Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Blaue doppelt unterstrichene Wörter, Werbung (Firefox) (https://www.trojaner-board.de/158143-blaue-doppelt-unterstrichene-woerter-werbung-firefox.html)

Mrs. X 30.08.2014 23:25
Blaue doppelt unterstrichene Wörter, Werbung (Firefox)
 
Hallo!

Zunächst einmal allerherzlichsten Dank für diese Einrichtung und eure Arbeit hier!
Ich wollte eigentlich nicht noch zusätzliche bescheren und habe deshalb etwas chaotisch versucht, mich mithilfe der von euch empfohlenen Programme selbstständig durchzumogeln.
Bin allerdings kläglich gescheitert.

Das Problem ist folgendes: Vor einigen Tagen wurde auf meinen PC VLC Media Player (zusätzliche Stichworte, die mit dem Download irgendwie zusammenhängen: Baidu und ArabSeed) runtergeladen. Rasch durchgeklickt, nicht gelesen. Seither schlage ich mich mit blauen, doppelt unterstrichenen Wörtern auf allen möglichen Internetseiten herum, die bei Berührung des Mauszeigers auf eine JAVA-Update-Werbung verweisen. Wenn man über Bilder fährt, erscheint dort oft ebenfalls irgendwelche Werbung.

Malewarebytes, standardmässiges Antivirenprogramm auf dem PC, hat ein bisschen was gefunden, aber die "Symptome" blieben und sind auch jetzt noch da, obwohl laut Malewarebytes wieder alles im grünen Bereich ist. Deshalb habe ich mich an euren Programmen versucht (die ihr in ähnlichen Fällen erwähnt hattet). adw-cleaner hatte etwas gefunden. Daraufhin habe ich löschen geklickt und jetzt findet er, wenn ich sein Geschreibsel richtig deute, nichts mehr. Doch die Probleme sind immer noch da. ESET fand dann, anders als seine Vorgänger, nach wie vor schockierende 36 infizierte Dateien, doch bei dem kann ich sie nicht löschen?! Also schwirren sie wohl nach wie vor herum. Leider habe ich den Bericht nicht mehr.

Was ich zumindest liefern kann sind die Texte von
-Defogger
-FRST
-GMER
-Adw, zwei Durchgänge


Defogger

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:43 on 30/08/2014 (********)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014
Ran by ********* (administrator) on *********-PC on 30-08-2014 22:45:53
Running from C:\Users\*********\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Gadwin Systems, Inc.) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37144 2007-12-13] (Mindjet)
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadwin PrintScreen 3.5] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1101824 2006-07-08] (Gadwin Systems, Inc.)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadywagoyp] => C:\Users\*********\AppData\Roaming\Ywpiyd\gero.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {249d5b00-fabc-11df-a065-88a39d9f9f68} - H:\iStudio.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d41-63c0-11e2-883b-002713a0bc74} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d53-63c0-11e2-883b-002713a0bc74} - H:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {2c926d73-f443-11e2-afb1-c80aa90a8d59} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {3ab5124b-6497-11e2-af54-001e101f3315} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {577254b8-3e25-11e1-8691-002713a0bc74} - I:\Startme.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {6a9e6f23-5d61-11e1-9fd2-002713a0bc74} - G:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://uzhvpn1.uzh.ch/CACHE/stc/18/binaries/vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-01-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 62.240.110.198 62.240.110.197

FireFox:
========
FF ProfilePath: C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default
FF Homepage: hxxp://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Advisor - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-03-08]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-01] (DigitalPersona, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-21] (IDT, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S1 ggdmxtqg; \??\C:\Windows\system32\drivers\ggdmxtqg.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 muosxvjv; \??\C:\Windows\system32\drivers\muosxvjv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S1 pgqyxzkb; \??\C:\Windows\system32\drivers\pgqyxzkb.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]
S1 vejicfgc; \??\C:\Windows\system32\drivers\vejicfgc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 22:43 - 2014-08-30 22:43 - 00000474 _____ () C:\Users\*********\Desktop\defogger_disable.log
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\*********\defogger_reenable
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\*********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 22:31 - 2014-08-30 22:31 - 01016261 _____ (Thisisu) C:\Users\*********\Downloads\JRT.exe
2014-08-30 22:19 - 2014-08-30 22:19 - 01364531 _____ () C:\Users\*********\Downloads\adwcleaner_3.308(1).exe
2014-08-30 21:27 - 2014-08-30 21:27 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:25 - 2014-08-29 22:26 - 02347384 _____ (ESET) C:\Users\*********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:21 - 2014-08-30 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-29 22:21 - 2014-08-29 22:22 - 00049550 _____ () C:\Users\*********\Downloads\Addition.txt
2014-08-29 22:20 - 2014-08-29 22:21 - 01364531 _____ () C:\Users\*********\Downloads\adwcleaner_3.308.exe
2014-08-29 22:19 - 2014-08-30 22:45 - 00021501 _____ () C:\Users\*********\Downloads\FRST.txt
2014-08-29 22:18 - 2014-08-30 22:45 - 00000000 ____D () C:\FRST
2014-08-29 22:16 - 2014-08-29 22:17 - 02103808 _____ (Farbar) C:\Users\*********\Downloads\FRST64.exe
2014-08-28 19:40 - 2014-08-28 19:40 - 00014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-08-28 14:34 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:34 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 14:34 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\*********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:07 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Baidu Security
2014-08-25 22:03 - 2014-08-30 00:59 - 00000000 ____D () C:\Users\*********\AppData\Roaming\vlc
2014-08-25 22:03 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 21:57 - 2014-08-25 22:01 - 24743106 _____ () C:\Users\*********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 21:50 - 2014-08-09 18:13 - 678816937 _____ () C:\Users\*********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\*********\Desktop\****** III.zip
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\*********\AppData\Roaming\FLEXnet
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:21 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\*********\AppData\Local\Downloaded Installations
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\*********\Desktop\******-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\*********\Desktop\******.zip
2014-08-13 17:09 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 17:09 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 17:09 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 17:09 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 17:09 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:38 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 14:38 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 14:38 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 14:38 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 14:38 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 14:38 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 14:38 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 14:38 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 14:38 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 14:38 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 14:36 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 14:26 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 14:26 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 14:26 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 14:26 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 14:26 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 14:26 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 14:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 14:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 14:26 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 14:26 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 14:26 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\*********\AppData\Local\Adobe
2014-08-01 19:32 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 19:32 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 19:32 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 19:32 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 19:32 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 19:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 22:46 - 2014-08-29 22:19 - 00021501 _____ () C:\Users\*********\Downloads\FRST.txt
2014-08-30 22:45 - 2014-08-29 22:18 - 00000000 ____D () C:\FRST
2014-08-30 22:43 - 2014-08-30 22:43 - 00000474 _____ () C:\Users\*********\Desktop\defogger_disable.log
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\*********\defogger_reenable
2014-08-30 22:43 - 2010-04-10 16:31 - 00000000 ____D () C:\Users\*********
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\*********\Downloads\Defogger.exe
2014-08-30 22:34 - 2014-04-11 19:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 22:31 - 2014-08-30 22:31 - 01016261 _____ (Thisisu) C:\Users\*********\Downloads\JRT.exe
2014-08-30 22:31 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 22:31 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 22:29 - 2010-03-08 02:22 - 01210010 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 22:24 - 2013-05-05 13:07 - 00000000 ___RD () C:\Users\*********\Dropbox
2014-08-30 22:24 - 2013-05-05 13:03 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Dropbox
2014-08-30 22:22 - 2010-03-08 02:27 - 00597466 _____ () C:\Windows\PFRO.log
2014-08-30 22:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 22:22 - 2009-07-14 06:51 - 00307296 _____ () C:\Windows\setupact.log
2014-08-30 22:21 - 2014-08-29 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-30 22:19 - 2014-08-30 22:19 - 01364531 _____ () C:\Users\*********\Downloads\adwcleaner_3.308(1).exe
2014-08-30 22:18 - 2011-08-06 15:24 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Skype
2014-08-30 22:08 - 2013-01-03 23:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 21:55 - 2010-01-09 22:20 - 00714316 _____ () C:\Windows\system32\perfh007.dat
2014-08-30 21:55 - 2010-01-09 22:20 - 00154368 _____ () C:\Windows\system32\perfc007.dat
2014-08-30 21:55 - 2009-07-14 07:13 - 01649032 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 21:27 - 2014-08-30 21:27 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 00:59 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\*********\AppData\Roaming\vlc
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:26 - 2014-08-29 22:25 - 02347384 _____ (ESET) C:\Users\*********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:22 - 2014-08-29 22:21 - 00049550 _____ () C:\Users\*********\Downloads\Addition.txt
2014-08-29 22:21 - 2014-08-29 22:20 - 01364531 _____ () C:\Users\*********\Downloads\adwcleaner_3.308.exe
2014-08-29 22:17 - 2014-08-29 22:16 - 02103808 _____ (Farbar) C:\Users\*********\Downloads\FRST64.exe
2014-08-29 21:53 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-28 19:40 - 2014-08-28 19:40 - 00014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-08-28 19:40 - 2014-08-25 22:07 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-28 19:38 - 2010-03-08 02:20 - 00219288 _____ () C:\Windows\DPINST.LOG
2014-08-28 19:08 - 2009-07-14 06:45 - 00462824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 15:33 - 2010-04-18 19:55 - 00000000 ____D () C:\Users\*********\Documents\Diverses
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\*********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:18 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 22:01 - 2014-08-25 21:57 - 24743106 _____ () C:\Users\*********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 04:07 - 2014-08-28 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\*********\Desktop\****** III.zip
2014-08-22 20:48 - 2011-01-06 18:59 - 00000000 ____D () C:\Users\*********\Desktop\Studium
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\*********\AppData\Roaming\FLEXnet
2014-08-20 20:23 - 2010-04-10 16:36 - 00135784 _____ () C:\Users\*********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:22 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\*********\AppData\Local\Downloaded Installations
2014-08-20 17:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\*********\Desktop\******-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\*********\Desktop\******.zip
2014-08-15 09:43 - 2014-03-19 07:23 - 00001021 _____ () C:\Users\*********\Desktop\Dropbox.lnk
2014-08-15 09:43 - 2014-03-19 07:19 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 17:15 - 2013-07-27 14:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 17:13 - 2011-02-15 11:33 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 17:08 - 2014-04-30 18:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 21:13 - 2011-08-06 15:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:13 - 2014-08-25 21:50 - 678816937 _____ () C:\Users\*********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-07 23:01 - 2014-03-20 20:40 - 00000000 ____D () C:\Users\*********\Documents\PrintScreen Files
2014-08-07 04:06 - 2014-08-13 14:26 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 14:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\*********\AppData\Local\Adobe
2014-08-02 17:01 - 2013-01-03 23:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 17:01 - 2013-01-03 23:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 17:01 - 2013-01-03 23:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\308d82.dat
C:\ProgramData\Duplicaterecord.js


