8B-0415EA96601F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D43504E5444462670633D43504E544446267372633D49452D536561726368426F78&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&k=0
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {0E0DBFCD-7DDD-4792-9F42-2DFF3E266C26} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {1890CF76-D8E5-4584-8B8B-0415EA96601F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {5DAD9BF3-1DB3-4915-899F-52C1FB45E7A5} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F353232312D3131313037322D373833332D332F343F6D7072653D687474703A2F2F73686F702E656261792E636F6D2F3F5F6E6B773D7B7365617263685465726D737D&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&k=0
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} -  No File
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693
FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14]
FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05]
FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13]
FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13]
FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21]
FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13]
FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13]
FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24]
FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05]
FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-04-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 bupService; C:\Users\melsy\AppData\Roaming\BupSystem\bup.exe [1005056 2014-04-13] () [File not signed]
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] ()
R2 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe [24672 2013-11-28] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6)
R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 18:48 - 2014-12-26 18:49 - 00033468 _____ () C:\Users\melsy\Downloads\FRST.txt
2014-12-26 18:47 - 2014-12-26 18:48 - 00000000 ____D () C:\FRST
2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe
2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt
2014-12-24 15:19 - 2014-12-24 15:19 - 00002181 _____ () C:\Users\melsy\Desktop\TuneUp Utilities 2014.lnk
2014-12-24 15:10 - 2014-12-24 15:10 - 00000282 _____ () C:\Windows\PFRO.log
2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe
2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates
2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN
2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe
2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe
2014-12-22 01:01 - 2014-12-22 01:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano
2014-12-22 01:00 - 2014-12-22 01:00 - 00001100 _____ () C:\Users\melsy\Desktop\Duplicate Cleaner Free.lnk
2014-12-22 01:00 - 2014-12-22 01:00 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-12-22 01:00 - 2014-12-22 01:00 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner
2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe
2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe
2014-12-20 18:36 - 2014-12-20 18:36 - 00001282 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk
2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-20 18:32 - 2014-12-25 21:06 - 00000728 _____ () C:\Windows\setupact.log
2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 12:27 - 2014-12-26 14:07 - 00234011 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit
2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign
2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe
2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007
2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus
2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4
2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4
2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe
2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe
2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp
2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP
2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe
2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects
2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis
2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP
2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro
2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax
2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx
2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe
2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe
2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin
2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin
2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task
2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik
2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part
2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe
2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe
2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme
2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk
2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe
2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15
2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe
2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4
2014-12-02 22:24 - 2014-12-02 22:24 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup
2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo
2014-12-02 16:15 - 2014-12-18 12:24 - 00000000 ____D () C:\Users\_supereasy_1cbackup_
2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup
2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help
2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software
2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture
2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia
2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-12-02 16:15 - 2012-05-18 14:20 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\AskToolbar
2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-02 16:14 - 2014-12-02 16:14 - 00000000 ____D () C:\Program Files\SuperEasy Software
2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe
2014-11-30 19:27 - 2014-11-30 19:27 - 05152768 _____ () C:\Users\melsy\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-11-30 19:23 - 2014-11-30 19:23 - 00003002 _____ () C:\Windows\System32\Tasks\{4FBE209A-8A27-4E26-81B3-722670F9ECA0}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 18:48 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype
2014-12-26 18:44 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 18:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-26 18:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-26 18:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job
2014-12-26 17:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 16:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-26 14:09 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps
2014-12-26 00:48 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 00:22 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-25 22:50 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-25 21:14 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 21:14 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 21:12 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC}
2014-12-25 21:12 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1}
2014-12-25 21:12 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C}
2014-12-25 21:12 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938}
2014-12-25 21:12 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat
2014-12-25 21:12 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat
2014-12-25 21:12 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 21:11 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1}
2014-12-25 21:11 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462}
2014-12-25 21:11 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E}
2014-12-25 21:11 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869}
2014-12-25 21:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype
2014-12-24 17:34 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy
2014-12-24 17:34 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job
2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF
2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes
2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr
2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien
2014-12-22 10:31 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO
2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre
2014-12-21 19:55 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc
2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX
2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-20 18:42 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-20 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\ProgramData\NCH Software
2014-12-20 18:36 - 2012-09-23 02:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity
2014-12-20 04:09 - 2013-10-22 12:49 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Windows Net Data
2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios
2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView
2014-12-20 01:58 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp
2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video
2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ
2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar
2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM
2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2
2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client
2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy
2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client
2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations
2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos
2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx
2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications
2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client
2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender
2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client
2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk
2014-12-05 17:37 - 2012-09-23 02:49 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\NCH Software
2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2
2014-12-02 16:16 - 2013-02-15 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
2014-11-30 19:49 - 2012-11-11 20:14 - 00000000 ___RD () C:\Users\melsy\Desktop\HP DRUCKER
2014-11-27 20:30 - 2012-05-18 15:59 - 00000000 ____D () C:\Windows\System32\Tasks\Games

Some content of TEMP:
====================
C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\melsy\AppData\Local\Temp\ripsetup.exe
C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 04:32