Some content of TEMP:
====================
C:\Users\*********\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.11.78178.exe
C:\Users\*********\AppData\Local\Temp\contentDATs.exe
C:\Users\*********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjd_o5.dll
C:\Users\*********\AppData\Local\Temp\eblinstaller.exe
C:\Users\*********\AppData\Local\Temp\EBUDBF2.EXE
C:\Users\*********\AppData\Local\Temp\EBUE3DE.DLL
C:\Users\*********\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*********\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\*********\AppData\Local\Temp\fsclm.dll
C:\Users\*********\AppData\Local\Temp\fsols_launcher.exe
C:\Users\*********\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\*********\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\*********\AppData\Local\Temp\HPQSi.exe
C:\Users\*********\AppData\Local\Temp\i4jdel0.exe
C:\Users\*********\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\*********\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\*********\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\*********\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\*********\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\*********\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\*********\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\*********\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\*********\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\*********\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\*********\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*********\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*********\AppData\Local\Temp\PC_Faster_Setup_Mini_E16_S.exe
C:\Users\*********\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\*********\AppData\Local\Temp\PRS-650_Updater_1.0.00.14080.exe
C:\Users\*********\AppData\Local\Temp\Quarantine.exe
C:\Users\*********\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*********\AppData\Local\Temp\setup.exe
C:\Users\*********\AppData\Local\Temp\SimBundD.exe
C:\Users\*********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*********\AppData\Local\Temp\xmllite.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 20:01

==================== End Of Log ============================
--- --- ---



GMER

GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-30 23:26:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*********\AppData\Local\Temp\pxdiypog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                    00000000771d1465 2 bytes [1D, 77]
.text    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                  00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              00000000771d1465 2 bytes [1D, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                              00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      00000000771d1465 2 bytes [1D, 77]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                00000000771d1465 2 bytes [1D, 77]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                              00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe[3464] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                  00000000771d1465 2 bytes [1D, 77]
.text    C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe[3464] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                              00000000771d1465 2 bytes [1D, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            00000000771d1465 2 bytes [1D, 77]
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000771d14bb 2 bytes [1D, 77]
.text    ...                                                                                                                                                                                                                    * 2
---- Processes - GMER 2.1 ----

Library  C:\Users\*********\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe [3464](2014-07-30 00:20:20)                                                0000000004070000
Library  c:\users\*********\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv6yvnz.dll (*** suspicious ***) @ C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe [3464](2014-08-30 21:04:20)  00000000044b0000
Library  C:\Users\*********\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe [3464](2013-08-23 19:01:44)                                                      0000000064640000
Library  C:\Users\*********\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe [3464] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        0000000066d30000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713a0bc74                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713a0bc74@103b59e7704b                                                                                                                              0x9B 0x2D 0xB2 0x5D ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713a0bc74 (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713a0bc74@103b59e7704b                                                                                                                                  0x9B 0x2D 0xB2 0x5D ...

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---



Adw 1

AdwCleaner Logfile:
Code:
# AdwCleaner v3.308 - Bericht erstellt am 29/08/2014 um 22:37:04
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ******** - ********-PC
# Gestartet von : C:\Users\********\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\SiteLookup
Ordner Gelöscht : C:\Users\********\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\********\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\********\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Public\Documents\baidu
Datei Gelöscht : C:\END

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader12933_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader12933_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader30110_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader30110_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47B19AA8-709C-4EB5-AD0B-08FBA8FB40C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F08EAE2A-8169-42C6-AAD9-056623065667}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\b09e2727.default\prefs.js ]


[ Datei : C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6471 octets] - [29/08/2014 22:22:04]
AdwCleaner[S0].txt - [6027 octets] - [29/08/2014 22:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6087 octets] ##########
--- --- ---


Adw 2

AdwCleaner Logfile:
Code:
# AdwCleaner v3.308 - Bericht erstellt am 29/08/2014 um 22:43:05
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ******** - ********-PC
# Gestartet von : C:\Users\********\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\b09e2727.default\prefs.js ]


[ Datei : C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6471 octets] - [29/08/2014 22:22:04]
AdwCleaner[R1].txt - [1056 octets] - [29/08/2014 22:40:36]
AdwCleaner[S0].txt - [6167 octets] - [29/08/2014 22:37:04]
AdwCleaner[S1].txt - [979 octets] - [29/08/2014 22:43:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1038 octets] ##########
--- --- ---


Noch einmal vielen Dank im Voraus...!
Ich hoffe sehr, das stimmt so und nützt was. Man fühlt sich etwas verloren in diesem Buchstabensalat.

Beste Grüsse

cosinus 30.08.2014 23:31
Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Mrs. X 31.08.2014 09:19
Guten Tag cosinus

Vielen Dank.
Unten die Logfiles, mit Ausnahme der Addition.txt. Die habe ich leider nicht zustande bekommen. Auf welcher Website müsste so ein # erscheinen? Sorry!

mbam

Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.08.2014
Suchlauf-Zeit: 02:01:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ********

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306524
Verstrichene Zeit: 28 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Adw

AdwCleaner Logfile:
Code:
# AdwCleaner v3.308 - Bericht erstellt am 31/08/2014 um 02:43:11
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ******** - ********-PC
# Gestartet von : C:\Users\********\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\b09e2727.default\prefs.js ]


[ Datei : C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6471 octets] - [29/08/2014 22:22:04]
AdwCleaner[R1].txt - [1056 octets] - [29/08/2014 22:40:36]
AdwCleaner[R2].txt - [1180 octets] - [30/08/2014 22:20:10]
AdwCleaner[R3].txt - [1295 octets] - [31/08/2014 02:40:28]
AdwCleaner[R4].txt - [1356 octets] - [31/08/2014 02:42:00]
AdwCleaner[S0].txt - [6167 octets] - [29/08/2014 22:37:04]
AdwCleaner[S1].txt - [1118 octets] - [29/08/2014 22:43:05]
AdwCleaner[S2].txt - [1242 octets] - [30/08/2014 22:21:44]
AdwCleaner[S3].txt - [1277 octets] - [31/08/2014 02:43:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1337 octets] ##########
--- --- ---


JRT

Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ******** on 31.08.2014 at 2:51:24,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\********\AppData\Roaming\mozilla\firefox\profiles\zzygvqq5.default\minidumps [371 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2014 at 3:01:45,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014
Ran by ******** (administrator) on ********-PC on 31-08-2014 10:03:11
Running from C:\Users\********\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Gadwin Systems, Inc.) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37144 2007-12-13] (Mindjet)
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadwin PrintScreen 3.5] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1101824 2006-07-08] (Gadwin Systems, Inc.)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadywagoyp] => C:\Users\********\AppData\Roaming\Ywpiyd\gero.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {249d5b00-fabc-11df-a065-88a39d9f9f68} - H:\iStudio.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d41-63c0-11e2-883b-002713a0bc74} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d53-63c0-11e2-883b-002713a0bc74} - H:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {2c926d73-f443-11e2-afb1-c80aa90a8d59} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {3ab5124b-6497-11e2-af54-001e101f3315} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {577254b8-3e25-11e1-8691-002713a0bc74} - I:\Startme.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {6a9e6f23-5d61-11e1-9fd2-002713a0bc74} - G:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://uzhvpn1.uzh.ch/CACHE/stc/18/binaries/vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-01-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 62.240.110.198 62.240.110.197

FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default
FF Homepage: hxxp://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Advisor - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-03-08]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-01] (DigitalPersona, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-21] (IDT, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S1 ggdmxtqg; \??\C:\Windows\system32\drivers\ggdmxtqg.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 muosxvjv; \??\C:\Windows\system32\drivers\muosxvjv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S1 pgqyxzkb; \??\C:\Windows\system32\drivers\pgqyxzkb.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]
S1 vejicfgc; \??\C:\Windows\system32\drivers\vejicfgc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 10:03 - 2014-08-31 10:03 - 00021664 _____ () C:\Users\********\Desktop\FRST.txt
2014-08-31 03:01 - 2014-08-31 10:00 - 00000898 _____ () C:\Users\********\Desktop\JRT.txt
2014-08-31 02:48 - 2014-08-31 02:49 - 01016261 _____ (Thisisu) C:\Users\********\Desktop\JRT.exe
2014-08-31 02:45 - 2014-08-31 02:45 - 00001425 _____ () C:\Users\********\Desktop\AdwCleaner[S3].txt
2014-08-31 02:39 - 2014-08-31 02:39 - 01364531 _____ () C:\Users\********\Desktop\adwcleaner_3.308.exe
2014-08-31 02:37 - 2014-08-31 02:38 - 00001153 _____ () C:\Users\********\Desktop\mbam.txt
2014-08-31 02:01 - 2014-08-31 02:01 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 01:56 - 2014-08-31 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 23:28 - 2014-08-30 23:28 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 23:01 - 2014-08-30 23:01 - 00296256 _____ () C:\Windows\Minidump\083014-20482-01.dmp
2014-08-30 22:55 - 2014-08-30 22:55 - 00380416 _____ () C:\Users\********\Downloads\Gmer-19357.exe
2014-08-30 22:54 - 2014-08-30 22:54 - 00047620 _____ () C:\Users\********\Downloads\FRST.txt
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\********\defogger_reenable
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:25 - 2014-08-29 22:26 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:21 - 2014-08-31 02:43 - 00000000 ____D () C:\AdwCleaner
2014-08-29 22:21 - 2014-08-29 22:22 - 00049550 _____ () C:\Users\********\Downloads\Addition.txt
2014-08-29 22:18 - 2014-08-31 10:03 - 00000000 ____D () C:\FRST
2014-08-29 22:16 - 2014-08-29 22:17 - 02103808 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-08-28 19:40 - 2014-08-28 19:40 - 00014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-08-28 14:34 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:34 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 14:34 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:07 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\********\AppData\Roaming\Baidu Security
2014-08-25 22:03 - 2014-08-30 00:59 - 00000000 ____D () C:\Users\********\AppData\Roaming\vlc
2014-08-25 22:03 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 21:57 - 2014-08-25 22:01 - 24743106 _____ () C:\Users\********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 21:50 - 2014-08-09 18:13 - 678816937 _____ () C:\Users\********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\********\Desktop\******** III.zip
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\********\AppData\Roaming\FLEXnet
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:21 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\********\Desktop\********-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\********\Desktop\********.zip
2014-08-13 17:09 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 17:09 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 17:09 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 17:09 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 17:09 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:38 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 14:38 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 14:38 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 14:38 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 14:38 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 14:38 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 14:38 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 14:38 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 14:38 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 14:38 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 14:36 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 14:26 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 14:26 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 14:26 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 14:26 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 14:26 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 14:26 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 14:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 14:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 14:26 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 14:26 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 14:26 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe
2014-08-01 19:32 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 19:32 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 19:32 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 19:32 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 19:32 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 19:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 10:03 - 2014-08-31 10:03 - 00021664 _____ () C:\Users\********\Desktop\FRST.txt
2014-08-31 10:03 - 2014-08-29 22:18 - 00000000 ____D () C:\FRST
2014-08-31 10:00 - 2014-08-31 03:01 - 00000898 _____ () C:\Users\********\Desktop\JRT.txt
2014-08-31 09:51 - 2010-01-09 22:20 - 00717864 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 09:51 - 2010-01-09 22:20 - 00155416 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 09:51 - 2009-07-14 07:13 - 01657792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 09:50 - 2013-01-03 23:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 09:50 - 2012-01-12 09:18 - 01678202 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 03:00 - 2010-03-08 02:22 - 01262957 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 02:52 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 02:52 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 02:49 - 2014-08-31 02:48 - 01016261 _____ (Thisisu) C:\Users\********\Desktop\JRT.exe
2014-08-31 02:47 - 2014-04-11 19:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 02:46 - 2013-05-05 13:07 - 00000000 ___RD () C:\Users\********\Dropbox
2014-08-31 02:46 - 2013-05-05 13:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\Dropbox
2014-08-31 02:45 - 2014-08-31 02:45 - 00001425 _____ () C:\Users\********\Desktop\AdwCleaner[S3].txt
2014-08-31 02:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 02:43 - 2014-08-29 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-31 02:43 - 2010-03-08 02:27 - 00597776 _____ () C:\Windows\PFRO.log
2014-08-31 02:43 - 2009-07-14 06:51 - 00307464 _____ () C:\Windows\setupact.log
2014-08-31 02:39 - 2014-08-31 02:39 - 01364531 _____ () C:\Users\********\Desktop\adwcleaner_3.308.exe
2014-08-31 02:38 - 2014-08-31 02:37 - 00001153 _____ () C:\Users\********\Desktop\mbam.txt
2014-08-31 02:01 - 2014-08-31 02:01 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 02:01 - 2014-04-11 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 01:59 - 2014-08-31 01:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 23:28 - 2014-08-30 23:28 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 23:01 - 2014-08-30 23:01 - 00296256 _____ () C:\Windows\Minidump\083014-20482-01.dmp
2014-08-30 23:01 - 2010-06-23 16:18 - 556342909 _____ () C:\Windows\MEMORY.DMP
2014-08-30 23:01 - 2010-06-23 16:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 22:55 - 2014-08-30 22:55 - 00380416 _____ () C:\Users\********\Downloads\Gmer-19357.exe
2014-08-30 22:54 - 2014-08-30 22:54 - 00047620 _____ () C:\Users\********\Downloads\FRST.txt
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\********\defogger_reenable
2014-08-30 22:43 - 2010-04-10 16:31 - 00000000 ____D () C:\Users\********
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 22:18 - 2011-08-06 15:24 - 00000000 ____D () C:\Users\********\AppData\Roaming\Skype
2014-08-30 00:59 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\vlc
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:26 - 2014-08-29 22:25 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:22 - 2014-08-29 22:21 - 00049550 _____ () C:\Users\********\Downloads\Addition.txt
2014-08-29 22:17 - 2014-08-29 22:16 - 02103808 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-08-29 21:53 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-28 19:40 - 2014-08-28 19:40 - 00014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-08-28 19:40 - 2014-08-25 22:07 - 00000000 ____D () C:\Users\********\AppData\Roaming\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-28 19:38 - 2010-03-08 02:20 - 00219288 _____ () C:\Windows\DPINST.LOG
2014-08-28 19:08 - 2009-07-14 06:45 - 00462824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 15:33 - 2010-04-18 19:55 - 00000000 ____D () C:\Users\********\Documents\Diverses
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:18 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 22:01 - 2014-08-25 21:57 - 24743106 _____ () C:\Users\********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 04:07 - 2014-08-28 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\********\Desktop\******** III.zip
2014-08-22 20:48 - 2011-01-06 18:59 - 00000000 ____D () C:\Users\********\Desktop\Studium
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\********\AppData\Roaming\FLEXnet
2014-08-20 20:23 - 2010-04-10 16:36 - 00135784 _____ () C:\Users\********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:22 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-08-20 17:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\********\Desktop\********-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\********\Desktop\********.zip
2014-08-15 09:43 - 2014-03-19 07:23 - 00001021 _____ () C:\Users\********\Desktop\Dropbox.lnk
2014-08-15 09:43 - 2014-03-19 07:19 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 17:15 - 2013-07-27 14:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 17:13 - 2011-02-15 11:33 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 17:08 - 2014-04-30 18:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 21:13 - 2011-08-06 15:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:13 - 2014-08-25 21:50 - 678816937 _____ () C:\Users\********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-07 23:01 - 2014-03-20 20:40 - 00000000 ____D () C:\Users\********\Documents\PrintScreen Files
2014-08-07 04:06 - 2014-08-13 14:26 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 14:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe
2014-08-02 17:01 - 2013-01-03 23:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 17:01 - 2013-01-03 23:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 17:01 - 2013-01-03 23:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\308d82.dat
C:\ProgramData\Duplicaterecord.js


Some content of TEMP:
====================
C:\Users\********\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.11.78178.exe
C:\Users\********\AppData\Local\Temp\contentDATs.exe
C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhluix.dll
C:\Users\********\AppData\Local\Temp\eblinstaller.exe
C:\Users\********\AppData\Local\Temp\EBUDBF2.EXE
C:\Users\********\AppData\Local\Temp\EBUE3DE.DLL
C:\Users\********\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\********\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\********\AppData\Local\Temp\fsclm.dll
C:\Users\********\AppData\Local\Temp\fsols_launcher.exe
C:\Users\********\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\********\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\********\AppData\Local\Temp\HPQSi.exe
C:\Users\********\AppData\Local\Temp\i4jdel0.exe
C:\Users\********\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\PC_Faster_Setup_Mini_E16_S.exe
C:\Users\********\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\********\AppData\Local\Temp\PRS-650_Updater_1.0.00.14080.exe
C:\Users\********\AppData\Local\Temp\Quarantine.exe
C:\Users\********\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\********\AppData\Local\Temp\setup.exe
C:\Users\********\AppData\Local\Temp\SimBundD.exe
C:\Users\********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\********\AppData\Local\Temp\xmllite.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 20:01

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 31.08.2014 13:53
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Mrs. X 31.08.2014 21:41
Oje. Wenn man vor lauter Bäumen den Wald nicht mehr sieht. Hier nun also FRST und die Addition.