==================== End Of Log ============================

--- --- ---

lobowolf · 27.12.2014, 09:23

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by melsy at 2014-12-26 18:50:45
Running from C:\Users\melsy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG Internet Security Business Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security Business Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security Business Edition 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo MusicRecorder version  1.0.0.0 (HKLM-x32\...\{FAF11D3B-7633-402B-BAFA-4BCAAE030F20}_is1) (Version: 1.0.0.0 - Leawo Software)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acoustica Standard Edition 5.0 (HKLM-x32\...\Acoustica Standard Edition_is1) (Version: 5.0 - Acon AS)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aiseesoft PDF to Word Converter 3.1.8 (HKLM-x32\...\{3CF515C0-55D9-4591-824F-1934352AC10E}_is1) (Version:  - )
AntiPhotoSpy 2013 (HKLM-x32\...\{F5593F5B-B3A9-40CB-BB69-8190675F8DD9}_is1) (Version: 1.6 - Abelssoft)
Artensoft Photo Mosaic Wizard (HKLM\...\Artensoft Photo Mosaic Wizard_is1) (Version: 1.6 - Artensoft)
Ashampoo Movie Studio 2013 v.1.0.4 (HKLM-x32\...\{91B33C97-EB09-F0A4-36AC-3895F9F93DD1}_is1) (Version: 1.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 2012 v.1.0.0 (HKLM-x32\...\Ashampoo Music Studio 2012_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 9 v.9.4.3 (HKLM-x32\...\{C92AB6F1-6A1B-F954-7C68-B44BA8E357A4}_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 7 v.7.0.9 (HKLM-x32\...\{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1) (Version: 7.0.9 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler 2013 v.1.0.1 (HKLM-x32\...\{91B33C97-8914-D2D4-EB40-39C1714271FF}_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler 2013 v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler 2013_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 11 v.11.00.50 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.50 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 6.60 (HKLM-x32\...\Ashampoo WinOptimizer 6_is1) (Version: 6.6.0 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audials (HKLM-x32\...\{7DED1048-34EC-4D7C-968E-D1112EC3325B}) (Version: 11.0.53800.0 - Audials AG)
Audio Record Wizard (HKLM-x32\...\Audio Record Wizard) (Version: 6.8 - NowSmart)
AUDIOzilla v1.1 (HKLM-x32\...\AUDIOzilla_is1) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
AX3000G SoundEditor (HKLM-x32\...\{30C9A025-801C-11D9-81EE-0000F4602D00}) (Version: 1.00.0.2 - KORG Inc.)
B109a-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.05 - Ilya Morozov)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.1300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1300 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
BusinessCards MX (HKLM-x32\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.73 - MOJOSOFT)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calme Version 2013 (HKLM-x32\...\{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1) (Version: 2013 - Metin Elma)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCFinder (HKLM-x32\...\CCFinderAppId_is1) (Version: 2014 - Abelssoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CCScore (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Communism Muscle Cars (HKLM-x32\...\Communism Muscle Cars_is1) (Version:  - GameHitZone.com)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkWave Studio 4.4.1 (HKLM-x32\...\DarkWave Studio) (Version: 4.4.1 - ExperimentalScene)
Data Wipe  (HKLM-x32\...\Data Wipe) (Version:  - Tenorshare, Inc.)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Maschinenbau & Konstruktion 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Maschinenbau & Konstruktion 22_is1) (Version: 22 - Franzis Verlag)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dream Pinball 3D Demo (HKLM-x32\...\Dream Pinball 3D Demo) (Version: 1.00 - TopWare Interactive Inc.)
Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION
DvDrum 2 (HKLM-x32\...\"DvDrum 2_is1) (Version: Beta 5 - Daniele Franceschini)
Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
Easy Flyer Creator 3.0 (HKLM-x32\...\{B07CB2BA-819B-41C5-BBE0-484A4C23972E}) (Version: 3.0.0 - Peridot Technologies)
eSpeak version 1.45.05 (HKLM-x32\...\eSpeak_is1) (Version:  - )
ESSBrwr (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.00.0000.0001 - Ihr Firmenname) Hidden
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 6.02 - Astonsoft Ltd)
ESSgui (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.00.0000.0001 - Ihr Firmenname) Hidden
ESSPCD (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - Ihr Firmenname) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.73 - NCH Software)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
First PDF (HKLM-x32\...\First PDF) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.11.504 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.11.504 - DVDVideoSoft Ltd.)
Free Audio Editor v7.9.4 (HKLM-x32\...\Free Audio Editor_is1) (Version:  - FreeAudioStudio Inc.)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.80 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.27.508 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.27.508 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Freemium Free PDF Perfect (HKLM-x32\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium)
Freenet (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Freenet) (Version:  - )
Galaxy Invaders (HKLM-x32\...\Galaxy Invaders_is1) (Version:  - GameHitZone.com)
Geheimtext (HKLM-x32\...\Geheimtext_is1) (Version: 100 - Abelssoft)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Grand Prix Racing (HKLM-x32\...\Grand Prix Racing_is1) (Version:  - GameHitZone.com)
Guitar and Bass (HKLM-x32\...\Guitar and Bass_is1) (Version: 1.0.4 - G.F. Software)
Guitar Explorer 1.0 (HKLM-x32\...\Guitar Explorer 1.0) (Version:  - )
HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{54B0845F-5540-4492-9939-CD8880ABABF0}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{A253A57F-4319-49B5-B405-64587FFBCFE2}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
Hydrogen 0.9.6 preview release for windows (HKLM-x32\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version:  - hydrogen-music.org)
ICQ6.5 (HKLM-x32\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
InlineTranslate für Firefox (HKLM-x32\...\{C84149C6-0CF4-4003-BF6F-B9E70E3ACB90}_is1) (Version: 2.0 - InlineTranslate)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kingsoft Presentation  (8.1.0.3019) (HKLM-x32\...\Kingsoft Presentation) (Version: 8.1.0.3019 - Kingsoft Corp.)
K-Lite Codec Pack 9.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Kodak EasyShare Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Last Space Fighter (HKLM-x32\...\Last Space Fighter_is1) (Version:  - GameHitZone.com)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.166 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.166 - LogMeIn, Inc.) Hidden
MagicScore (HKLM-x32\...\MagicScore_is1) (Version:  - )
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Foto Manager MX (HKLM-x32\...\MAGIX_{30D2BC25-D905-48FE-AA2C-98E11AC3A081}) (Version: 9.0.1.238 - MAGIX AG)
MAGIX Foto Manager MX (x32 Version: 9.0.1.238 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2013 (Demosongs) (HKLM-x32\...\MX.{4913C631-0363-496A-9E24-1A260205AB9D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2013 (Demosongs) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2013 (Einführungsvideos) (HKLM-x32\...\MX.{3968ADA6-A25A-434C-9AD2-CE57498E27DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2013 (Einführungsvideos) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2013 (HKLM-x32\...\MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}) (Version: 19.0.7.67 - MAGIX Software GmbH)
MAGIX Music Maker 2013 (Synthesizer und Effekte) (HKLM-x32\...\MX.{AD409A65-BD38-4322-8765-492DD4E72DBF}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2013 (Synthesizer und Effekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2013 (Version: 19.0.7.67 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2013 (Visuals) (HKLM-x32\...\MX.{86516976-CC47-4787-B9FD-720500EC1759}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2013 (Visuals) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker MX Production Suite Download-Version (x32 Version: 18.0.1.11 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{8EBA7109-16D0-4174-8DF2-B87A67199532}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\{925B36C2-C441-4ADC-8588-AA34E46C94B7}) (Version: 7.0.2.6 - MAGIX AG)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
MicroSIP (remove only) (HKLM-x32\...\MicroSIP) (Version:  - )
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x64 (HKLM\...\{17106CA8-E65A-4D02-95BE-79AF8C698935}) (Version: 1.0.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla)
MP4 To MP3 Converter V3.0.4 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version:  - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Nexus Radio (HKLM-x32\...\{8763793B-4D7D-49C8-A859-5C582EC02640}) (Version: 5.6.6 - Talam Group, LLC)
Nuclear Coffee - VideoGet (HKLM-x32\...\VideoGet_is1) (Version: 2012 - Nuclear Coffee)
OfotoXMI (x32 Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9041 - ooVoo LLC.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opticon USB Drivers Installer (HKLM-x32\...\Opticon USB Installer) (Version:  - )
Panopreter Basic version 3.0.9 (HKLM-x32\...\Panopreter Basic_is1) (Version:  - Panopreter.com)
PC Rambazamba (HKLM-x32\...\{A9D4AF7B-93BA-4671-BC54-EDA2770CAF18}) (Version: 1.00.0000 - Langmeier Software GmbH)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhoneCrypt Client Version PhoneCrypt  2.9.17.1959 (HKLM-x32\...\PhoneCrypt_is1) (Version: PhoneCrypt  2.9.17.1959 - SecurStar, Inc.)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.64 - NCH Software)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 2.42 - NCH Software)
PhotoStitcher 1.2 (HKLM-x32\...\{299EB32D-0525-4482-A8B5-1F30725AB6F1}_is1) (Version:  - Teorex)
Picture-Kit 3 Version 3.0 (HKLM-x32\...\{7B49D3E2-6789-45CF-8006-A78CD1F5A373}_is1) (Version: 3.0 - INGE BEYER Software Solutions)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Pixillion Imagedatei-Konverter (HKLM-x32\...\Pixillion) (Version: 2.74 - NCH Software)
Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN)
Pixlr-o-matic (x32 Version: 2.1 - UNKNOWN) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version: 2.6.32.50 - proDAD GmbH)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PS_AIO_06_B109a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PT Portrait version 1.0.0 (HKLM\...\{8E2D6BBF-8372-4B53-B006-E24DCE64753A}_is1) (Version: 1.0.0 - PHOTO-TOOLBOX.COM)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Q-Dir (HKLM\...\Q-Dir) (Version:  - )
Quick Stego 1.2 (HKLM-x32\...\Quick Stego_is1) (Version:  - Cybernescence Limited)
QuickTime (HKLM-x32\...\{08CA9554-B5FE-4313-938F-D4A417B81175}) (Version: 7.50.61.0 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RiffWorks T4 (HKLM-x32\...\RiffWorks T4) (Version: 2.6.7 - Sonoma Wire Works)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScanIT-Client 3.2 (HKLM-x32\...\ScanIT-Client_is1) (Version:  - GfK Austria)
Screen Capturer (HKLM-x32\...\Screen Capturer) (Version: 1.0.4.42 - ScreenCapturer.com)
Screenpresso (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Screenpresso) (Version: 1.5.2.0 - Learnpulse)
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
SFR (x32 Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shortcut Racers (HKLM-x32\...\Shortcut Racers_is1) (Version:  - GameHitZone.com)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
SimplyGoodPictures (HKLM-x32\...\{29205904-A7A8-4545-0001-697935602C90}) (Version: 1.0.12.426 - Engelmann Media GmbH)
skin0001 (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Songr (HKLM-x32\...\Songr) (Version: 1.9.36 - hxxp://at-my-window.blogspot.com/?page=songr)
Sothink Logo Maker Special (HKLM-x32\...\{E97A8C79-C035-4964-9DF5-B7B6D243A18C}_is1) (Version: 3.5 - SourceTec Software Co., LTD)
Spotify (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Star Warship (HKLM-x32\...\Star Warship_is1) (Version:  - GameHitZone.com)
staticcr (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steganos Password Manager 15 (HKLM-x32\...\{B8F35E03-DC02-4CAB-AEF2-577B4CA25E8A}) (Version: 15.2.4 - Steganos Software GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com)
SuperEasy 1-Click Backup (HKLM\...\SuperEasy 1-Click Backup) (Version: 1.13 - SuperEasy Software GmbH & Co. KG)
SuperEasy Audio Converter 2 v.2.1.2143 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.2143 - SuperEasy Software GmbH & Co. KG)
SuperEasy Video Booster v.1.1.3056 (HKLM-x32\...\{039BC111-ED4E-CCDF-634D-AF330C24ACB8}_is1) (Version: 1.1.3056 - SuperEasy Software GmbH & Co. KG)
SuperEZ Wave Editor v12.2.1 (HKLM-x32\...\SuperEZ Wave Editor_is1) (Version:  - SuperEZMedia Development Inc.)
SView5 for Windows (HKLM\...\{A5B47808-9E14-4C04-9EB3-777D62ABFDE4}_is1) (Version:  - PerSuaSiVe SoftWorX)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tipard Video Converter Platinum 6.2.16 (HKLM-x32\...\{F4A43B47-0518-4a39-B377-15DC62076AC0}_is1) (Version: 6.2.16 - Tipard Studio)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.342 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.342 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.342 - TuneUp Software) Hidden
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Ultra Drag Racing (HKLM-x32\...\Ultra Drag Racing_is1) (Version:  - GameHitZone.com)
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB Multi-Channel Audio Device (HKLM-x32\...\Generic USB 106 Sound) (Version:  - )
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Video Rotator V1.0.9 (HKLM-x32\...\{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1) (Version:  - VideoRotator.com)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VIS (HKLM-x32\...\VIS) (Version:  - ) <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VPRINTOL (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
VSDC Free Video Editor Version 2.3.0.337 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.3.0.337 - Flash-Integro LLC)
WaveShop (x64) (HKLM\...\{4912D50F-1CFB-4D91-B654-29E5BC2B1592}) (Version: 1.0.0 - Anal Software)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinX Mobile Video Converter 3.0.0 (HKLM-x32\...\WinX Mobile Video Converter_is1) (Version:  - Digiarty Software, Inc.)
WIRELESS (x32 Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
WonderFox Video to Picture Converter (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\WonderFoxVideotoPictureConverter) (Version:  - WonderFox Soft. All Rights Reserved.)
XnConvert 1.51 (HKLM\...\XnConvert_is1) (Version: 1.51 - Gougelet Pierre-e)
XnView 1.99.1 (HKLM-x32\...\XnView_is1) (Version: 1.99.1 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}) (Version:  - )
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{18369253-E53F-4A47-818E-082DFB950872}) (Version: 3.1.2.3 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.2.3 - Yamaha Corporation) Hidden
ZD Soft Screen Recorder 4.1.3.0 (HKLM-x32\...\ZD Soft Screen Recorder) (Version: 4.1.3.0 - ZD Soft)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