FRST Logfile:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ******** (administrator) on ********-PC on 31-08-2014 22:16:46
Running from C:\Users\********\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Gadwin Systems, Inc.) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37144 2007-12-13] (Mindjet)
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadwin PrintScreen 3.5] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1101824 2006-07-08] (Gadwin Systems, Inc.)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadywagoyp] => C:\Users\********\AppData\Roaming\Ywpiyd\gero.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {249d5b00-fabc-11df-a065-88a39d9f9f68} - H:\iStudio.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d41-63c0-11e2-883b-002713a0bc74} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d53-63c0-11e2-883b-002713a0bc74} - H:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {2c926d73-f443-11e2-afb1-c80aa90a8d59} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {3ab5124b-6497-11e2-af54-001e101f3315} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {577254b8-3e25-11e1-8691-002713a0bc74} - I:\Startme.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {6a9e6f23-5d61-11e1-9fd2-002713a0bc74} - G:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://uzhvpn1.uzh.ch/CACHE/stc/18/binaries/vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-01-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 62.240.110.198 62.240.110.197

FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default
FF Homepage: hxxp://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Advisor - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-03-08]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-01] (DigitalPersona, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-21] (IDT, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S1 ggdmxtqg; \??\C:\Windows\system32\drivers\ggdmxtqg.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 muosxvjv; \??\C:\Windows\system32\drivers\muosxvjv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S1 pgqyxzkb; \??\C:\Windows\system32\drivers\pgqyxzkb.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]
S1 vejicfgc; \??\C:\Windows\system32\drivers\vejicfgc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 22:16 - 2014-08-31 22:16 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2014-08-31 10:03 - 2014-08-31 22:17 - 00021604 _____ () C:\Users\********\Desktop\FRST.txt
2014-08-31 03:01 - 2014-08-31 10:00 - 00000898 _____ () C:\Users\********\Desktop\JRT.txt
2014-08-31 02:48 - 2014-08-31 02:49 - 01016261 _____ (Thisisu) C:\Users\********\Desktop\JRT.exe
2014-08-31 02:45 - 2014-08-31 02:45 - 00001425 _____ () C:\Users\********\Desktop\AdwCleaner[S3].txt
2014-08-31 02:39 - 2014-08-31 02:39 - 01364531 _____ () C:\Users\********\Desktop\adwcleaner_3.308.exe
2014-08-31 02:37 - 2014-08-31 02:38 - 00001153 _____ () C:\Users\********\Desktop\mbam.txt
2014-08-31 02:01 - 2014-08-31 02:01 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 01:56 - 2014-08-31 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 23:28 - 2014-08-30 23:28 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 23:01 - 2014-08-30 23:01 - 00296256 _____ () C:\Windows\Minidump\083014-20482-01.dmp
2014-08-30 22:55 - 2014-08-30 22:55 - 00380416 _____ () C:\Users\********\Downloads\Gmer-19357.exe
2014-08-30 22:54 - 2014-08-30 22:54 - 00047620 _____ () C:\Users\********\Downloads\FRST.txt
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\********\defogger_reenable
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:25 - 2014-08-29 22:26 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:21 - 2014-08-31 02:43 - 00000000 ____D () C:\AdwCleaner
2014-08-29 22:21 - 2014-08-29 22:22 - 00049550 _____ () C:\Users\********\Downloads\Addition.txt
2014-08-29 22:18 - 2014-08-31 22:16 - 00000000 ____D () C:\FRST
2014-08-29 22:16 - 2014-08-31 22:16 - 02104832 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-08-28 19:40 - 2014-08-28 19:40 - 00014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-08-28 14:34 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:34 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 14:34 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:07 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\********\AppData\Roaming\Baidu Security
2014-08-25 22:03 - 2014-08-30 00:59 - 00000000 ____D () C:\Users\********\AppData\Roaming\vlc
2014-08-25 22:03 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 21:57 - 2014-08-25 22:01 - 24743106 _____ () C:\Users\********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 21:50 - 2014-08-09 18:13 - 678816937 _____ () C:\Users\********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\********\Desktop\******** III.zip
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\********\AppData\Roaming\FLEXnet
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:21 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\********\Desktop\********-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\********\Desktop\********.zip
2014-08-13 17:09 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 17:09 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 17:09 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 17:09 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 17:09 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:38 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 14:38 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 14:38 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 14:38 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 14:38 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 14:38 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 14:38 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 14:38 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 14:38 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 14:38 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 14:36 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 14:26 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 14:26 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 14:26 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 14:26 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 14:26 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 14:26 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 14:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 14:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 14:26 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 14:26 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 14:26 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe
2014-08-01 19:32 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 19:32 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 19:32 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 19:32 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 19:32 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 19:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 22:17 - 2014-08-31 10:03 - 00021604 _____ () C:\Users\********\Desktop\FRST.txt
2014-08-31 22:17 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 22:17 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 22:16 - 2014-08-31 22:16 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2014-08-31 22:16 - 2014-08-29 22:18 - 00000000 ____D () C:\FRST
2014-08-31 22:16 - 2014-08-29 22:16 - 02104832 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-08-31 22:16 - 2011-08-06 15:24 - 00000000 ____D () C:\Users\********\AppData\Roaming\Skype
2014-08-31 22:14 - 2009-07-14 06:51 - 00307688 _____ () C:\Windows\setupact.log
2014-08-31 22:13 - 2010-03-08 02:22 - 01270949 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 22:13 - 2010-01-09 22:20 - 00717864 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 22:13 - 2010-01-09 22:20 - 00155416 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 22:13 - 2009-07-14 07:13 - 01657792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 22:11 - 2014-04-11 19:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 22:10 - 2013-05-05 13:07 - 00000000 ___RD () C:\Users\********\Dropbox
2014-08-31 22:10 - 2013-05-05 13:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\Dropbox
2014-08-31 22:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 16:08 - 2013-01-03 23:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 10:00 - 2014-08-31 03:01 - 00000898 _____ () C:\Users\********\Desktop\JRT.txt
2014-08-31 09:50 - 2012-01-12 09:18 - 01678202 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 02:49 - 2014-08-31 02:48 - 01016261 _____ (Thisisu) C:\Users\********\Desktop\JRT.exe
2014-08-31 02:45 - 2014-08-31 02:45 - 00001425 _____ () C:\Users\********\Desktop\AdwCleaner[S3].txt
2014-08-31 02:43 - 2014-08-29 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-31 02:43 - 2010-03-08 02:27 - 00597776 _____ () C:\Windows\PFRO.log
2014-08-31 02:39 - 2014-08-31 02:39 - 01364531 _____ () C:\Users\********\Desktop\adwcleaner_3.308.exe
2014-08-31 02:38 - 2014-08-31 02:37 - 00001153 _____ () C:\Users\********\Desktop\mbam.txt
2014-08-31 02:01 - 2014-08-31 02:01 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 02:01 - 2014-04-11 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 01:59 - 2014-08-31 01:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 23:28 - 2014-08-30 23:28 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 23:01 - 2014-08-30 23:01 - 00296256 _____ () C:\Windows\Minidump\083014-20482-01.dmp
2014-08-30 23:01 - 2010-06-23 16:18 - 556342909 _____ () C:\Windows\MEMORY.DMP
2014-08-30 23:01 - 2010-06-23 16:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 22:55 - 2014-08-30 22:55 - 00380416 _____ () C:\Users\********\Downloads\Gmer-19357.exe
2014-08-30 22:54 - 2014-08-30 22:54 - 00047620 _____ () C:\Users\********\Downloads\FRST.txt
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\********\defogger_reenable
2014-08-30 22:43 - 2010-04-10 16:31 - 00000000 ____D () C:\Users\********
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 00:59 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\vlc
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:26 - 2014-08-29 22:25 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:22 - 2014-08-29 22:21 - 00049550 _____ () C:\Users\********\Downloads\Addition.txt
2014-08-29 21:53 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-28 19:40 - 2014-08-28 19:40 - 00014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-08-28 19:40 - 2014-08-25 22:07 - 00000000 ____D () C:\Users\********\AppData\Roaming\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-28 19:38 - 2010-03-08 02:20 - 00219288 _____ () C:\Windows\DPINST.LOG
2014-08-28 19:08 - 2009-07-14 06:45 - 00462824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 15:33 - 2010-04-18 19:55 - 00000000 ____D () C:\Users\********\Documents\Diverses
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:18 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 22:01 - 2014-08-25 21:57 - 24743106 _____ () C:\Users\********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 04:07 - 2014-08-28 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\********\Desktop\******** III.zip
2014-08-22 20:48 - 2011-01-06 18:59 - 00000000 ____D () C:\Users\********\Desktop\Studium
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\********\AppData\Roaming\FLEXnet
2014-08-20 20:23 - 2010-04-10 16:36 - 00135784 _____ () C:\Users\********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:22 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-08-20 17:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\********\Desktop\********-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\********\Desktop\********.zip
2014-08-15 09:43 - 2014-03-19 07:23 - 00001021 _____ () C:\Users\********\Desktop\Dropbox.lnk
2014-08-15 09:43 - 2014-03-19 07:19 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 17:15 - 2013-07-27 14:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 17:13 - 2011-02-15 11:33 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 17:08 - 2014-04-30 18:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 21:13 - 2011-08-06 15:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:13 - 2014-08-25 21:50 - 678816937 _____ () C:\Users\********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-07 23:01 - 2014-03-20 20:40 - 00000000 ____D () C:\Users\********\Documents\PrintScreen Files
2014-08-07 04:06 - 2014-08-13 14:26 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 14:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe
2014-08-02 17:01 - 2013-01-03 23:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 17:01 - 2013-01-03 23:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 17:01 - 2013-01-03 23:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\308d82.dat
C:\ProgramData\Duplicaterecord.js


Some content of TEMP:
====================
C:\Users\********\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.11.78178.exe
C:\Users\********\AppData\Local\Temp\contentDATs.exe
C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpecvzkp.dll
C:\Users\********\AppData\Local\Temp\eblinstaller.exe
C:\Users\********\AppData\Local\Temp\EBUDBF2.EXE
C:\Users\********\AppData\Local\Temp\EBUE3DE.DLL
C:\Users\********\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\********\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\********\AppData\Local\Temp\fsclm.dll
C:\Users\********\AppData\Local\Temp\fsols_launcher.exe
C:\Users\********\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\********\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\********\AppData\Local\Temp\HPQSi.exe
C:\Users\********\AppData\Local\Temp\i4jdel0.exe
C:\Users\********\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\PC_Faster_Setup_Mini_E16_S.exe
C:\Users\********\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\********\AppData\Local\Temp\PRS-650_Updater_1.0.00.14080.exe
C:\Users\********\AppData\Local\Temp\Quarantine.exe
C:\Users\********\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\********\AppData\Local\Temp\setup.exe
C:\Users\********\AppData\Local\Temp\SimBundD.exe
C:\Users\********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\********\AppData\Local\Temp\xmllite.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 20:01

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by ******** at 2014-08-31 22:18:03
Running from C:\Users\********\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2008431854.48.56.38735082 - Audible, Inc.)
calibre (HKLM-x32\...\{35FF5DC5-A622-4055-A8BB-6D4F01AF6F57}) (Version: 1.22.0 - Kovid Goyal)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version:  - Microsoft)
DigitalPersona Personal 4.10 (HKLM\...\{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}) (Version: 4.10.3787 - DigitalPersona, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 3.5 - Gadwin Systems, Inc.)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3509 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3509 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.1.2125 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.1.2206 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3405 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2207 - Hewlett-Packard) Hidden
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6249.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Fireworks 8 (HKLM-x32\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mendeley Desktop 1.10.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.3 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mindjet MindManager Pro 7 Admin (HKLM-x32\...\{0CEF0F2F-649D-49B7-B449-6F7F6993682B}) (Version: 7.1.393 - Mindjet LLC)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6622 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
Private Tax 2012 2.5 (HKLM-x32\...\6753-7911-9438-6061) (Version: 2.5 - Information Factory AG)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (HKLM\...\{D7B11BA7-15D3-4E84-8974-20258D4A1701}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.403.44552 - Vodafone)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\InprocServer32 -> C:\ProgramData\Windows\msseedir.dll No File
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

31-07-2014 16:41:50 Windows Update
01-08-2014 17:31:52 Windows Update
04-08-2014 18:45:15 Windows Update
08-08-2014 18:55:17 Windows Update
12-08-2014 18:36:00 Windows Update
13-08-2014 15:08:16 Windows Update
18-08-2014 16:02:30 Windows Update
20-08-2014 18:20:43 Installed Vodafone Mobile Broadband.
21-08-2014 17:38:25 Windows Update
25-08-2014 18:26:29 Windows Update
28-08-2014 14:04:14 Windows Update
28-08-2014 17:41:27 Removed IBM SPSS Statistics 21.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02A20EC6-EAEA-403A-870E-D0393629487D} - System32\Tasks\{A1DF3D09-736C-4914-AB2E-8CE79209E26C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {077FC4A1-6CF5-4A3A-B380-851307A2C60E} - System32\Tasks\{BF11E9E6-D02B-40E4-BC82-6377304B6780} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsBing
Task: {1B11ED7B-ECC3-491B-B544-AFC748A59C43} - System32\Tasks\{EAA9CA33-A14D-4656-9707-0D9A94749A17} => Chrome.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {20915A44-6F60-40FD-861B-CE250588CF51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-02] (Adobe Systems Incorporated)
Task: {27DF1D33-2E48-46DC-B491-C54047D54BC0} - System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {2C0A65F6-91EC-4589-BCB8-AB24ADF054B6} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {45D52DCE-DB8B-46F5-ADAC-2DE9C4EA039F} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {4CE41520-BCED-471A-9CB1-A989999D8E2B} - System32\Tasks\{E2400E75-AA4B-4473-B34B-E57ECC135FA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.13.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {81EE4BF3-6E6B-4F0C-8BEF-BAA95AC3648B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {9B7F1278-4826-4B9C-B6D3-F96001BCE6BF} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {9F138C2B-9649-45AC-AADD-72AC3D16408B} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {B4792AE0-26A2-41D3-9842-CFC03727BE54} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {E1866E37-7873-49DF-83CA-E894D86D8D44} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-06] (CyberLink)
Task: {F88B9876-1505-493F-B026-BEBBBD31DB5C} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 02:09 - 2013-04-04 02:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-25 10:48 - 2009-08-25 10:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-04 14:35 - 2009-09-04 14:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-09 15:31 - 2009-07-06 21:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-12-13 00:36 - 2013-12-13 00:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-31 22:10 - 2014-08-31 22:10 - 00043008 _____ () c:\users\********\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpecvzkp.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\********\AppData\Roaming\Dropbox\bin\libcef.dll
2007-12-13 18:19 - 2007-12-13 18:19 - 00115968 _____ () C:\Program Files (x86)\Mindjet\MindManager 7\zlib.dll
2010-07-13 02:28 - 2010-07-13 02:28 - 00856064 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 02:13 - 2010-07-13 02:13 - 00033792 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 02:15 - 2010-07-13 02:15 - 00233472 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 02:22 - 2010-07-13 02:22 - 00020480 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 22:23 - 2010-04-02 22:23 - 00815104 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 02:16 - 2010-07-13 02:16 - 00118784 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 02:22 - 2010-07-13 02:22 - 00009728 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 02:26 - 2010-07-13 02:26 - 00018432 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 02:15 - 2010-07-13 02:15 - 00010240 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00008704 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00028160 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00011776 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 21:44 - 2010-04-02 21:44 - 00086016 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 02:29 - 2010-07-13 02:29 - 00143360 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 02:10 - 2010-07-13 02:10 - 00172032 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
2009-10-06 00:08 - 2009-10-06 00:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-07-23 08:21 - 2014-07-23 08:21 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-10 13:08 - 2014-08-02 17:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 00:19:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/31/2014 00:18:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/31/2014 11:07:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (08/31/2014 10:09:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/31/2014 10:09:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎31.‎08.‎2014 um 16:14:53 unerwartet heruntergefahren.

Error: (08/31/2014 03:32:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/31/2014 09:50:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (08/31/2014 00:19:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/31/2014 00:18:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dllc:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dll9

Error: (08/31/2014 11:07:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dllc:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dll9


CodeIntegrity Errors:
===================================
  Date: 2013-03-11 20:29:55.788
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-11 20:29:55.632
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-11 20:22:57.836
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-11 20:22:57.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 54%
Total physical RAM: 4022.87 MB
Available physical RAM: 1831.65 MB
Total Pagefile: 8043.91 MB
Available Pagefile: 5653.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.89 GB) (Free:336.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.57 GB) (Free:3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive f: (My Disc) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 33EEF29C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

cosinus 31.08.2014 23:14
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadywagoyp] => C:\Users\********\AppData\Roaming\Ywpiyd\gero.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 ggdmxtqg; \??\C:\Windows\system32\drivers\ggdmxtqg.sys [X]
S1 muosxvjv; \??\C:\Windows\system32\drivers\muosxvjv.sys [X]
S1 pgqyxzkb; \??\C:\Windows\system32\drivers\pgqyxzkb.sys [X]
S1 vejicfgc; \??\C:\Windows\system32\drivers\vejicfgc.sys [X]
C:\ProgramData\308d82.dat
C:\ProgramData\Duplicaterecord.js
C:\Windows\system32\drivers\ggdmxtqg.sys
C:\Windows\system32\drivers\muosxvjv.sys
C:\Windows\system32\drivers\pgqyxzkb.sys
C:\Windows\system32\drivers\vejicfgc.sys
C:\Users\********\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.11.78178.exe
C:\Users\********\AppData\Local\Temp\contentDATs.exe
C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpecvzkp.dll
C:\Users\********\AppData\Local\Temp\eblinstaller.exe
C:\Users\********\AppData\Local\Temp\EBUDBF2.EXE
C:\Users\********\AppData\Local\Temp\EBUE3DE.DLL
C:\Users\********\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\********\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\********\AppData\Local\Temp\fsclm.dll
C:\Users\********\AppData\Local\Temp\fsols_launcher.exe
C:\Users\********\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\********\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\********\AppData\Local\Temp\HPQSi.exe
C:\Users\********\AppData\Local\Temp\i4jdel0.exe
C:\Users\********\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\PC_Faster_Setup_Mini_E16_S.exe
C:\Users\********\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\********\AppData\Local\Temp\PRS-650_Updater_1.0.00.14080.exe
C:\Users\********\AppData\Local\Temp\Quarantine.exe
C:\Users\********\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\********\AppData\Local\Temp\setup.exe
C:\Users\********\AppData\Local\Temp\SimBundD.exe
C:\Users\********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\********\AppData\Local\Temp\xmllite.dll
Task: {9F138C2B-9649-45AC-AADD-72AC3D16408B} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Mrs. X 01.09.2014 09:52
Hallo cosinus

Anbei der Fixlog...