10-12-2014 19:21:35 Created by Wise Care 365
12-12-2014 13:19:55 Windows Modules Installer
13-12-2014 09:27:04 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 wurde installiert.
15-12-2014 11:03:51 Wiederherstellungsvorgang
15-12-2014 14:20:03 Windows Update
15-12-2014 18:59:42 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
15-12-2014 21:07:22 Configured Microsoft Office Enterprise 2007
17-12-2014 00:34:09 DesignCAD 3D Max 22 wurde installiert.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-25 21:07 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01129378-72E4-4875-94D9-3244AA84053B} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\SymErr.exe
Task: {01198FD1-ED04-442F-BB82-6E294D168A5B} - System32\Tasks\{F5DAFB4E-A60B-4116-9F09-A59C932BA636} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {03E0F7C9-378E-4A6E-9734-912A1191CECC} - System32\Tasks\{4BF1A8B8-CB82-4534-9A28-D08628C5E143} => C:\Programme\jCalendar\jCalendar.exe
Task: {0DACDC6D-9900-4C51-A8E6-B8E16FA3D043} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\SymErr.exe
Task: {0F5004A6-C441-43B3-8C03-BB1E071DBCF9} - System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/de/go/help.faq.installer?LastError=1618
Task: {12671161-6449-4349-A52D-3D90185B578F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.)
Task: {1C933C6B-7E1B-4D5A-884E-312C03E52C6B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {20960428-4821-470E-B356-ADE61D278E74} - System32\Tasks\{DA63B10A-4AA4-415D-B14F-20882B020224} => C:\Users\melsy\Downloads\lhttsged.exe [2012-06-25] (Microsoft Corporation)
Task: {2275559B-C5E5-422D-AA45-9FFA455E05C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {243D7A47-C7F3-449F-A4B3-1A47C931B022} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {3010AD89-86DF-48F8-809F-7F0AB43C5091} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {316A5078-541C-4E39-A254-03D66FFE9C50} - System32\Tasks\{02DEFB47-6A21-4840-A923-836BA7F0FC4A} => pcalua.exe -a "C:\Program Files (x86)\MUSICSTATION\musicstation.exe"
Task: {3247BA29-A020-4C3C-9AE0-E115049C6D3C} - System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.59.106/de/abandoninstall?page=tsMain
Task: {343DA5D2-A7B5-4163-994B-A280849E8B9E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-31] (Facebook Inc.)
Task: {449672D7-8648-44EE-B5E8-2E0CDCD25B91} - System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.73.102.456/de/go/help.faq.installer?LastError=1618
Task: {46A34A3E-FE2B-48B5-AEAA-BDA3D2C4C6CD} - System32\Tasks\{7571068C-F497-4FC5-ADD4-35E7096DFB57} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.7.1.5\uistub.exe
Task: {51D55B4D-67DF-40FA-A4FE-DE3CC1944C3E} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {56D16A26-C086-4C2F-9A50-1256A721D380} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {5BEC0A14-800A-4444-BE42-ACC444F20731} - System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {60081FEC-B90C-4BA1-A4E4-5EC3F0F87609} - System32\Tasks\{8DC528DF-C668-44A2-A31C-93B2FFB13B0A} => C:\Users\melsy\AppData\Local\Freenet\freenetlauncher.exe [2013-05-21] ()
Task: {65D575BE-410A-447D-B330-5443692346AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {6668009D-DEA7-41CE-93D4-D0E6B8459036} - System32\Tasks\HPCeeScheduleFormelsy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {67E242A7-6F0B-4797-B545-E3E15F1EDEAE} - System32\Tasks\{5BFD2BA9-AC77-4AF0-BEDE-ED496F689609} => pcalua.exe -a "C:\Program Files (x86)\FreeHDSport TV\Uninstall.exe" -c /fromcontrolpanel=1
Task: {67FBE70A-7C8D-4BC7-9925-215764406076} - System32\Tasks\{C5BAA74F-22E2-4F89-8A15-F55C07459494} => pcalua.exe -a C:\Users\melsy\Desktop\FreeScreenCapturer_1-0-4-42.exe -d C:\Users\melsy\Desktop
Task: {6DF94FFC-E5D5-412B-9F49-E5C0848C19AB} - System32\Tasks\{AC18E9B7-C5B8-4B30-A692-A929B63DA066} => pcalua.exe -a C:\Users\melsy\Downloads\lhttsged.exe -d C:\Users\melsy\Downloads
Task: {6DFD1216-9460-447B-B912-4EC7A58883D3} - System32\Tasks\WpsUpdateTask_melsy => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-10-29] (Zhuhai Kingsoft Office-software Co.,Ltd)
Task: {7D678D51-701D-46DD-9972-DF5DFF100443} - System32\Tasks\{68ECAC93-8124-43DB-B24A-650885E2BADD} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000
Task: {82748283-6624-447A-A8CA-49C398293069} - System32\Tasks\{963AFCB0-77B1-4C30-B305-F56C7A0EBB2B} => pcalua.exe -a C:\Users\melsy\Downloads\dotNetFx35setup(1).exe -d C:\Users\melsy\Downloads
Task: {8515EC2B-C62E-413B-A428-6F858025BC21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8542C1B0-137C-415E-86F5-2DEC0F2B4B09} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {8596C597-1FBF-4783-96D6-FB78F7FE605F} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
Task: {8E52F36D-3CBE-4443-AF9D-53F564C3B7F5} - System32\Tasks\{9F7FA772-FD2E-4158-A4C5-6337F924BF71} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {8E7F327F-12F6-4D75-9D7F-0B671653AE79} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {90E77342-600D-4A4F-BF59-D61B7053855C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {92CE2904-5D89-42DD-B487-579244164EE4} - System32\Tasks\{22E33B45-0371-4117-ABFB-FEA73B3FE9A8} => C:\Programme\jCalendar\jCalendar.exe
Task: {971E64F7-C1E0-4A48-A852-324B7F33B1B5} - System32\Tasks\{3ABB7357-D358-41A4-9954-B6BB3A87DC07} => pcalua.exe -a G:\Install.exe -d G:\
Task: {9BCCA73A-EF82-4843-B3CD-A7B5BB0CBC56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.)
Task: {9DE87302-322D-492F-BBA0-8B4A585E329F} - System32\Tasks\{61CE41BF-C4A4-4791-A301-5F93B0DFAA9A} => pcalua.exe -a C:\Users\melsy\Desktop\Air_Assault.exe -d C:\Users\melsy\Desktop
Task: {9F3A2A36-84C1-4056-9312-C522128A9CF1} - System32\Tasks\{4FBE209A-8A27-4E26-81B3-722670F9ECA0} => C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A3DEBCE1-D5BE-471A-A2D8-1A1C61B3C499} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {ABA282D4-9785-4A97-B432-FB442D8FE3EB} - System32\Tasks\Google Updater and Installer => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {BC0FD5F5-2ED6-4BB5-AF88-B0B6140C2852} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$Registration\Registration_8.0.20.1.sxt _RegistrationOffer@16
Task: {BD89F47A-50C6-4051-8B84-126CDFEB0DCE} - System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E} => Firefox.exe 
Task: {BF8B141C-676F-42A5-BF66-8D95ADCA1717} - System32\Tasks\{B50D4207-EE1F-4B4E-98FF-CFA586F34842} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {C176E98E-B970-46B2-9F4D-ACAC41FB6E98} - System32\Tasks\{390AF46B-3743-4BF4-B011-EA592787C6B7} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
Task: {C67886D0-0FBB-476B-BE8B-299B1FFE7721} - System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {C73BC706-4FC5-42B9-B1C9-6B1DCF74BAC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {CA893ED1-E431-4340-A415-4DFFF3F4D0DA} - System32\Tasks\{AA7F026B-C42A-4E6F-B2DB-FCDAF10D2524} => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [2014-12-01] (Astonsoft)
Task: {D6C26C39-486C-43E4-9576-DBE22E3E441C} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\ExpressRip.exe [2014-08-08] (NCH Software)
Task: {D89AD17C-10FC-4DD5-8120-B85CD2DC8F25} - System32\Tasks\{196512D0-AEDD-4F4D-82E4-FCEF076F1057} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {D9CD8EF1-5ADD-4F91-8527-5EFA8009EDC6} - System32\Tasks\{E41BC0B8-6500-4D58-95D6-ECEDB1C3A9D5} => C:\Users\melsy\Downloads\lhttsged.exe [2012-06-25] (Microsoft Corporation)
Task: {E451466A-3491-4B89-8E2A-4477D4DA17C0} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe <==== ATTENTION
Task: {E6F8C8B4-6095-4F02-82B5-332CF71AEEF2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EA4916C5-BF71-44C7-BC9E-0F9D40FF1B5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {EBD0D2FE-56E0-48B2-91DF-0264665CA8DD} - System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {EE74F28E-DE62-48C6-8627-8144ECE20501} - System32\Tasks\PC Rambazamba => C:\Program Files (x86)\Langmeier Software\PC Rambazamba\pcrambazamba.exe
Task: {EEC8A0D8-581A-4288-A669-717A36652B27} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-31] (Facebook Inc.)
Task: {EF07459B-FD41-4C1A-8587-798773836EB9} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {FFE3FE28-EE03-4DF8-8144-3C66979D3375} - System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869} => Firefox.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => “7BfGDµÀ™g:×6Fh<
 sÀ €!Þ:2!C:\Windows\system32\rundll32.exe_C:\PROGRA~3\Kodak\EasyShareSetup\$Registration\Registration_8.0.20.1.sxt _RegistrationOffer@16melsy0Ü:
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormelsy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: C:\Windows\Tasks\WpsUpdateTask_melsy.job => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-13 01:29 - 2014-04-13 01:28 - 01005056 _____ () C:\Users\melsy\AppData\Roaming\BupSystem\bup.exe
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-28 16:04 - 2013-11-28 16:04 - 00024672 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe
2013-11-28 16:04 - 2013-11-28 16:04 - 00104032 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupServiceLib.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 11016288 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00157280 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll
2013-11-28 16:03 - 2013-11-28 16:03 - 04838496 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00494176 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00061024 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll
2013-11-21 11:54 - 2013-11-21 11:54 - 00020992 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll
2013-09-23 20:24 - 2013-09-23 20:24 - 00076288 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00053344 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll
2013-11-28 13:33 - 2013-11-28 13:33 - 00049664 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll
2013-11-28 16:03 - 2013-11-28 16:03 - 00506976 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll
2013-11-28 16:03 - 2013-11-28 16:03 - 00344160 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll
2013-11-21 11:56 - 2013-11-21 11:56 - 00309248 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00113760 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll
2013-11-28 13:32 - 2013-11-28 13:32 - 00626688 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00211040 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll
2014-07-21 11:27 - 2014-07-21 11:27 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-11-21 12:42 - 2013-11-21 12:42 - 00045056 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
2012-06-18 10:47 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-10-14 15:54 - 2011-07-23 08:22 - 00133120 _____ () C:\Windows\system32\azcontextmenu.dll
2014-12-14 16:36 - 2014-11-18 09:39 - 00223600 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
2013-11-28 16:04 - 2013-11-28 16:04 - 00317024 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe
2013-11-28 16:04 - 2013-11-28 16:04 - 06131808 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClientLib.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00390240 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\updateman.dll
2013-11-28 16:03 - 2013-11-28 16:03 - 00506976 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll
2013-11-28 16:03 - 2013-11-28 16:03 - 00344160 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll
2013-11-28 16:03 - 2013-11-28 16:03 - 04838496 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll
2013-09-23 20:24 - 2013-09-23 20:24 - 00076288 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 11016288 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00157280 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00494176 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00061024 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll
2013-11-21 11:54 - 2013-11-21 11:54 - 00020992 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00053344 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll
2013-11-28 13:33 - 2013-11-28 13:33 - 00049664 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll
2013-11-21 11:56 - 2013-11-21 11:56 - 00309248 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00113760 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll
2013-11-28 13:32 - 2013-11-28 13:32 - 00626688 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00211040 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll
2013-11-28 16:04 - 2013-11-28 16:04 - 00148064 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\featback.dll
2013-11-21 12:42 - 2013-11-21 12:42 - 00045056 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
2014-04-13 01:35 - 2014-04-13 01:35 - 00374272 _____ () C:\Users\melsy\AppData\Roaming\BupSystem\sub\default.dll
2014-11-06 18:45 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-06 18:45 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-05-20 16:11 - 2012-02-22 19:49 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-05-20 16:10 - 2012-02-22 19:49 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2014-02-28 15:32 - 2014-12-10 19:09 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-10 17:54 - 2014-12-10 17:54 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:8D09CB9B
AlternateDataStreams: C:\ProgramData\Temp:9341E0C6

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hear.lnk => C:\Windows\pss\Hear.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^melsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screen Capturer.lnk => C:\Windows\pss\Screen Capturer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^melsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TerminplanerStart.lnk => C:\Windows\pss\TerminplanerStart.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39brmon.exe
MSCONFIG\startupreg: Ocs_SM => C:\Users\melsy\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SaferSurf Tray => "C:\Program Files (x86)\SaferSurf\SaferSurfTray.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: Spotify => "C:\Users\melsy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\melsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3195104690-1283173883-910289243-500 - Administrator - Disabled)
fbwuser (S-1-5-21-3195104690-1283173883-910289243-1002 - Limited - Enabled)
Gast (S-1-5-21-3195104690-1283173883-910289243-501 - Limited - Disabled)
melsy (S-1-5-21-3195104690-1283173883-910289243-1001 - Administrator - Enabled) => C:\Users\melsy
_supereasy_1cbackup_ (S-1-5-21-3195104690-1283173883-910289243-1003 - Administrator - Enabled) => C:\Users\_supereasy_1cbackup_

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 02:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.4.0, Zeitstempel: 0x51353087
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002a609d
ID des fehlerhaften Prozesses: 0xc78
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=1100} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0x8004117f - Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (12/25/2014 09:08:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (12/25/2014 09:08:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (12/25/2014 09:07:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (12/25/2014 09:01:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (12/25/2014 09:01:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/25/2014 08:51:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (12/25/2014 08:51:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (12/25/2014 08:51:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (12/25/2014 08:51:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (12/25/2014 08:51:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422


Microsoft Office Sessions:
=========================
Error: (12/16/2014 07:39:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 403 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-09-16 22:33:20.886
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-16 22:33:20.636
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-11-25 15:01:32.976
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3690.91 MB
Available physical RAM: 1034.56 MB
Total Pagefile: 7379.99 MB
Available Pagefile: 4149.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.09 GB) (Free:229.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.51 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F2DC90A7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

hast du die logs bekommen ?

Guten morgen !
Konntest du schon etwas feststellen ? LG Wolfgang

schrauber · 28.12.2014, 00:02

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Duplicate Cleaner Free 3.2.4

VIS
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

lobowolf · 29.12.2014, 12:31

Vorerst : Habe Revo Installer laufen lassen und wollte die beiden Programme deinstallieren bekam die Meldung VIS Dateipfad nicht gefunden

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 29/12/2014 um 11:47:47
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-28.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : melsy - MELSY-HP
# Gestartet von : C:\Users\melsy\Downloads\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : bupService
[#] Dienst Gelöscht : YahooAUService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\SuperEasy Software
Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\SuperEasy Software
Ordner Gelöscht : C:\Program Files (x86)\SaferSurf
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Ordner Gelöscht : C:\Program Files\SuperEasy Software
Ordner Gelöscht : C:\Users\DefaultAppPool\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\melsy\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\melsy\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\melsy\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\Yahoo! Companion
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Security System 2
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\SuperEasy Software
Ordner Gelöscht : C:\Users\_supereasy_1cbackup_\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\melsy\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\foxydeal.sqlite
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\user.js

***** [ Tasks ] *****

Task Gelöscht : YourFile DownloaderUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E0DBFCD-7DDD-4792-9F42-2DFF3E266C26}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1890CF76-D8E5-4584-8B8B-0415EA96601F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5DAD9BF3-1DB3-4915-899F-52C1FB45E7A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SuperEasy Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\SuperEasy Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSpeak_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SuperEasy Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\4340C4778499EED41AE496DC3D613EC6
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [59805 octets] - [19/09/2013 13:30:58]
AdwCleaner[R1].txt - [18759 octets] - [29/12/2014 11:30:15]
AdwCleaner[R2].txt - [18816 octets] - [29/12/2014 11:42:09]
AdwCleaner[S0].txt - [40073 octets] - [19/09/2013 13:32:28]
AdwCleaner[S1].txt - [17602 octets] - [29/12/2014 11:47:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17663 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by melsy on 29.12.2014 at 12:00:13.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update qualitink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util qualitink



~~~ Files

Successfully deleted: [File] "C:\Users\melsy\favorites\links\startfenster.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\melsy\AppData\Roaming\getrighttogo"