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by ******** at 2014-09-01 10:46:54 Run:1
Running from C:\Users\********\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadywagoyp] => C:\Users\********\AppData\Roaming\Ywpiyd\gero.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 ggdmxtqg; \??\C:\Windows\system32\drivers\ggdmxtqg.sys [X]
S1 muosxvjv; \??\C:\Windows\system32\drivers\muosxvjv.sys [X]
S1 pgqyxzkb; \??\C:\Windows\system32\drivers\pgqyxzkb.sys [X]
S1 vejicfgc; \??\C:\Windows\system32\drivers\vejicfgc.sys [X]
C:\ProgramData\308d82.dat
C:\ProgramData\Duplicaterecord.js
C:\Windows\system32\drivers\ggdmxtqg.sys
C:\Windows\system32\drivers\muosxvjv.sys
C:\Windows\system32\drivers\pgqyxzkb.sys
C:\Windows\system32\drivers\vejicfgc.sys
C:\Users\********\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.11.78178.exe
C:\Users\********\AppData\Local\Temp\contentDATs.exe
C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpecvzkp.dll
C:\Users\********\AppData\Local\Temp\eblinstaller.exe
C:\Users\********\AppData\Local\Temp\EBUDBF2.EXE
C:\Users\********\AppData\Local\Temp\EBUE3DE.DLL
C:\Users\********\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\********\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\********\AppData\Local\Temp\fsclm.dll
C:\Users\********\AppData\Local\Temp\fsols_launcher.exe
C:\Users\********\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\********\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\********\AppData\Local\Temp\HPQSi.exe
C:\Users\********\AppData\Local\Temp\i4jdel0.exe
C:\Users\********\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\********\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\********\AppData\Local\Temp\PC_Faster_Setup_Mini_E16_S.exe
C:\Users\********\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\********\AppData\Local\Temp\PRS-650_Updater_1.0.00.14080.exe
C:\Users\********\AppData\Local\Temp\Quarantine.exe
C:\Users\********\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\********\AppData\Local\Temp\setup.exe
C:\Users\********\AppData\Local\Temp\SimBundD.exe
C:\Users\********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\********\AppData\Local\Temp\xmllite.dll
Task: {9F138C2B-9649-45AC-AADD-72AC3D16408B} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
       
*****************

HKU\S-1-5-21-2935208858-379123278-2216804909-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gadywagoyp => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ggdmxtqg => Service deleted successfully.
muosxvjv => Service deleted successfully.
pgqyxzkb => Service deleted successfully.
vejicfgc => Service deleted successfully.
C:\ProgramData\308d82.dat => Moved successfully.
C:\ProgramData\Duplicaterecord.js => Moved successfully.
"C:\Windows\system32\drivers\ggdmxtqg.sys" => File/Directory not found.
"C:\Windows\system32\drivers\muosxvjv.sys" => File/Directory not found.
"C:\Windows\system32\drivers\pgqyxzkb.sys" => File/Directory not found.
"C:\Windows\system32\drivers\vejicfgc.sys" => File/Directory not found.
C:\Users\********\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.11.78178.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\contentDATs.exe => Moved successfully.
"C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpecvzkp.dll" => File/Directory not found.
C:\Users\********\AppData\Local\Temp\eblinstaller.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\EBUDBF2.EXE => Moved successfully.
C:\Users\********\AppData\Local\Temp\EBUE3DE.DLL => Moved successfully.
C:\Users\********\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\fsclm.dll => Moved successfully.
C:\Users\********\AppData\Local\Temp\fsols_launcher.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\fsonlinescanner.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\GoogleChromeInstaller.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\PC_Faster_Setup_Mini_E16_S.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\pdf24-creator-update.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\PRS-650_Updater_1.0.00.14080.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\SimBundD.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\********\AppData\Local\Temp\xmllite.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F138C2B-9649-45AC-AADD-72AC3D16408B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F138C2B-9649-45AC-AADD-72AC3D16408B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.

==== End of Fixlog ====
Vielen Dank für deine bisherigen Bemühungen und noch einen schönen Tag!

cosinus 01.09.2014 10:26
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Mrs. X 01.09.2014 11:07
Et voilà...

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ******** (administrator) on ********-PC on 01-09-2014 11:56:48
Running from C:\Users\********\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Gadwin Systems, Inc.) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37144 2007-12-13] (Mindjet)
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [Gadwin PrintScreen 3.5] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1101824 2006-07-08] (Gadwin Systems, Inc.)
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {249d5b00-fabc-11df-a065-88a39d9f9f68} - H:\iStudio.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d41-63c0-11e2-883b-002713a0bc74} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {29e59d53-63c0-11e2-883b-002713a0bc74} - H:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {2c926d73-f443-11e2-afb1-c80aa90a8d59} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {3ab5124b-6497-11e2-af54-001e101f3315} - G:\AutoRun.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {577254b8-3e25-11e1-8691-002713a0bc74} - I:\Startme.exe
HKU\S-1-5-21-2935208858-379123278-2216804909-1001\...\MountPoints2: {6a9e6f23-5d61-11e1-9fd2-002713a0bc74} - G:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://uzhvpn1.uzh.ch/CACHE/stc/18/binaries/vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-01-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 62.240.110.198 62.240.110.197

FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default
FF Homepage: hxxp://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Advisor - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\zzygvqq5.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-03-08]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-01] (DigitalPersona, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-21] (IDT, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\48230029.sys [122584 2014-09-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 22:18 - 2014-08-31 22:26 - 00039429 _____ () C:\Users\********\Desktop\Addition.txt
2014-08-31 22:16 - 2014-08-31 22:16 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2014-08-31 10:03 - 2014-09-01 11:57 - 00021391 _____ () C:\Users\********\Desktop\FRST.txt
2014-08-31 03:01 - 2014-08-31 10:00 - 00000898 _____ () C:\Users\********\Desktop\JRT.txt
2014-08-31 02:48 - 2014-08-31 02:49 - 01016261 _____ (Thisisu) C:\Users\********\Desktop\JRT.exe
2014-08-31 02:45 - 2014-08-31 02:45 - 00001425 _____ () C:\Users\********\Desktop\AdwCleaner[S3].txt
2014-08-31 02:39 - 2014-08-31 02:39 - 01364531 _____ () C:\Users\********\Desktop\adwcleaner_3.308.exe
2014-08-31 02:37 - 2014-08-31 02:38 - 00001153 _____ () C:\Users\********\Desktop\mbam.txt
2014-08-31 02:01 - 2014-08-31 02:01 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 01:56 - 2014-08-31 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 23:28 - 2014-08-30 23:28 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 23:01 - 2014-08-30 23:01 - 00296256 _____ () C:\Windows\Minidump\083014-20482-01.dmp
2014-08-30 22:55 - 2014-08-30 22:55 - 00380416 _____ () C:\Users\********\Downloads\Gmer-19357.exe
2014-08-30 22:54 - 2014-08-30 22:54 - 00047620 _____ () C:\Users\********\Downloads\FRST.txt
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\********\defogger_reenable
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:25 - 2014-08-29 22:26 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:21 - 2014-08-31 02:43 - 00000000 ____D () C:\AdwCleaner
2014-08-29 22:21 - 2014-08-29 22:22 - 00049550 _____ () C:\Users\********\Downloads\Addition.txt
2014-08-29 22:18 - 2014-09-01 11:56 - 00000000 ____D () C:\FRST
2014-08-29 22:16 - 2014-08-31 22:16 - 02104832 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-08-28 14:34 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:34 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 14:34 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:07 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\********\AppData\Roaming\Baidu Security
2014-08-25 22:03 - 2014-08-30 00:59 - 00000000 ____D () C:\Users\********\AppData\Roaming\vlc
2014-08-25 22:03 - 2014-08-28 19:40 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-25 22:02 - 2014-08-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 21:57 - 2014-08-25 22:01 - 24743106 _____ () C:\Users\********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 21:50 - 2014-08-09 18:13 - 678816937 _____ () C:\Users\********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\********\Desktop\******** III.zip
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\********\AppData\Roaming\FLEXnet
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:21 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\********\Desktop\********-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\********\Desktop\********.zip
2014-08-13 17:09 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 17:09 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 17:09 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 17:09 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 17:09 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 17:09 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:38 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 14:38 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 14:38 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 14:38 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 14:38 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 14:38 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 14:38 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 14:38 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 14:38 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 14:38 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 14:38 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 14:38 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 14:38 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 14:38 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 14:38 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 14:38 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 14:38 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 14:38 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 14:38 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 14:36 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 14:36 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 14:36 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 14:26 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 14:26 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 14:26 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 14:26 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 14:26 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 14:26 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 14:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 14:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 14:26 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 14:26 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 14:26 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 14:26 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 14:26 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 11:57 - 2014-08-31 10:03 - 00021391 _____ () C:\Users\********\Desktop\FRST.txt
2014-09-01 11:56 - 2014-08-29 22:18 - 00000000 ____D () C:\FRST
2014-09-01 11:08 - 2013-01-03 23:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 10:45 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 10:45 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 10:41 - 2010-03-08 02:22 - 01334708 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 10:39 - 2014-06-22 20:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-01 10:39 - 2014-04-11 19:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 10:37 - 2013-05-05 13:07 - 00000000 ___RD () C:\Users\********\Dropbox
2014-09-01 10:37 - 2013-05-05 13:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\Dropbox
2014-09-01 10:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 10:36 - 2009-07-14 06:51 - 00307744 _____ () C:\Windows\setupact.log
2014-08-31 22:26 - 2014-08-31 22:18 - 00039429 _____ () C:\Users\********\Desktop\Addition.txt
2014-08-31 22:16 - 2014-08-31 22:16 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2014-08-31 22:16 - 2014-08-29 22:16 - 02104832 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-08-31 22:16 - 2011-08-06 15:24 - 00000000 ____D () C:\Users\********\AppData\Roaming\Skype
2014-08-31 22:13 - 2010-01-09 22:20 - 00717864 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 22:13 - 2010-01-09 22:20 - 00155416 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 22:13 - 2009-07-14 07:13 - 01657792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 10:00 - 2014-08-31 03:01 - 00000898 _____ () C:\Users\********\Desktop\JRT.txt
2014-08-31 09:50 - 2012-01-12 09:18 - 01678202 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 02:49 - 2014-08-31 02:48 - 01016261 _____ (Thisisu) C:\Users\********\Desktop\JRT.exe
2014-08-31 02:45 - 2014-08-31 02:45 - 00001425 _____ () C:\Users\********\Desktop\AdwCleaner[S3].txt
2014-08-31 02:43 - 2014-08-29 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-31 02:43 - 2010-03-08 02:27 - 00597776 _____ () C:\Windows\PFRO.log
2014-08-31 02:39 - 2014-08-31 02:39 - 01364531 _____ () C:\Users\********\Desktop\adwcleaner_3.308.exe
2014-08-31 02:38 - 2014-08-31 02:37 - 00001153 _____ () C:\Users\********\Desktop\mbam.txt
2014-08-31 02:01 - 2014-08-31 02:01 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 02:01 - 2014-04-11 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 01:59 - 2014-08-31 01:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\********\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 23:28 - 2014-08-30 23:28 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-08-30 23:01 - 2014-08-30 23:01 - 00296256 _____ () C:\Windows\Minidump\083014-20482-01.dmp
2014-08-30 23:01 - 2010-06-23 16:18 - 556342909 _____ () C:\Windows\MEMORY.DMP
2014-08-30 23:01 - 2010-06-23 16:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 22:55 - 2014-08-30 22:55 - 00380416 _____ () C:\Users\********\Downloads\Gmer-19357.exe
2014-08-30 22:54 - 2014-08-30 22:54 - 00047620 _____ () C:\Users\********\Downloads\FRST.txt
2014-08-30 22:43 - 2014-08-30 22:43 - 00000000 _____ () C:\Users\********\defogger_reenable
2014-08-30 22:43 - 2010-04-10 16:31 - 00000000 ____D () C:\Users\********
2014-08-30 22:39 - 2014-08-30 22:39 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2014-08-30 22:33 - 2014-08-30 22:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 00:59 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\vlc
2014-08-29 22:26 - 2014-08-29 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 22:26 - 2014-08-29 22:25 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2014-08-29 22:22 - 2014-08-29 22:21 - 00049550 _____ () C:\Users\********\Downloads\Addition.txt
2014-08-29 21:53 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-28 19:40 - 2014-08-25 22:07 - 00000000 ____D () C:\Users\********\AppData\Roaming\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-28 19:40 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-08-28 19:38 - 2010-03-08 02:20 - 00219288 _____ () C:\Windows\DPINST.LOG
2014-08-28 19:08 - 2009-07-14 06:45 - 00462824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 15:33 - 2010-04-18 19:55 - 00000000 ____D () C:\Users\********\Documents\Diverses
2014-08-26 15:09 - 2014-08-26 15:09 - 01058200 _____ (Adobe) C:\Users\********\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-25 22:18 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 22:02 - 2014-08-25 22:02 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 22:02 - 2014-08-25 22:02 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 22:01 - 2014-08-25 21:57 - 24743106 _____ () C:\Users\********\Desktop\vlc-2-1-5-win32.exe
2014-08-25 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 04:07 - 2014-08-28 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 23:02 - 2014-08-22 23:02 - 17220346 _____ () C:\Users\********\Desktop\******** III.zip
2014-08-22 20:48 - 2011-01-06 18:59 - 00000000 ____D () C:\Users\********\Desktop\Studium
2014-08-20 20:31 - 2014-08-20 20:31 - 00000000 ____D () C:\Users\********\AppData\Roaming\FLEXnet
2014-08-20 20:23 - 2010-04-10 16:36 - 00135784 _____ () C:\Users\********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-20 20:22 - 2014-08-20 20:22 - 00002156 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\Users\********\AppData\Roaming\Vodafone
2014-08-20 20:22 - 2014-08-20 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-08-20 20:22 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\Vodafone
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-20 20:21 - 2014-08-20 20:21 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2014-08-20 20:20 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-08-20 17:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-18 18:54 - 2014-08-18 18:54 - 11486487 _____ () C:\Users\********\Desktop\********-Fotos II.zip
2014-08-15 12:02 - 2014-08-15 12:02 - 17296919 _____ () C:\Users\********\Desktop\********.zip
2014-08-15 09:43 - 2014-03-19 07:23 - 00001021 _____ () C:\Users\********\Desktop\Dropbox.lnk
2014-08-15 09:43 - 2014-03-19 07:19 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 17:15 - 2013-07-27 14:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 17:13 - 2011-02-15 11:33 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 17:08 - 2014-04-30 18:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 21:13 - 2011-08-06 15:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:13 - 2014-08-25 21:50 - 678816937 _____ () C:\Users\********\Desktop\S.F.M.1080p.HD.ArabSeed.CoM.mkv
2014-08-08 18:14 - 2014-08-08 18:14 - 00003088 _____ () C:\Windows\System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9}
2014-08-07 23:01 - 2014-03-20 20:40 - 00000000 ____D () C:\Users\********\Documents\PrintScreen Files
2014-08-07 04:06 - 2014-08-13 14:26 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 14:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 17:08 - 2014-08-02 17:08 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe
2014-08-02 17:01 - 2013-01-03 23:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 17:01 - 2013-01-03 23:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 17:01 - 2013-01-03 23:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzprik9.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 20:01

==================== End Of Log ============================
--- --- ---

--- --- ---

Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by ******** at 2014-09-01 11:57:46
Running from C:\Users\********\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2008431854.48.56.38735082 - Audible, Inc.)
calibre (HKLM-x32\...\{35FF5DC5-A622-4055-A8BB-6D4F01AF6F57}) (Version: 1.22.0 - Kovid Goyal)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version:  - Microsoft)
DigitalPersona Personal 4.10 (HKLM\...\{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}) (Version: 4.10.3787 - DigitalPersona, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 3.5 - Gadwin Systems, Inc.)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3509 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3509 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.1.2125 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.1.2206 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3405 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2207 - Hewlett-Packard) Hidden
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6249.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Fireworks 8 (HKLM-x32\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mendeley Desktop 1.10.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.3 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mindjet MindManager Pro 7 Admin (HKLM-x32\...\{0CEF0F2F-649D-49B7-B449-6F7F6993682B}) (Version: 7.1.393 - Mindjet LLC)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6622 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
Private Tax 2012 2.5 (HKLM-x32\...\6753-7911-9438-6061) (Version: 2.5 - Information Factory AG)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (HKLM\...\{D7B11BA7-15D3-4E84-8974-20258D4A1701}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.403.44552 - Vodafone)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\InprocServer32 -> C:\ProgramData\Windows\msseedir.dll No File
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935208858-379123278-2216804909-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