~~~ FireFox

Emptied folder: C:\Users\melsy\AppData\Roaming\mozilla\firefox\profiles\ztxv0dqa.default-1397397919693\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.12.2014 at 12:08:20.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by melsy (administrator) on MELSY-HP on 29-12-2014 12:21:26
Running from C:\Users\melsy\Downloads
Loaded Profile: melsy (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Farbar) C:\Users\melsy\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [SuperEasy 1-Click Backup] => "C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe" --hidden
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * DfSDKBt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} -  No File
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693
FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml
FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14]
FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05]
FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13]
FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13]
FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21]
FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13]
FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13]
FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24]
FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05]
FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] ()
S2 supereasy_1cbackup; "c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe" "--controlFolder=c:\ProgramData\SuperEasy 1-Click Backup\control" "--id=supereasy_1cbackup" daemon

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6)
R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:21 - 2014-12-29 12:21 - 02123264 _____ (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe
2014-12-29 12:08 - 2014-12-29 12:08 - 00001190 _____ () C:\Users\melsy\Desktop\JRT.txt
2014-12-29 11:59 - 2014-12-29 11:59 - 01707939 _____ (Thisisu) C:\Users\melsy\Downloads\JRT(1).exe
2014-12-29 11:55 - 2014-12-29 11:55 - 00818637 _____ (Thisisu) C:\Users\melsy\Downloads\JRT.exe
2014-12-29 11:27 - 2014-12-29 11:28 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106(1).exe
2014-12-29 11:16 - 2014-12-29 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-29 11:15 - 2014-12-29 11:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\melsy\Downloads\revosetup95.exe
2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-27 09:35 - 2014-12-27 09:35 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106.exe
2014-12-26 18:50 - 2014-12-26 18:52 - 00071035 _____ () C:\Users\melsy\Downloads\Addition.txt
2014-12-26 18:48 - 2014-12-29 12:21 - 00028192 _____ () C:\Users\melsy\Downloads\FRST.txt
2014-12-26 18:47 - 2014-12-29 12:21 - 00000000 ____D () C:\FRST
2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe
2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt
2014-12-24 15:10 - 2014-12-29 11:50 - 00000600 _____ () C:\Windows\PFRO.log
2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe
2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates
2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN
2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe
2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe
2014-12-22 01:01 - 2014-12-29 11:20 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano
2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe
2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe
2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk
2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-20 18:32 - 2014-12-29 11:50 - 00000896 _____ () C:\Windows\setupact.log
2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 12:27 - 2014-12-29 11:49 - 00300701 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit
2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign
2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe
2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007
2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus
2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4
2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4
2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe
2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe
2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp
2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP
2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe
2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects
2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis
2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP
2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro
2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax
2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx
2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe
2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe
2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin
2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin
2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task
2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik
2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part
2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe
2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe
2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme
2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk
2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe
2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15
2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe
2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4
2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup
2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo
2014-12-02 16:15 - 2014-12-29 11:51 - 00000000 ____D () C:\Users\_supereasy_1cbackup_
2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup
2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help
2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software
2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture
2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia
2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe
2014-11-30 19:27 - 2014-11-30 19:27 - 05152768 _____ () C:\Users\melsy\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-11-30 19:23 - 2014-11-30 19:23 - 00003002 _____ () C:\Windows\System32\Tasks\{4FBE209A-8A27-4E26-81B3-722670F9ECA0}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-29 12:20 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit
2014-12-29 12:16 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 12:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-29 12:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job
2014-12-29 11:58 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 11:58 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 11:57 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat
2014-12-29 11:57 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 11:57 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 11:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 11:51 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 11:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 11:48 - 2013-09-19 13:30 - 00000000 ____D () C:\AdwCleaner
2014-12-29 11:34 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps
2014-12-29 11:30 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype
2014-12-29 10:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-29 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-12-29 02:42 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC}
2014-12-29 02:42 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1}
2014-12-29 02:42 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1}
2014-12-29 02:42 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C}
2014-12-29 02:42 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938}
2014-12-29 02:42 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462}
2014-12-29 02:42 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E}
2014-12-29 02:42 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869}
2014-12-29 02:00 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-29 01:52 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-29 01:46 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy
2014-12-29 01:46 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job
2014-12-27 23:22 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO
2014-12-27 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-27 03:56 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc
2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype
2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF
2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes
2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr
2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien
2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre
2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX
2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity
2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios
2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp
2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video
2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ
2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar
2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM
2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2
2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client
2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy
2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client
2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations
2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos
2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx
2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications
2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client
2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender
2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client
2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk
2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2
2014-11-30 19:49 - 2012-11-11 20:14 - 00000000 ___RD () C:\Users\melsy\Desktop\HP DRUCKER

Some content of TEMP:
====================
C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\melsy\AppData\Local\Temp\Quarantine.exe
C:\Users\melsy\AppData\Local\Temp\ripsetup.exe
C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\melsy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 04:32

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 29.12.2014, 21:28

Bei der Meldung einfach ok oder abbrechen klicken, dann macht Revo den Rest.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

lobowolf · 29.12.2014, 22:15

Habe ich bei Revo so gemacht . Der Rest wird etwas dauern da ich einige externe Festplatten habe lg wolfgang

schrauber · 30.12.2014, 14:51

ok

lobowolf · 31.12.2014, 13:58

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7131f657cc7c0a45b334d333cc399cee
# engine=21746
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-30 01:30:07
# local_time=2014-12-30 02:30:07 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2013'
# compatibility_mode=1046 16777213 100 88 59144 107080191 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 45154332 171576057 0 0
# scanned=617048
# found=260
# cleaned=0
# scan_time=52968
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir"
sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir"
sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir"
sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\protegere.exe.vir"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir"
sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir"
sh=1D9AE65A97C417A8083FB38EFDB8022EAE3A9698 ft=1 fh=8dd7dc1cf3445b5c vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Security System 2\uninstaller.exe.vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=A48076CEBF63988E749815CBD69039D08B14735A ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ArtensoftPhotoMosaicWizard.zip"
sh=024079FF7B8C864324A8F5F5706DB446D7B3D5F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CleanseUninstallerPro.zip"
sh=693F4A3E417C867790179DB63B33E46C0346D613 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\KingsoftPresentationStd.zip"
sh=4C34B47BB5C70ABEF7B265D86BF2010F8AB810B4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\MP4ToMP3Converter.zip"
sh=C650DB886472079561CC80DEF94817835E02FD24 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SothinkLogoMaker.zip"
sh=1FE03D963E03841AFC90F28F6D296878E5206C1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoGet.zip"
sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe"
sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\AppData\Local\Temp\DMR\dmr_72.exe"
sh=2729F6FA8F28FB792FBCFF2725FCC8D81CE3CCA3 ft=0 fh=0000000000000000 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\DvDrum2_b5_Setup.zip"
sh=07A1B083446273B593E7287021D55ED5688C53EC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\melsy\Desktop\1054_Must_Have_PHP_Scripts_part1\Chat_Scripts\Chat Scripts\blablite22.zip"
sh=24688AAD083DBEAB180203CB89B36F7056E93128 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\firefox@qualitink.net.xpi"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=3164F34A7FEC5F532C6A9DFF760113B4E55026E3 ft=1 fh=b5a6070113be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\130120-sview5-v384-Downloader.exe"
sh=C779120ED93C6E7F96DC51C9FC882F9F96340324 ft=1 fh=41bdabcae1f2b528 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\2WPinball-Downloader.exe"
sh=16D9C063CD13D25EEBC63FCF358C64009A4FCFB0 ft=1 fh=0307e473c2448ea4 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\AshampooMovieStudio2013Ver104-Downloader.exe"
sh=919FB69C250161AC362B1E6ECC27E66B892E863F ft=1 fh=6cc80959aef3cdad vn="Win32/Adware.1ClickDownload.AX Anwendung" ac=I fn="C:\Users\melsy\Downloads\BarcelonaStreamApp.exe"
sh=7E2D6ECE2E74BF74BDE2D7D0D66EA9FA0EFB65C5 ft=1 fh=d8b24a2eee5b8eea vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\dffsetup-lame_enc.exe"
sh=C131ED4CF8F0F152D001811D77BF89299BB2ACEA ft=1 fh=831285361d7e9534 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe"
sh=495A75196C43A41FA1313D4B62B0D4170E906431 ft=1 fh=d9125e0aa1ab4a89 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\FreeImageConvertAndResize.exe"
sh=837238B0C3C1FCDDCD18A2852D680A2610F72154 ft=1 fh=9061159b2822d34e vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-2.8.10-setup-Downloader.exe"
sh=81452D54213DAFA857AE5467B67C11014549715A ft=1 fh=dd0df1ac6180bd2f vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-help-261-html-detar-Downloader.exe"
sh=E482AD834AA2F21ADC0140FE4ECC2BFDAF3FAA22 ft=1 fh=4bd4252d18724ebe vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.67-install-chip-389-conduit.exe"
sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.90.exe"
sh=1E155C8E88C907618214809BA49529D38D709174 ft=1 fh=3d226696a6f054ac vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\ipnetinfo-Downloader.exe"
sh=C9AD39E15D50C4E6FEADB99FA445E3BDB9BF3647 ft=1 fh=77b67014d8a47abf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\kingsoftpresentationstd-Downloader.exe"
sh=87D1158606ED48018BC966899016FD9D392C8D31 ft=1 fh=eb078c41703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MicroSIP-3.3.27-Downloader.exe"
sh=F8B71E3C73416F4905087E05488AEF3192FB635A ft=1 fh=c82e78466d0c8942 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MusicRecorder10-Downloader.exe"
sh=4D3D18C2D516AD7A7FC93E1E9C07E00C3656B8FF ft=1 fh=4e7fde5325cd1268 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\phonecrypt-desktop-Downloader.exe"
sh=1A83C861ACCD538CC1577A46767C5A0496AF4CDE ft=1 fh=ad0294a213be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\pickitinst-Downloader.exe"
sh=BCBA8E2AF400377B691EC82DB1256ABB9462678B ft=1 fh=5f941106423da96d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\privacyfix-firefox502-Downloader.exe"
sh=A5EA57A708B3D292515B4005A31E9EA021C2FC97 ft=1 fh=c1e8a60c703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\shotcut-win32-131022-Downloader.exe"
sh=E94FEEC085E6758E0C544F28D653085F79120B76 ft=1 fh=e67ac52ec83c3cc9 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SoftonicDownloader_fuer_riffworks.exe"
sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader(1).exe"
sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader.exe"
sh=17E3CFAC3CC46008685A6A83A464DED18C7C34B5 ft=1 fh=688f6c4d456fdf25 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe"
sh=41ED9036ECCFCB5F4642E6BB03CB956FF9A62C7D ft=1 fh=47f5978555dce2f4 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vitainterface2014Gold1078-Downloader.exe"
sh=4F8B1197AF01C40FCE88746CDB905ED8F5678A91 ft=1 fh=de9355ff8be6e0c5 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.0-win64-Downloader.exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.3-win32.exe"
sh=E79CE0DA43C79F2A4E48A4F4A02905DE783FBD16 ft=1 fh=a9eb553813c219ce vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.4-win64.exe"
sh=3393146A8D0C8A8E1C3CEEBDA60C6C81476C3E2D ft=1 fh=ba364102e7b75553 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe"
sh=94EC870BA0DF99B54B45DA64AD9D7187CA7708D3 ft=1 fh=97cc4212331376f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe"
sh=C10EF1D1E3534F528026316078F554FDFF1B1E05 ft=1 fh=ee7edc0b435aa6f2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe"
sh=C0BA2A9C0869846851D8F14DA86E4899E199678C ft=1 fh=7d4d9d957035df84 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe"
sh=8643736EC068EAC343D8F74B575517D2363F1376 ft=1 fh=52a3309f2fb86f58 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe"
sh=13C48F6FC45F6949AF5192EA564E40E760122C4E ft=1 fh=1cb7fcde8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert32-Bit151-Downloader.exe"
sh=812035F9C97F32427B1E79C7C1B6B3EE7AAE9BBA ft=1 fh=a4d8ef288a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert64-Bit151-Downloader.exe"
sh=71C5327830182909BE7CDA6E11E45DE267898660 ft=1 fh=b2c4ea99ed910581 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnViewShell-Erweiterung64-bit32-Downloader.exe"
sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\59d187f.msi"
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir"
sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir"
sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\tbFree.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\ldrtbFree.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\prxtbFree.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\tbFree.dll"
sh=378BCE9CB615CA414D5099F2E78C5EA313101701 ft=0 fh=0000000000000000 vn="Win32/bProtector.D evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx"
sh=21A2772AC0026ACA82F7BED3BC770638FF8CEAC4 ft=0 fh=0000000000000000 vn="Win32/bProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe"
sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Windows\Installer\59d187f.msi"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\tbFree.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\ldrtbFree.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\prxtbFree.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\tbFree.dll"
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll (2).vir"
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe (2).vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe (2).vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll (2).vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (2).vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll (2).vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe (2).vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll (2).vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll (2).vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll (2).vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll (2).vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL (2).vir"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe (2).vir"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL (2).vir"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL (2).vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL (2).vir"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe (2).vir"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir"
sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll (2).vir"
sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir"
sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll (2).vir"
sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe (2).vir"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe (2).vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe (2).vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll (2).vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll (2).vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll (2).vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll (2).vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll (2).vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js (2).vir"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll (2).vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat (2).vir"
sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat (2).vir"
sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat (2).vir"
sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat (2).vir"
sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir"
sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir"
sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe"
sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\Windows\Installer\59d187f.msi"
sh=A48076CEBF63988E749815CBD69039D08B14735A ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\ArtensoftPhotoMosaicWizard.zip"
sh=024079FF7B8C864324A8F5F5706DB446D7B3D5F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\CleanseUninstallerPro.zip"
sh=693F4A3E417C867790179DB63B33E46C0346D613 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\KingsoftPresentationStd.zip"
sh=4C34B47BB5C70ABEF7B265D86BF2010F8AB810B4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\MP4ToMP3Converter.zip"
sh=C650DB886472079561CC80DEF94817835E02FD24 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\SothinkLogoMaker.zip"
sh=1FE03D963E03841AFC90F28F6D296878E5206C1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\VideoGet.zip"
sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe"
sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Windows\Installer\59d187f.msi"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7131f657cc7c0a45b334d333cc399cee
# engine=21761
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-31 04:34:45
# local_time=2014-12-31 05:34:45 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2013'
# compatibility_mode=1046 16777213 100 88 43189 107134469 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 45208610 171630335 0 0
# scanned=333304
# found=89
# cleaned=0
# scan_time=32719
sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir"
sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir"
sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir"
sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\protegere.exe.vir"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir"
sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir"
sh=1D9AE65A97C417A8083FB38EFDB8022EAE3A9698 ft=1 fh=8dd7dc1cf3445b5c vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Security System 2\uninstaller.exe.vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=A48076CEBF63988E749815CBD69039D08B14735A ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ArtensoftPhotoMosaicWizard.zip"
sh=024079FF7B8C864324A8F5F5706DB446D7B3D5F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CleanseUninstallerPro.zip"
sh=693F4A3E417C867790179DB63B33E46C0346D613 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\KingsoftPresentationStd.zip"
sh=4C34B47BB5C70ABEF7B265D86BF2010F8AB810B4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\MP4ToMP3Converter.zip"
sh=C650DB886472079561CC80DEF94817835E02FD24 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SothinkLogoMaker.zip"
sh=1FE03D963E03841AFC90F28F6D296878E5206C1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoGet.zip"
sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe"
sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\AppData\Local\Temp\DMR\dmr_72.exe"
sh=2729F6FA8F28FB792FBCFF2725FCC8D81CE3CCA3 ft=0 fh=0000000000000000 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\DvDrum2_b5_Setup.zip"
sh=07A1B083446273B593E7287021D55ED5688C53EC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\melsy\Desktop\1054_Must_Have_PHP_Scripts_part1\Chat_Scripts\Chat Scripts\blablite22.zip"
sh=24688AAD083DBEAB180203CB89B36F7056E93128 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\firefox@qualitink.net.xpi"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=3164F34A7FEC5F532C6A9DFF760113B4E55026E3 ft=1 fh=b5a6070113be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\130120-sview5-v384-Downloader.exe"
sh=C779120ED93C6E7F96DC51C9FC882F9F96340324 ft=1 fh=41bdabcae1f2b528 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\2WPinball-Downloader.exe"
sh=16D9C063CD13D25EEBC63FCF358C64009A4FCFB0 ft=1 fh=0307e473c2448ea4 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\AshampooMovieStudio2013Ver104-Downloader.exe"
sh=919FB69C250161AC362B1E6ECC27E66B892E863F ft=1 fh=6cc80959aef3cdad vn="Win32/Adware.1ClickDownload.AX Anwendung" ac=I fn="C:\Users\melsy\Downloads\BarcelonaStreamApp.exe"
sh=7E2D6ECE2E74BF74BDE2D7D0D66EA9FA0EFB65C5 ft=1 fh=d8b24a2eee5b8eea vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\dffsetup-lame_enc.exe"
sh=C131ED4CF8F0F152D001811D77BF89299BB2ACEA ft=1 fh=831285361d7e9534 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe"
sh=495A75196C43A41FA1313D4B62B0D4170E906431 ft=1 fh=d9125e0aa1ab4a89 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\FreeImageConvertAndResize.exe"
sh=837238B0C3C1FCDDCD18A2852D680A2610F72154 ft=1 fh=9061159b2822d34e vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-2.8.10-setup-Downloader.exe"
sh=81452D54213DAFA857AE5467B67C11014549715A ft=1 fh=dd0df1ac6180bd2f vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-help-261-html-detar-Downloader.exe"
sh=E482AD834AA2F21ADC0140FE4ECC2BFDAF3FAA22 ft=1 fh=4bd4252d18724ebe vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.67-install-chip-389-conduit.exe"
sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.90.exe"
sh=1E155C8E88C907618214809BA49529D38D709174 ft=1 fh=3d226696a6f054ac vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\ipnetinfo-Downloader.exe"
sh=C9AD39E15D50C4E6FEADB99FA445E3BDB9BF3647 ft=1 fh=77b67014d8a47abf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\kingsoftpresentationstd-Downloader.exe"
sh=87D1158606ED48018BC966899016FD9D392C8D31 ft=1 fh=eb078c41703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MicroSIP-3.3.27-Downloader.exe"
sh=F8B71E3C73416F4905087E05488AEF3192FB635A ft=1 fh=c82e78466d0c8942 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MusicRecorder10-Downloader.exe"
sh=4D3D18C2D516AD7A7FC93E1E9C07E00C3656B8FF ft=1 fh=4e7fde5325cd1268 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\phonecrypt-desktop-Downloader.exe"
sh=1A83C861ACCD538CC1577A46767C5A0496AF4CDE ft=1 fh=ad0294a213be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\pickitinst-Downloader.exe"
sh=BCBA8E2AF400377B691EC82DB1256ABB9462678B ft=1 fh=5f941106423da96d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\privacyfix-firefox502-Downloader.exe"
sh=A5EA57A708B3D292515B4005A31E9EA021C2FC97 ft=1 fh=c1e8a60c703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\shotcut-win32-131022-Downloader.exe"
sh=E94FEEC085E6758E0C544F28D653085F79120B76 ft=1 fh=e67ac52ec83c3cc9 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SoftonicDownloader_fuer_riffworks.exe"
sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader(1).exe"
sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader.exe"
sh=17E3CFAC3CC46008685A6A83A464DED18C7C34B5 ft=1 fh=688f6c4d456fdf25 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe"
sh=41ED9036ECCFCB5F4642E6BB03CB956FF9A62C7D ft=1 fh=47f5978555dce2f4 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vitainterface2014Gold1078-Downloader.exe"
sh=4F8B1197AF01C40FCE88746CDB905ED8F5678A91 ft=1 fh=de9355ff8be6e0c5 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.0-win64-Downloader.exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.3-win32.exe"
sh=E79CE0DA43C79F2A4E48A4F4A02905DE783FBD16 ft=1 fh=a9eb553813c219ce vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.4-win64.exe"
sh=3393146A8D0C8A8E1C3CEEBDA60C6C81476C3E2D ft=1 fh=ba364102e7b75553 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe"
sh=94EC870BA0DF99B54B45DA64AD9D7187CA7708D3 ft=1 fh=97cc4212331376f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe"
sh=C10EF1D1E3534F528026316078F554FDFF1B1E05 ft=1 fh=ee7edc0b435aa6f2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe"
sh=C0BA2A9C0869846851D8F14DA86E4899E199678C ft=1 fh=7d4d9d957035df84 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe"
sh=8643736EC068EAC343D8F74B575517D2363F1376 ft=1 fh=52a3309f2fb86f58 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe"
sh=13C48F6FC45F6949AF5192EA564E40E760122C4E ft=1 fh=1cb7fcde8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert32-Bit151-Downloader.exe"
sh=812035F9C97F32427B1E79C7C1B6B3EE7AAE9BBA ft=1 fh=a4d8ef288a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert64-Bit151-Downloader.exe"
sh=71C5327830182909BE7CDA6E11E45DE267898660 ft=1 fh=b2c4ea99ed910581 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnViewShell-Erweiterung64-bit32-Downloader.exe"
sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\59d187f.msi"