04-08-2014 18:45:15 Windows Update
08-08-2014 18:55:17 Windows Update
12-08-2014 18:36:00 Windows Update
13-08-2014 15:08:16 Windows Update
18-08-2014 16:02:30 Windows Update
20-08-2014 18:20:43 Installed Vodafone Mobile Broadband.
21-08-2014 17:38:25 Windows Update
25-08-2014 18:26:29 Windows Update
28-08-2014 14:04:14 Windows Update
28-08-2014 17:41:27 Removed IBM SPSS Statistics 21.
31-08-2014 20:22:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02A20EC6-EAEA-403A-870E-D0393629487D} - System32\Tasks\{A1DF3D09-736C-4914-AB2E-8CE79209E26C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {077FC4A1-6CF5-4A3A-B380-851307A2C60E} - System32\Tasks\{BF11E9E6-D02B-40E4-BC82-6377304B6780} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsBing
Task: {1B11ED7B-ECC3-491B-B544-AFC748A59C43} - System32\Tasks\{EAA9CA33-A14D-4656-9707-0D9A94749A17} => Chrome.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {20915A44-6F60-40FD-861B-CE250588CF51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-02] (Adobe Systems Incorporated)
Task: {27DF1D33-2E48-46DC-B491-C54047D54BC0} - System32\Tasks\{63532596-9136-4C0E-AC41-F4557A4305F9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {2C0A65F6-91EC-4589-BCB8-AB24ADF054B6} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {45D52DCE-DB8B-46F5-ADAC-2DE9C4EA039F} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {4CE41520-BCED-471A-9CB1-A989999D8E2B} - System32\Tasks\{E2400E75-AA4B-4473-B34B-E57ECC135FA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.13.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {81EE4BF3-6E6B-4F0C-8BEF-BAA95AC3648B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {9B7F1278-4826-4B9C-B6D3-F96001BCE6BF} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {B4792AE0-26A2-41D3-9842-CFC03727BE54} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {E1866E37-7873-49DF-83CA-E894D86D8D44} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-06] (CyberLink)
Task: {F88B9876-1505-493F-B026-BEBBBD31DB5C} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 02:09 - 2013-04-04 02:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-09-04 14:35 - 2009-09-04 14:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-08-25 10:48 - 2009-08-25 10:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-01-09 15:31 - 2009-07-06 21:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-12-13 00:36 - 2013-12-13 00:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-09-01 10:37 - 2014-09-01 10:37 - 00043008 _____ () c:\users\********\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzprik9.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\********\AppData\Roaming\Dropbox\bin\libcef.dll
2007-12-13 18:19 - 2007-12-13 18:19 - 00115968 _____ () C:\Program Files (x86)\Mindjet\MindManager 7\zlib.dll
2010-07-13 02:28 - 2010-07-13 02:28 - 00856064 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 02:13 - 2010-07-13 02:13 - 00033792 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 02:15 - 2010-07-13 02:15 - 00233472 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 02:22 - 2010-07-13 02:22 - 00020480 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 22:23 - 2010-04-02 22:23 - 00815104 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 02:16 - 2010-07-13 02:16 - 00118784 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 02:22 - 2010-07-13 02:22 - 00009728 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 02:26 - 2010-07-13 02:26 - 00018432 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 02:15 - 2010-07-13 02:15 - 00010240 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00008704 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00028160 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 02:25 - 2010-07-13 02:25 - 00011776 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 21:44 - 2010-04-02 21:44 - 00086016 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 02:29 - 2010-07-13 02:29 - 00143360 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 02:10 - 2010-07-13 02:10 - 00172032 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-10-06 00:08 - 2009-10-06 00:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-07-23 08:21 - 2014-07-23 08:21 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 02:15 - 2010-12-21 02:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-07-10 13:08 - 2014-08-02 17:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 10:46:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x4e0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/31/2014 00:19:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/31/2014 00:18:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/31/2014 11:07:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (09/01/2014 10:37:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/31/2014 10:09:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/31/2014 10:09:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎31.‎08.‎2014 um 16:14:53 unerwartet heruntergefahren.

Error: (08/31/2014 03:32:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/31/2014 09:50:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/01/2014 10:46:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b4e001cfc5c0831777abC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll872e53d2-31b4-11e4-984f-002713a0bc74

Error: (08/31/2014 00:19:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/31/2014 00:18:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dllc:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dll9

Error: (08/31/2014 11:07:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dllc:\Users\********\Desktop\Studium\aufbaustudium\HS 2013\Psycho\rechnergestützte datenauswertung\R\r-3.1.0\Tcl\bin64\tk85.dll9


CodeIntegrity Errors:
===================================
  Date: 2013-03-11 20:29:55.788
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-11 20:29:55.632
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-11 20:22:57.836
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-11 20:22:57.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\********\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 52%
Total physical RAM: 4022.87 MB
Available physical RAM: 1893.76 MB
Total Pagefile: 8043.91 MB
Available Pagefile: 5653.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.89 GB) (Free:337.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.57 GB) (Free:3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive f: (My Disc) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 33EEF29C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

cosinus 01.09.2014 12:34
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Mrs. X 03.09.2014 13:38
Hier die Files... hat etwas gedauert, weil es mit ESET nicht ganz so prompt gelaufen ist wie erhofft.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.09.2014
Suchlauf-Zeit: 14:56:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.01.01
Rootkit Datenbank: v2014.08.21.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ********

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 384414
Verstrichene Zeit: 55 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a7e61b950aaa0b42af68322cb14b7930
# engine=19909
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-30 01:33:03
# local_time=2014-08-30 03:33:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 13446257 80695605 0 0
# scanned=329451
# found=36
# cleaned=0
# scan_time=56743
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=B761F6A793DEED25ED47FFA20FDB18C0F38B95E3 ft=1 fh=4129607c4cc3365f vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\setup.exe"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1092_4575\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1388_19922\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1564_5673\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir2624_13482\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3160_4761\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3648_6452\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4112_6747\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4176_2602\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4224_29684\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4472_26876\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4532_17778\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4548_8158\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4592_25034\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4672_32409\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4836_6675\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4916_28664\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4920_30494\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4940_22374\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4944_12422\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5020_27757\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5064_11544\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5476_1168\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5612_9771\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6032_4742\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6088_1187\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6704_20040\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir7140_11359\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir904_4043\extension.zip"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a7e61b950aaa0b42af68322cb14b7930
# engine=19918
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-30 07:44:16
# local_time=2014-08-30 09:44:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 13468530 80717878 0 0
# scanned=191077
# found=36
# cleaned=0
# scan_time=21601
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=B761F6A793DEED25ED47FFA20FDB18C0F38B95E3 ft=1 fh=4129607c4cc3365f vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\setup.exe"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1092_4575\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1388_19922\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1564_5673\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir2624_13482\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3160_4761\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3648_6452\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4112_6747\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4176_2602\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4224_29684\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4472_26876\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4532_17778\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4548_8158\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4592_25034\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4672_32409\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4836_6675\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4916_28664\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4920_30494\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4940_22374\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4944_12422\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5020_27757\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5064_11544\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5476_1168\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5612_9771\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6032_4742\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6088_1187\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6704_20040\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir7140_11359\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir904_4043\extension.zip"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a7e61b950aaa0b42af68322cb14b7930
# engine=19945
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-02 11:17:20
# local_time=2014-09-02 01:17:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 13697314 80946662 0 0
# scanned=179666
# found=36
# cleaned=0
# scan_time=71159
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=B761F6A793DEED25ED47FFA20FDB18C0F38B95E3 ft=1 fh=4129607c4cc3365f vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\********\AppData\Local\Temp\setup.exe.xBAD"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1092_4575\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1388_19922\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1564_5673\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir2624_13482\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3160_4761\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3648_6452\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4112_6747\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4176_2602\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4224_29684\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4472_26876\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4532_17778\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4548_8158\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4592_25034\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4672_32409\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4836_6675\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4916_28664\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4920_30494\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4940_22374\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4944_12422\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5020_27757\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5064_11544\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5476_1168\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5612_9771\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6032_4742\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6088_1187\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6704_20040\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir7140_11359\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir904_4043\extension.zip"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a7e61b950aaa0b42af68322cb14b7930
# engine=19960
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-03 06:25:46
# local_time=2014-09-03 08:25:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 13769820 81015568 0 0
# scanned=318157
# found=36
# cleaned=0
# scan_time=68786
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\********\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=B761F6A793DEED25ED47FFA20FDB18C0F38B95E3 ft=1 fh=4129607c4cc3365f vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\********\AppData\Local\Temp\setup.exe.xBAD"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1092_4575\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1388_19922\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir1564_5673\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir2624_13482\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3160_4761\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir3648_6452\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4112_6747\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4176_2602\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4224_29684\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4472_26876\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4532_17778\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4548_8158\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4592_25034\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4672_32409\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4836_6675\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4916_28664\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4920_30494\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4940_22374\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir4944_12422\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5020_27757\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5064_11544\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5476_1168\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir5612_9771\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6032_4742\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6088_1187\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir6704_20040\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir7140_11359\extension.zip"
sh=3DF2D41DDEF9C19A9E0321FE2EEDAD29E42BFF7A ft=0 fh=0000000000000000 vn="Win32/Theola.F Trojaner" ac=I fn="C:\Users\********\AppData\Local\Temp\scoped_dir904_4043\extension.zip"

cosinus 03.09.2014 13:40
Nur Reste und isolierte Dateien

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Mrs. X 05.09.2014 14:57
Guten Tag cosinus

Leider ist die Schrift und die dazugehörige Werbung (jawa) wie auch die Werbung, wenn ich mit dem Cursor auf ein nahezu x-beliebiges Bild fahre, mir trotz der TFC-"Behandlung" erhalten geblieben. Ist das normales Cookiezeugs und wird verschwinden, wenn ich mich durch die von dir empfohlenen Programme geklickt habe? Oder sind meine Sorgen berechtigt und es steckt mehr dahinter?

Beste Grüsse!

cosinus 05.09.2014 15:21
In welchem Browser? Nur in Firefox?

Mrs. X 05.09.2014 16:46
Ich habe mir auf deine Frage hin Safari runtergeladen. Dort tritt das Problem tatsächlich auch auf den in Firefox betroffenen Websites nicht auf...


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131