Wünsche dir ein frohes und erfolgreiches Jahr 2015
lg wolfgang

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG Internet Security 2013                    
AVG Internet Security Business Edition 2012   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Java 7 Update 71  
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (Firefox.) 
 Mozilla Thunderbird (24.1.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

lobowolf · 31.12.2014, 14:30

[CODE] Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2013
AVG Internet Security Business Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Java 7 Update 71
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (Firefox.)
Mozilla Thunderbird (24.1.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by melsy (administrator) on MELSY-HP on 31-12-2014 14:03:23
Running from C:\Users\melsy\Downloads
Loaded Profile: melsy (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Farbar) C:\Users\melsy\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [SuperEasy 1-Click Backup] => "C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe" --hidden
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * DfSDKBt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} -  No File
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693
FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml
FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14]
FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05]
FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13]
FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13]
FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21]
FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13]
FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13]
FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24]
FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05]
FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] ()
S2 supereasy_1cbackup; "c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe" "--controlFolder=c:\ProgramData\SuperEasy 1-Click Backup\control" "--id=supereasy_1cbackup" daemon

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6)
R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 13:19 - 2014-12-31 13:19 - 00852505 _____ () C:\Users\melsy\Downloads\SecurityCheck.exe
2014-12-30 20:26 - 2014-12-30 20:26 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu(1).exe
2014-12-29 23:44 - 2014-12-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 23:43 - 2014-12-29 23:43 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu.exe
2014-12-29 15:43 - 2014-12-29 15:43 - 00028392 _____ () C:\Users\melsy\Documents\Synth Kick.txt
2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\melsy\Desktop\HammerHead 1.0.lnk
2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\_supereasy_1cbackup_\Desktop\HammerHead 1.0.lnk
2014-12-29 14:14 - 2014-12-29 14:14 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station
2014-12-29 14:12 - 2014-12-29 14:19 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install(2).exe
2014-12-29 13:34 - 2014-12-29 13:34 - 00000045 _____ () C:\Users\melsy\Downloads\lay_back.ram
2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\sharky.ram
2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\mellow.ram
2014-12-29 13:34 - 2014-12-29 13:34 - 00000042 _____ () C:\Users\melsy\Downloads\stomp.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\jumpdude.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\hardcore.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\chemical.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000044 _____ () C:\Users\melsy\Downloads\coolhop.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\jungle.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\hiphop.ram
2014-12-29 13:32 - 2014-12-29 13:32 - 00000041 _____ () C:\Users\melsy\Downloads\acid.ram
2014-12-29 13:22 - 2014-12-30 16:59 - 00000000 ____D () C:\Program Files (x86)\HammerHead
2014-12-29 13:22 - 2014-12-29 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station
2014-12-29 13:21 - 2014-12-29 13:21 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install.exe
2014-12-29 12:21 - 2014-12-29 12:21 - 02123264 _____ (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe
2014-12-29 11:59 - 2014-12-29 11:59 - 01707939 _____ (Thisisu) C:\Users\melsy\Downloads\JRT(1).exe
2014-12-29 11:55 - 2014-12-29 11:55 - 00818637 _____ (Thisisu) C:\Users\melsy\Downloads\JRT.exe
2014-12-29 11:27 - 2014-12-29 11:28 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106(1).exe
2014-12-29 11:16 - 2014-12-29 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-29 11:15 - 2014-12-29 11:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\melsy\Downloads\revosetup95.exe
2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-27 09:35 - 2014-12-27 09:35 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106.exe
2014-12-26 18:50 - 2014-12-26 18:52 - 00071035 _____ () C:\Users\melsy\Downloads\Addition.txt
2014-12-26 18:48 - 2014-12-31 14:03 - 00028412 _____ () C:\Users\melsy\Downloads\FRST.txt
2014-12-26 18:47 - 2014-12-31 14:03 - 00000000 ____D () C:\FRST
2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe
2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt
2014-12-24 15:10 - 2014-12-29 11:50 - 00000600 _____ () C:\Windows\PFRO.log
2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe
2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates
2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN
2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe
2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe
2014-12-22 01:01 - 2014-12-29 11:20 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano
2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe
2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe
2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk
2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-20 18:32 - 2014-12-31 05:41 - 00001568 _____ () C:\Windows\setupact.log
2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 12:27 - 2014-12-31 05:45 - 00374048 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit
2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign
2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe
2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007
2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus
2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4
2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4
2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe
2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe
2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp
2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP
2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe
2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects
2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis
2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP
2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro
2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax
2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx
2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe
2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe
2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin
2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin
2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task
2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik
2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part
2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe
2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe
2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme
2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk
2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe
2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15
2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe
2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4
2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup
2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo
2014-12-02 16:15 - 2014-12-29 11:51 - 00000000 ____D () C:\Users\_supereasy_1cbackup_
2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup
2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help
2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software
2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture
2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia
2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 14:02 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype
2014-12-31 13:55 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC}
2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1}
2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1}
2014-12-31 13:55 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C}
2014-12-31 13:55 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938}
2014-12-31 13:55 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462}
2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E}
2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869}
2014-12-31 13:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 13:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-31 13:41 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 13:23 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 13:23 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 13:23 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 13:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-31 13:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job
2014-12-31 12:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 05:42 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 05:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 00:22 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-30 22:50 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-30 19:03 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc
2014-12-30 09:45 - 2014-10-15 16:42 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-29 12:20 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit
2014-12-29 11:48 - 2013-09-19 13:30 - 00000000 ____D () C:\AdwCleaner
2014-12-29 11:34 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps
2014-12-29 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-12-29 01:46 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy
2014-12-29 01:46 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job
2014-12-27 23:22 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO
2014-12-27 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype
2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF
2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes
2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr
2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien
2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre
2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX
2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity
2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios
2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp
2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video
2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ
2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar
2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM
2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2
2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client
2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy
2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client
2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations
2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos
2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx
2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications
2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client
2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender
2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client
2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk
2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2

Some content of TEMP:
====================
C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\melsy\AppData\Local\Temp\Quarantine.exe
C:\Users\melsy\AppData\Local\Temp\ripsetup.exe
C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\melsy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 04:32

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

[CODE] Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2013
AVG Internet Security Business Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Java 7 Update 71
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (Firefox.)
Mozilla Thunderbird (24.1.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by melsy (administrator) on MELSY-HP on 31-12-2014 14:03:23
Running from C:\Users\melsy\Downloads
Loaded Profile: melsy (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Farbar) C:\Users\melsy\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [SuperEasy 1-Click Backup] => "C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe" --hidden
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft)
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * DfSDKBt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File
SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = 
SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} -  No File
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693
FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml
FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14]
FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05]
FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13]
FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13]
FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21]
FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13]
FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13]
FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24]
FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05]
FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] ()
S2 supereasy_1cbackup; "c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe" "--controlFolder=c:\ProgramData\SuperEasy 1-Click Backup\control" "--id=supereasy_1cbackup" daemon

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6)
R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 13:19 - 2014-12-31 13:19 - 00852505 _____ () C:\Users\melsy\Downloads\SecurityCheck.exe
2014-12-30 20:26 - 2014-12-30 20:26 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu(1).exe
2014-12-29 23:44 - 2014-12-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 23:43 - 2014-12-29 23:43 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu.exe
2014-12-29 15:43 - 2014-12-29 15:43 - 00028392 _____ () C:\Users\melsy\Documents\Synth Kick.txt
2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\melsy\Desktop\HammerHead 1.0.lnk
2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\_supereasy_1cbackup_\Desktop\HammerHead 1.0.lnk
2014-12-29 14:14 - 2014-12-29 14:14 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station
2014-12-29 14:12 - 2014-12-29 14:19 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install(2).exe
2014-12-29 13:34 - 2014-12-29 13:34 - 00000045 _____ () C:\Users\melsy\Downloads\lay_back.ram
2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\sharky.ram
2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\mellow.ram
2014-12-29 13:34 - 2014-12-29 13:34 - 00000042 _____ () C:\Users\melsy\Downloads\stomp.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\jumpdude.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\hardcore.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\chemical.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000044 _____ () C:\Users\melsy\Downloads\coolhop.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\jungle.ram
2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\hiphop.ram
2014-12-29 13:32 - 2014-12-29 13:32 - 00000041 _____ () C:\Users\melsy\Downloads\acid.ram
2014-12-29 13:22 - 2014-12-30 16:59 - 00000000 ____D () C:\Program Files (x86)\HammerHead
2014-12-29 13:22 - 2014-12-29 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station
2014-12-29 13:21 - 2014-12-29 13:21 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install.exe
2014-12-29 12:21 - 2014-12-29 12:21 - 02123264 _____ (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe
2014-12-29 11:59 - 2014-12-29 11:59 - 01707939 _____ (Thisisu) C:\Users\melsy\Downloads\JRT(1).exe
2014-12-29 11:55 - 2014-12-29 11:55 - 00818637 _____ (Thisisu) C:\Users\melsy\Downloads\JRT.exe
2014-12-29 11:27 - 2014-12-29 11:28 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106(1).exe
2014-12-29 11:16 - 2014-12-29 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-29 11:15 - 2014-12-29 11:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\melsy\Downloads\revosetup95.exe
2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-27 09:35 - 2014-12-27 09:35 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106.exe
2014-12-26 18:50 - 2014-12-26 18:52 - 00071035 _____ () C:\Users\melsy\Downloads\Addition.txt
2014-12-26 18:48 - 2014-12-31 14:03 - 00028412 _____ () C:\Users\melsy\Downloads\FRST.txt
2014-12-26 18:47 - 2014-12-31 14:03 - 00000000 ____D () C:\FRST
2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe
2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt
2014-12-24 15:10 - 2014-12-29 11:50 - 00000600 _____ () C:\Windows\PFRO.log
2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe
2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates
2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN
2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe
2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe
2014-12-22 01:01 - 2014-12-29 11:20 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano
2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe
2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe
2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk
2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-20 18:32 - 2014-12-31 05:41 - 00001568 _____ () C:\Windows\setupact.log
2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 12:27 - 2014-12-31 05:45 - 00374048 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit
2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign
2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign
2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe
2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007
2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus
2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4
2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4
2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe
2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe
2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp
2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP
2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe
2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects
2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis
2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP
2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor
2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro
2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax
2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx
2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe
2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe
2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin
2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin
2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task
2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik
2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part
2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe
2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe
2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme
2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk
2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe
2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15
2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15
2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe
2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4
2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup
2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo
2014-12-02 16:15 - 2014-12-29 11:51 - 00000000 ____D () C:\Users\_supereasy_1cbackup_
2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten
2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup
2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help
2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software
2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture
2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia
2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC
2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 14:02 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype
2014-12-31 13:55 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC}
2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1}
2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1}
2014-12-31 13:55 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C}
2014-12-31 13:55 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938}
2014-12-31 13:55 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462}
2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E}
2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869}
2014-12-31 13:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 13:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-31 13:41 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 13:23 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 13:23 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 13:23 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 13:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job
2014-12-31 13:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job
2014-12-31 12:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 05:42 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 05:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 00:22 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-30 22:50 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job
2014-12-30 19:03 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc
2014-12-30 09:45 - 2014-10-15 16:42 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-29 12:20 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit
2014-12-29 11:48 - 2013-09-19 13:30 - 00000000 ____D () C:\AdwCleaner
2014-12-29 11:34 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps
2014-12-29 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-12-29 01:46 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy
2014-12-29 01:46 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job
2014-12-27 23:22 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO
2014-12-27 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype
2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF
2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes
2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr
2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien
2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre
2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX
2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity
2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios
2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder
2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp
2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video
2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ
2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar
2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM
2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2
2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client
2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy
2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client
2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations
2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos
2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx
2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications
2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client
2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender
2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client
2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk
2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2

Some content of TEMP:
====================
C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\melsy\AppData\Local\Temp\Quarantine.exe
C:\Users\melsy\AppData\Local\Temp\ripsetup.exe
C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\melsy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 04:32

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Habe mit dem PC keine Probleme mehr ..... Bitte sende mir mit einer PM deinen Namen deine Kontonr. habe ich noch falls sie sich im den letzten 13 Monaten nicht geändert haben .

Vielen Dank u lg wolfgang

lobowolf · 31.12.2014, 14:32

Habe mit dem PC keine Probleme mehr ..... Bitte sende mir mit einer PM deinen Namen deine Kontonr. habe ich noch falls sie sich im den letzten 13 Monaten nicht geändert haben .

Vielen Dank u lg wolfgang

schrauber · 31.12.2014, 18:07

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll

C:\Users\melsy\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\melsy\Desktop\DvDrum2_b5_Setup.zip

C:\Users\melsy\Desktop\1054_Must_Have_PHP_Scripts_part1\Chat_Scripts\Chat Scripts\blablite22.zip

C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\firefox@qualitink.net.xpi

C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com\extensionData\plugins\91_monetizationLoader.js.js

C:\Users\melsy\Downloads\130120-sview5-v384-Downloader.exe

C:\Users\melsy\Downloads\2WPinball-Downloader.exe

C:\Users\melsy\Downloads\AshampooMovieStudio2013Ver104-Downloader.exe

C:\Users\melsy\Downloads\BarcelonaStreamApp.exe

C:\Users\melsy\Downloads\dffsetup-lame_enc.exe

C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe

C:\Users\melsy\Downloads\FreeImageConvertAndResize.exe

C:\Users\melsy\Downloads\gimp-2.8.10-setup-Downloader.exe

C:\Users\melsy\Downloads\gimp-help-261-html-detar-Downloader.exe

C:\Users\melsy\Downloads\HSS-2.67-install-chip-389-conduit.exe

C:\Users\melsy\Downloads\HSS-2.90.exe

C:\Users\melsy\Downloads\ipnetinfo-Downloader.exe

C:\Users\melsy\Downloads\kingsoftpresentationstd-Downloader.exe

C:\Users\melsy\Downloads\MicroSIP-3.3.27-Downloader.exe

C:\Users\melsy\Downloads\MusicRecorder10-Downloader.exe

C:\Users\melsy\Downloads\phonecrypt-desktop-Downloader.exe

C:\Users\melsy\Downloads\pickitinst-Downloader.exe

C:\Users\melsy\Downloads\privacyfix-firefox502-Downloader.exe

C:\Users\melsy\Downloads\shotcut-win32-131022-Downloader.exe

C:\Users\melsy\Downloads\SoftonicDownloader_fuer_riffworks.exe

C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader(1).exe

C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader.exe

C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe
HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Spendenlink findest Du in meiner Signatur

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

lobowolf · 01.01.2015, 15:49

wann ich FRST. wie beschrieben starte ( fix) kommt fixlist.txt not found obwohl ich diesen gespeichert habe

schrauber · 01.01.2015, 16:52

Zitat:

Running from C:\Users\melsy\Downloads

Entgegen meiner Anleitung hast Du FRST im Download Ordner liegen,also muss die fixlist auch in den Download Ordner

30.12.2014, 14:51	#9
schrauber /// the machine /// TB-Ausbilder	Verdacht auf Trojaner ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Verdacht auf Trojaner

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Trojaner